Iesha Javed

Apple Vs FBI (Case Study) Abstract: The Apple-FBI conflict is a classic example of an ethical conflict between multiple stakeholders, each competing to prove their view point to be the ethical standard of conduct, and seeking to back it with legal justifications. A number of questions that arise when discussing the conflict and their implications for the IT industry, its project management sector in particular and a customer’s right to privacy in the post-modern era have been discussed here. In order to provide a holistic view of the conflict, an unbiased view of the interests of all parties has been provided along with a discussion of pressing questions such as whether it is ethical to force a service provider to comply with security agencies in disclosing customer information, whether withholding sensitive information in the name of the right of privacy is unethical and how such ethical conflicts can be avoided in the future. The Project management field faces multifaceted ethical issues just like any other professional area of expertise. Generally these issues revolve around workers rights violations, ignoring safety standards, shady deals1 etc. However, in IT project management more specific issues such as the access to confidential data about individuals and companies from network systems and its misuse, black hat hacking, infringing on customer privacy rights by disclosing sensitive information, spying on clients, misusing key loggers and screen capture software, creating unnecessary panic about viruses and cyber criminals to make customers purchase security solutions, to name a few, form the core2. However, as is the case with all ethical systems, nothing is written in stone and facts aren’t always black and white. There are several grey areas in professional ethics particularly project management ethics and the body of principles governing ethical conduct are shaped by divergent worldviews, cultural norms, social influences, legal ramifications and philosophical axioms3. As a result of which the many stakeholders in a certain case might hold absolutely divergent standpoints to be ethical, thus creating a real-life ethical dilemma4. The Apple-FBI conflict5 is a classic example of an ethical conflict between multiple stakeholders, each competing to prove their view point to be the ethical standard of conduct, and seeking to back it with legal justifications. While Apple saw the issue as one of protecting customer privacy and non-disclosure of personal information in line with their ethical policy, the FBI resorted to legal authority to force Apple to comply with its demands for creating a back door into an iphone that was allegedly used for terrorist acts and decrypting which could disclose valuable information about the attackers’ motives and modus-operandi6. The conflict started when an iphone was retrieved as evidence from the site of the 2015 San Bernardino Attack. The phone was established to be a company phone given to one of the alleged attackers, Syed Rizwan Farook. Consequently the FBI asked Apple to help decrypt the phone in order to retrieve information that could help solve the case. But citing customer privacy policy Apple refused to comply. Apple also said it would set a precedent for other companies to do the same. Following this the FBI filed for a legal order asking Apple to assist in creating a back door to the phone. The court of law directed Apple to comply but later FBI withdrew the case against Apple when a third party, Cellebrite, came into the conflict and offered FBI another settlement option after which the security agency managed to break into the iphone. A number of ethical questions arise. Was it ethically more important to protect the data on an iphone or to provide access to information that could help track down terrorists and perhaps save thousands of lives? If Apple was just doing its duty by respecting customer privacy, was it ethical for the FBI to force Apple to comply? If Apple would compromise confidential information held on a customer’s phone for any other reasons, they would have faced legal consequences. So do security agencies have authority to twist the law as per their convenience? Is it even ethical for security agencies to spy on citizens or retrieve their personal information on the pretext of preventing terrorism? In all this, what about customer’s right to privacy? Isn’t that the basic reason why people use phones for private conversations? If that basic right is no longer fulfilled, then they are paying for a promise that no one is ready to fulfil. Can iphone users suit the FBI for the iphone security breach? Can Apple suit FBI for the breach? Was it ethical for the other company to come into the matter and offer to breach the iphone? Can Apple suit the other company for this breach? The problems are multifaceted and only the most pressing concerns shall be addressed here. In his open letter to customers Apple CEO stated that “The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand. This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake”7. But was the right to privacy really at stake? The unwavering stand that Apple took in the case has also been seen by some as a part of a larger PR campaign to instil the belief that Apple is highly committed to maintaining highest standards of ethics. For instance, earlier in the 2015 Supplier Progress report, it was stressed that the company saw ethical responsibility as the means to make great products8. The same document also detailed the audit process that takes place during on-site inspections as thus: “Apple conducts physical inspections, reviews documents, and interviews workers in their native languages, without their managers present. Afterward, workers are given a phone number, so they have the opportunity to securely and confidentially provide additional feedback about a facility to our team, including anything they consider to be unethical behaviour. We encourage workers to report any retaliation to us, and we follow up with all suppliers to address each reported issue”9.Thus, it is evident that the company is quite keen in establishing an image as an ethically responsible company. Further, it begs to question, as to what other motives could Apple have in its refusal to comply with the FBI directive for decrypting the information held on a phone allegedly used for terrorism? It could be argued that wilfully refusing to hand over information that poses potential danger to thousands of lives in itself is highly unethical. While in the past several mobile phone manufacturers have complied with directions to decrypt information in order to aid security agencies, it could be argued in total contrast to Apple’s argument that by NOT providing the information the FBI needed to solve a case of terrorism the mobile company set a dangerous precedent whereby in the future other such companies would display non-compliance with security agencies, thus putting several lives at risk. Further, it can be questioned as to whether Apple can take recourse to hiding behind the Customer privacy policy at all or whether it is bound by duty to cooperate with security agencies in maintain general public welfare. A look at US Case Law, even in the pre-IT era reveals that instances where petitioners sought to hide behind the right of privacy law of the 4th Amendment, failed to win the confidence of the jury. In Katz V/S United States, the petitioner challenged the charge that was placed on him for transmitting wagering information over telephone on the grounds that the FBI agents who had attached an electronic recording device to the outside of the public telephone booth from which he had placed calls, had violated his right to privacy otherwise guaranteed by the Fourth Amendment. In his petition the petitioner claimed that the phone booth was a constitutionally protected area and that his privacy had indeed been violated. However the court declined his petition as the Fourth Amendment cannot be translated into a general constitutional "right to privacy" but only protects individual privacy against certain kinds of governmental intrusion. Further, the Fourth Amendment protects people, not places. “What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection”10. In another interesting legal case, Smith v/s Maryland, the petitioner registered a case against state authorities on the grounds that the use of a pen register to intercept the calls he made from his telephone was a violation of his right to privacy. Investigations revealed that he was allegedly guilty of robbery followed by threatening phone calls that he made to a Patricia McDonough, for which the police had intercepted his calls using a pen register. The petitioner sought the information collected by the authorities to be suppressed on the grounds that they had obtained it without a prior warrant. However the court upheld his conviction on the basis that "there is no constitutionally protected reasonable expectation of privacy in the numbers dialed into a telephone system and hence no search within the fourth amendment is implicated by the use of a pen register installed at the central offices of the telephone company"11.  Some analysts have demonstrated that the refusal seems to be more of a publicity stunt on Apple’s part in order to win customers’ confidence by instilling a positive public perception about its customer privacy policy and the non-disclosure of personal information held on its manufactured devices. Also worth mentioning is that Apple had in the past come in bad light12 after reports suggested that Apple had failed to meet standards on a number of ethical issues such as failing to meet safety standards for its workers13, child labour issues14 and privacy of information issues. In conclusion, it seems to be more of an issue of lack of standard ethical principles for the IT industry than a typical ethical dilemma. Formulating specific guidelines and ethical principles can help prevent such issues and conflicts of interest. Various principles of general ethical conduct derived from workable philosophical systems such as the Kantian duty ethics, Bentham’s Utilitarian ethics, Stuart Mills ethical philosophy and contemporary holistic worldviews can hold the key to formulating a more robust and practicable ethical philosophy for the IT industry, particularly its project management sector. The Association for Computer Machinery (ACM) Code of Ethics15 is one such attempt at codifying a common ethics for the IT industry and can solve many an ethical issue without allowing it to metastasize into a full blown legal conflict.