![Page 1: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/1.jpg)
joaoferreirapinto/pt
IAPP
Lisbon Chapter_KnowledgeNet
João Ferreira Pinto
Lawyer | JFP & Associados
Master | Cyberspace Law and Info. Security (IST)
#CDAYS2016
APPLE vs FBI
(Encryption dispute case study)
![Page 2: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/2.jpg)
#APPLEvsFBI
encryption dispute
case study
USA | 2016
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016
![Page 3: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/3.jpg)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.02 | San Bernardino | California (USA) (Mass shooting & attempted bombing)
14 killed 22 severely injured
![Page 4: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/4.jpg)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.02 | San Bernardino | California (USA)
![Page 5: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/5.jpg)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.02 | San Bernardino | California (USA)
![Page 6: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/6.jpg)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.02 | San Bernardino | California (USA)
![Page 7: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/7.jpg)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.06 | “Act of terrorism” (President Barack Obama)
![Page 8: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/8.jpg)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.02 | San Bernardino | California (USA)
![Page 9: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/9.jpg)
iPhone 5C (iOS 8)
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
![Page 10: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/10.jpg)
iCloud
(Oct. 2015)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
![Page 11: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/11.jpg)
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
![Page 12: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/12.jpg)
.APPLE vs. FBI | encryption dispute case study.
© João Ferreira Pinto. #CDays2016
![Page 13: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/13.jpg)
#APPLEvsFBI
“the case”
(2015/2016)
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016
![Page 14: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/14.jpg)
• “Backdoor”
• Tool to circumvent the feature that deletes all of the information on the phone after 10 failed password attempts
• No backdoor-friendly legislation
• All Writs Act “AWA” (1789)
• Precedent “United States v. New York Telephone Co” (illegal gambling) (1977)
Legal
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
Public Opinion
• Terrorism (after 09/11/2001)
• False duality: privacy vs security: “We have awesome new technology that creates a serious tension between two values we all treasure: privacy and safety. That tension should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living.”
Federal Bureau of Investigation
![Page 15: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/15.jpg)
• AWA - Fullfillment of 4 conditions:1. Absence of alternative remedies or
judicial tools2. An independent basis for
jurisdiction—the act authorizes writs in aid of jurisdiction, doesn´t creates any federal subject-matter jurisdiction.
3. Writ necessary/appropriate to the particular case
4. The writ must be "agreeable to the usages and principles of law (not an “unreasonably burdensome”)
• Costly
Legal
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
Public Opinion
• Public brand marketing - there´s no trade-off: security & privacy are not mutually exclusive (FaQs)
• Civil liberties (mass surveillance): encryption is about privacy and public safety
• The precedent isn’t to unlock one phone (eg MSFT/Google/Facebook)
• Dangerous:a) Hackers/criminals/terrorists b) Russia/China
APPLE
![Page 16: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/16.jpg)
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
![Page 17: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/17.jpg)
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
![Page 18: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/18.jpg)
#APPLEvsFBI
Mass surveillance?
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016
![Page 19: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/19.jpg)
MASS SURVEILLANCE?
(PRISM Program)
Snowden
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
![Page 20: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/20.jpg)
European Union - (6 Oct. 2015):
Case C-362/14 | Max. Schrems / Data Protection Commissioner
• Articles 7, 8 and 47 of the Charter of Fundamental Rights of the EU (…) must be interpreted on the adequacy of the protection provided by the safe harbour privacy principles (…) the law and practices in force in the third country do not ensure an adequate level of protection.
• Decision 2000/520/EC, of 26 July (Safe Harbour) - Transfer of personal data to the United States - Inadequate level of protection - is invalid
MASS SURVEILLANCE?
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
![Page 21: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/21.jpg)
#APPLEvsFBI
Privacy by Design
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016
![Page 22: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/22.jpg)
Principle 4: FULL FUNCIONALITY | POSITIVE SUM
• Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made.
• Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is possible, and far more desirable, to have both.
PRIVACY BY DESIGN (ANN CAVOUKIAN)
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
![Page 23: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/23.jpg)
#APPLEvsFBI
GDPR (2018)
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016
![Page 24: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/24.jpg)
PRIVACY BY DESIGN / PRIVACY BY DEFAULT
• Each new service or business process that makes use of personal data must take the protection of such data into consideration, during the whole life cycle of the system or process development.
GENERAL DATA PROTECTION REGULATION | GDPR
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
![Page 25: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/25.jpg)
PRIVACY BY DESIGN / PRIVACY BY DEFAULT
• (…) require that appropriate technical and organisational measures be taken to ensure that the requirements of this Regulation are met (recital 78)
• the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisationalmeasures, such as pseudonymisation (…), such as data minimization … (article 25)
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
GENERAL DATA PROTECTION REGULATION | GDPR
![Page 26: Linkedin - Centro Nacional de Cibersegurança · Linkedin joaoferreirapinto/pt IAPP ... • Public brand marketing - there´s no ... (PRISM Program) Snowden APPLE vs. FBI](https://reader034.vdocuments.site/reader034/viewer/2022051800/5ad69b557f8b9aff228e85d0/html5/thumbnails/26.jpg)
#APPLEvsFBI
WINNERS?
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016