data privacy. - Legalnaija

Juvenile #EndBadGovernance# Protesters, Data Accuracy and the Consequences of a Weak Data Protection Framework by Olumide Babalola

by Legalnaija | Nov 2, 2024 | Blawg

Juvenile #EndBadGovernance# Protesters, Data Accuracy and the Consequences of a Weak Data Protection Framework | By Olumide Babalola

Introduction
On the 1st day of November 2024, the Nigerian social media space was greeted with sympathy-drawing, emotion-laden still and motion images of some Nigeria children (irrespective of their ages, they are still children to their parents) arraigned before the Federal High Court after about 80 days in detention. When one of them slumped from alleged symptoms of malnourishment and hunger, his age and competence to face trial became an issue so much that a leading counsel in the prosecution team openly declared that the defendants are not minors and that most of them are already married with children.

The extrajudicial vituperations from the public and counter-assertions from the prosecution raise a data protection issue around the accuracy of personal data – the defendants’ accurate ages as well as the prosecution’s statutory obligation as a data controller. I will briefly discuss this in the successive paragraphs but it must be quickly reiterated that criminal prosecutions are not wholly exempted from the coverage of the Nigeria Data Protection Act, 2023. For clarity, the exemption does not obliterate law enforcement agencies’ obligation to comply with principles of data protection (see section 3(2)(a) NDPA which clearly “excludes” principles from the exemptions.

Data accuracy in the context of the prosecution’s position
Accuracy – a cardinal principle of data protection imposes a duty on data controllers to ensure that personal data they process (i.e collect, use, store, share etc) are accurate and kept up to date. The Nigeria Data Protection Act 2023 (NDPA) specifically requests that such data must not be misleading (see section 24(1)(e). In the case at hand, the police and prosecution are the data controllers who are mandated to ensure that the defendants’ personal data collected and used for their prosecution are accurate and not misleading.

The prosecution team announced to the entire world that the defendants are not minors but a look at the charge sheet says otherwise. For the avoidance of doubt, on the charge sheet with number FHC/ABJ/CR/503/2024, Umar Musa is 15; Muhammadu Mustapha 16; Ibrahim Rabiu 16; Muhammed Musa 14 etc. Since these are the recorded ages of some of the defendants, then the prosecution’s position is misleading since these are still minors under Nigerian law.

Verification of Children’s data

Going by the recorded ages on the charge sheet, some of these defendants are still minors while others are not thereby raising another data protection query – How did the Police ascertain their ages? The NDPA mandates controllers to be circumspect when processing children’s data. The law requires controllers to apply appropriate mechanism to verify the ages of children before processing their data. (See section 31(2).

In the decision in Emen Akpan v The State (1999) LPELR (CA), the Court of Appeal reiterated the methods of verifying a defendant’s age including: birth certificate or other direct evidence as to the date of birth, and in the absence of such evidence, a certificate signed by a medical officer in the service of the Government giving his opinion as to such age. In this case, the prosecution has curiously fixed the ages of the children without any identifiable mechanism for verifying their ages – this comes with a barrage of privacy and data protection consequences.

Consequence of inaccurate data
The prosecution’s careless and somewhat erroneous arrogation of inaccurate ages to the defendants has many legal implications touching on the latter’s rights, freedom, mode of trial, safeguards and other entitlements. For the sake of argument, assuming the ages of all defendants are rightly recorded as minors, then the choice of court ought to be different i.e they should all have been charged at the juvenile court. Perhaps, they would not also have been remanded in the regular prisons. Ultimately, they would not also be subjected to full trial of the offence alleged.

In conclusion, the failure of the police to verify the ages of children arraigned in court underscores a critical gap in Nigeria’s data protection framework. This lapse can be directly linked to the systemic issues plaguing the Nigeria Data Protection Commission, including inadequate funding, the prolonged omission to appoint governing council members, and the lack of harmonization among the various data registries in the country. These deficiencies not only hinder the effective enforcement of data protection laws but also compromise the rights and welfare of vulnerable populations, particularly children. To address these challenges, it is imperative for the government to prioritize the funding and operationalization of the data protection regulator, ensuring that it can independently and effectively oversee compliance and promote a culture of accountability in data management practices. Without these foundational steps, the integrity of the judicial process and the protection of citizens’ rights remain at significant risk.

Data Privacy and Protection under the Nigerian Law – Francis Ololuo

by Legalnaija | Mar 26, 2020 | Uncategorized

Introduction

The 21^st century,
commonly dubbed “the information age” with its greatest invention, the
internet, has brought about fast and easy dispensation of personal information
or data. With an estimated 2.96 billion social media users worldwide, social
media is the greatest accomplice to the speedy dispensation of personal
information around the world.[2] Virtually everybody on the planet has
their personal data i.e., name, address, pictures, email address, bank details,
or medical information online. These data reveal sensitive personal information
that can be exploited to harm users unscrupulously for economic gain. Thus, it
is has become important to protect these data and regulate the way data is
used. One should be able to decide whether or not they want to share some
information, who has access to it, for how long, for what reason and to be able
to modify some of this information, if necessary.[3]

The information age has seen
data exchange become a common feature and an integral part of commercial
transactions. Considering that five of the six largest companies in the world
(Apple, Microsoft, Amazon, Google and Facebook) deal in data and profit off
processing the data of its consumers,[4] it has become imperative to regulate how
that vast amount of personally identifiable data is managed. For instance, the
Google-owned YouTube’s algorithm feeds off personal data (e.g. user
information, likes, searches, etc.) to suggest what videos users may like or
find interesting.

1.
“Knowledge is power, information is
power.”

1.1
This statement by Robin Morgan became more glaring and profound in the light of
the Facebook-Cambridge Analytica Data Privacy Scandal [5] that shook the world in 2018. Here,
Cambridge Analytica, a political consulting and strategic communication firm
was found to have illicitly collected the personal data and information of
about 87 million Facebook users without their consent for political advertising
purposes (especially in the run-up to the 2016 US Presidential elections). This
scandal amongst other previous data privacy breaches [6] signaled the urgent need to protect
personal data. It prompted the immediate implementation of the EU General Data
Protection Regulation (GDPR)[7] in 2018.

1.2
In similar vein, Nigeria has had its own fair share of data privacy breaches.
Notably, the recent case between NITDA [8] and TrueCaller (2019) as well as the case
involving MTN Nigeria Communications Ltd v Barr. Godfrey Eneye (2013) are a few
instances.[9] Data protection is becoming a risk issue
discussed at negotiation stages between companies in different jurisdictions
and data protection has become a tool to encourage confidence in businesses. In
essence, it is important that companies and persons in Nigeria know the laws
governing Data Privacy and Protection in Nigeria and the scope of rights,
duties and responsibilities available to them.

2.
The Legal Framework of Data Privacy and
Protection Laws in Nigeria

Although Nigeria does not
have a specific statute regulating Data Privacy and protection, the NITDA
commendably came up with the Nigeria Data Protection Regulations (NDPR) in 2019
which specifically addresses Data Privacy and Protection in Nigeria. Asides
from the NDPR, there are other laws which touch on Data Privacy and Protection
in Nigeria, which are briefly highlighted below.

3.
The Constitution [10]

Section 37 of Nigeria’s 1999
constitution forms the foundation of data privacy rights and protection in
Nigeria. Section 37 guarantees and protects the right of Nigerians to privacy
with respect to their homes, correspondence, telephone conversations and telegraphic
communications. It deems Privacy in this respect a fundamental right which is
enforceable in a court of law when breached. Prior to the NDPR, most cases of
data privacy breaches were enforced under this section.[11]

4.
The Nigeria Data Protection Regulation
(NDPR) 2019 [12]

Albeit a subsidiary
legislation, the NDPR is the major law specifically aimed at addressing data
privacy and protection in Nigeria. The regulation was issued by the National
Information Technology Development Agency (NITDA) in 2019 to comprehensively
regulate and control the use of data in Nigeria.[13] A copycat of the EU GDPR, the
regulation touches on principles of data processing, the requirement of Data
Compliance Officers, requirement of data subject’s consent for collecting and
processing data, requirements for international transfers of data and rights of
data subjects, inter alia. It also prescribes penalty for non-compliance
with the regulation. [14]

5.
The NCC Consumer Code of Practice
Regulation 2007 [15]

Part VI of the Nigerian
Communications Commission (NCC) regulation, generally deals with the protection
of consumers’ data in the telecoms sector. Reg. 35 requires all licensees to
take reasonable steps to protect the information of their customers against
improper or accidental disclosures. It prescribes that licensees shall not
transfer this information to a third party except as permitted by the consumer
or commission or by other applicable laws or regulation. Data collected by the
licensee must be such that is reasonably required for business purposes and not
to be kept for longer than necessary. This law extends not only to electronic
or written data but also to verbal data recorded by the licensee.[16] It also provides for notification of the
consumer of the use and disclosure of data obtained from them.

6.
The NCC Registration of Telephone
Subscribers Regulation 2011 [17]

Regulation 9 and 10 of the
NCC Registration of Telephone Subscribers Regulation 2011, deals with the data
privacy and protection of subscribers. It provides for confidentiality of
personal information of subscribers stored in the central database or a
licensee’s database.[18] It also provides that these information
shall not be released to a third party nor transferred outside Nigeria without
the prior written consent of the subscriber and commission, respectively. This
regulation also regards the information stored in the Central Database as the
property of the federal government of Nigeria.[19]

7.
The Freedom of Information Act 2011 [20]

Section 14 of the Freedom of
Information Act protects personal data. It restricts the disclosure of
information which contains personal information by public institutions except
where the involved data subject consents to its disclosure or where the
information is publicly available. The Act also provides that a public
institution may deny the application for disclosure of information that is
deemed privileged by law (e.g. Attorney-client privilege, doctor-client privilege).

8.
The Cybercrimes (Prohibition,
Prevention, etc.) Act 2015 [21]

The Cybercrimes
(Prohibition, Prevention, etc.) Act, Nigeria’s foremost law on cybercrimes
criminalizes data privacy breaches. Generally, this Act prohibits, prevents and
punishes cybercrimes in Nigeria. It prescribes that anyone or service provider
in possession of any person’s personal data shall take appropriate measures to
safeguard such data. [22]

9.
The Child Rights Act 2003 [23]

The Child Rights Act
protects the privacy rights of children.[24] The Act protects and guarantees
the right of every child to privacy, family life, home, correspondence,
telephone conversation and telegraphic communications subject to the
supervision or control of the parents or guardians.[25]

10. The
Consumer Protection Framework 2016 [26]

The Central Bank of
Nigeria’s Consumer Protection Framework prohibits financial institutions from
disclosing the personal information of their customers. It also ensures that
these financial institutions take appropriate measures to safeguard customers’
data and necessitates the prior written consent of their customers before
sharing these data with anyone.

11. The
National Identity Management Commission (NIMC) Act 2007 [27]

Section 26 of this Act
requires the approval of the Commission before a corporate body or anybody can
have access to data stored in their database. The Act also empowers the NIMC to
collect, collate and process data of Nigerian citizens and residents.

12. The
National Health Act (NHA)2014 [28]

The NHA which regulates
health users and healthcare personnel restricts the disclosure of the personal
information of users of health services in their records. It also ensures that
healthcare providers take the necessary steps to safeguard such data.

13. The
Federal Competition and Consumer Protection Act 2019 [29]

This Act stipulates that the
Federal Competition and Consumer Commission shall ensure that business secrets
of all parties concerned in investigations conducted by it are adequately
protected during all stages of the investigation or inquiry.[30]

14. Case
Laws

Just like many other common
law jurisdictions, judicial decisions are an integral source of law in Nigeria
and although, very few, there are court decisions on data privacy and
protection. Some of these include the cases of Godfrey Nya Eneye v MTN
Nigeria Communication Ltd [31] and Barr. Ezugwu Anene v Airtel
Nigeria Ltd.[32] In the former case, the court held that
the unauthorized disclosure of the claimant’s mobile phone number by his
telecommunications service provider (the defendant) and subsequent unsolicited
text messages he received from unknown third parties were violations of his
constitutional right to privacy. A similar verdict was given in the latter
case. Both claimants were awarded damages of N5,000,000 (five million naira),
respectively.

15. Conclusion

15.1
It is laudable that Nigerian authorities through their laws and various
regulations are taking bold steps to protect the personal data of her citizens.
However, despite the array of laws and regulations on data privacy and protection,
the only law that specifically and comprehensively deals with this phenomenon
is the recently announced NDPR by NITDA.

15.2
Prior to the NDPR, most laws on data privacy and protection in Nigeria were
industry specific. For instance, the various NCC regulations protect consumers
in the telecommunications sector; the provisions in the Child Rights Act
protects persons under the age of 18 and the Freedom of Information Act
protects personal data in records of public institutions. Therefore, the
establishment of a data privacy and protection law in the form of the NDPR that
transcends industries and category of persons is highly commendable.

15.3
The quick implementation and enforcement of the NDPR by NITDA has shown its
seriousness in ensuring compliance with data privacy and protection laws by
data controllers and processors in Nigeria. [33] Another evidence of this is the current
investigation of TrueCaller by NITDA for data privacy breaches [34] alongside the recent investigation of
the Lagos Internal Revenue Service (LIRS) for publishing some Lagos State
taxpayers’ personal information on its website.[35] The establishment of the NDPR and the
activities of NITDA have also helped create awareness about data privacy and
protection amongst Nigerians.

15.4
Despite being a huge step in the right direction, the NDPR is not without
criticism. The regulation solely “applies to all transactions intended for the
processing of personal data and to actual processing of personal data…
and to natural persons residing in Nigeria or residing outside Nigeria
but of Nigerian descent.”[36] The NDPR applying solely to personal
data and natural persons means the regulation excludes other forms
of data and corporate organisations respectively.

15.5
Furthermore, some quarters believe the NDPR being a regulation and not a
statute enacted by the National Assembly lacks the requisite force of law
sufficient for addressing such an important subject. Some also believe the NITDA
is not empowered by law within the ambit of Section 6 of the NITDA Act to make
such a regulation.

15.6
Nonetheless, Nigeria is one of the few countries that can boast of having data
privacy and protection laws in the world.[37] It is thus apparent the country is
heading in the right direction although there is still room for improvement.

_________________________________________________________________

For further information on
this article and area of law, please contact

Francis Ololuo at:
S. P. A. Ajibade & Co., Lagos by

Telephone (+234.1.270.3009;
+234.1.4605091-2)

Mobile (+2348112491286) or

Email
(fololuo@spaajibade.com).

www.spaajibade.com

[1]
Francis Ololuo, Associate Intern Intellectual Property & Technology Law
Department, SPA Ajibade & Co., Lagos, Nigeria.

[2]
https://www.statista.com/statistics/278414/number-of-worldwide-social-network-users/accessed
on January 20, 2020.

[3]
Estelle Masse “Data Protection: Why it matters and how to
protect it” (January 25, 2018) available online at: https://www.accessnow.org/data-protection-matters-protect/accessed
on January 20, 2020.

[4]
https://www.statista.com/statistics/263264/top-companies-in-the-world-by-market-value/
accessed on January 20, 2020.

[5]
“Facebook data privacy scandal: A cheat sheet” by James
Sanders and Dan Patterson (July 24, 2019) available online at: https://www.techrepublic.com/article/facebook-data-privacy-scandal-a-cheat-sheet/
accessed on January 20, 2020.

[6]
For instance, in 2014 the personal information of over
3billion Yahoo users was unlawfully accessed by hackers – CNN Business: “Every
Single Yahoo Account was Hacked – 3 Billion in all” (October 4, 2017)
available online at https://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html/
accessed on 4^TH February, 2020

[7]
The European Union General Data Protection Regulation
2016/679 is the EU’s major law on Data Protection and Privacy is aimed at
protecting natural persons within the EU with respect to the processing of
personal data and on the transfer of such data outside the EU.

[8]
National Information Technology Development Agency (NITDA)
is Nigeria’s foremost agency responsible for regulating data privacy and
protection in Nigeria.

[9]
CA/A/689/2013 (Unreported).

[10]
The Constitution of the Federal Republic of Nigeria 1999 (as
amended). Act No. 24, 5 May 1999.

[11]
See the case of Barr. Ezugwu Emmanuel Anene v. Airtel Nigeria Ltd,
Suit No: FCT/HC/CV/545/2015 (Unreported).

[12]
A regulation made by the NITDA pursuant to Section 6 of the NITDA
Act. Available on https://nitda.gov.ng/wp-content/uploads/2019/01/NigeriaDataProtectionRegulation.pdf
accessed on 27th January, 2020.

[13]
NITDA is empowered by section 6(a) of the NITDA Act (2007) “to create a
framework for the planning, research…evaluation and regulation of Information
Technology practices, activities and systems in Nigeria.”.

[14]
For a review of the NDPR, see “Data Protection Regulation 2019 –
The New Law” by Yimika Ketiku and Dolapo Bolu, available online at: http://www.spaajibade.com/resources/data-protection-regulation-2019-the-new-law-yimika-ketiku-and-dolapo-bolu/
accessed on January 20, 2020.

[15]
Nigerian Communications Act 2003, Federal Republic of Nigeria
Official Gazette No. 87 (10^th July, 2007) Vol. 94.

[16]
Regulation 35(3), CPC 2007.

[17]
Federal Republic of Nigeria Official Gazette No. 101 (7th November
2011) Vol. 98.

[18]
Regulation 9(2).

[19]
Regulation 5.

[20]
Federal Republic of Nigeria Official Gazette (28^th May)
Vol.98. Available on https://www.cbn.gov.ng/FOI/Freedom%20Of%20Information%20Act.pdf
accessed on 28^th January, 2020.

[21]
Federal Republic of Nigeria Official Gazette (15^th May)
Vol. 102. Available on https://cert.gov.ng/ngcert/resources/CyberCrime__Prohibition_Prevention_etc__Act__2015.pdf
accessed on 28th January, 2020.

[22]
Section 21.

[23]
Child’s Rights Act No 26 of 2003 (Federal Republic of Nigeria
Official Gazette No 26, Vol.90). Available on https://www.refworld.org/pdfid/5568201f4.pdf
accessed on 28^th January, 2020.

[24]
persons under the age of 18.

[25]
Section 8.

[26]
Pursuant to its powers under section 2(a) and 33(1)(b) of the CBN
Act 2007, the CBN released the Consumer Protection Framework 2016 on 7^th
November 2016. Available on https://www.cbn.gov.ng/out/2016/cfpd/consumer%20protection%20framework%20
(final).pdf accessed on 28^th January, 2020.

[27]
National Identity Management Commission Act No 23 of 2007 (Federal
Republic of Nigeria Official Gazette No 23, Vol. 94). Available on https://www.nimc.gov.ng/docs/reports/nimc_act.pdf
accessed on 28^th January, 2020.

[28]
Federal Republic of Nigeria Official Gazette No. 145 (27^th
October, 2014) Vol. 101.

[29]
Federal Republic of Nigeria Official Gazette No 18 (1^st
February 2019) Vol. 106. http://fccpc.gov.ng/uploads/FCCPA%202019.pdf
accessed on 28^th January, 2020.

[30]
Section 34(6).

[31]
Appeal No: CA/A/689/2013 (Unreported).

[32]
Suit No: FCT/HC/CV/545/2015 (Unreported).

[33]
In December 2019, NITDA threatened to issue a Notice of Non-compliance and to
publish the names of companies that default in filing their Initial Data
Protection Audit Report within the prescribed timeline. See https://andersentax.ng/nitda-to-issue-non-compliance-notices-to-defaulting-
organizations/, accessed on 30^th January, 2020.

[34]
Wole Olayinka “The People v Big Tech: Nigerian takes TrueCaller to
Court for Alleged Violation of Privacy Rights” 30^th September 2019 https://techcabal.com/2019/09/30/the-people-v-big-tech-nigerian-takes-truecaller-to-court-for-alleged-violation-of-privacy-rights/
accessed on 30^th January,2020.

[35]
James Kwen “NITDA says LIRS breaches Nigeria Data Protection
Regulation” 27^th December, 2019 https://businessday.ng/news/article/nitda-says-lirs-breaches-nigeria-data-protection-regulation/
accessed on 30^th January, 2020.

[36]
Article 1.2 of the NDPR 2019.

[37]
Other countries/regions include the EU, Canada, Brazil, China,
Angola, Argentina, Australia and Cape Verde.

First published here

Duty of service providers to reveal customer information

by Legalnaija | Nov 29, 2016 | Uncategorized

The right of individuals
to protect their data is very sacred and fundamental. Section 37 of the 1999
Nigerian Constitution provides that; “the privacy of citizens, their
homes, correspondence, telephone conversations and telegraphic communications
is hereby guaranteed and protected”.

The Nigerian Communications
Commission also provides
that all licensees must take reasonable steps to protect customer information
against “improper or accidental disclosure” and must ensure that such
information is securely stored. It also provides that customer information must
“not be transferred to any party except as otherwise permitted or required by
other applicable laws or regulations”.

This right is however constantly at logger
heads with government intrusion, as governments and security agencies are always
looking for ways to collect, intercept and interpret user data for security and
administrative reasons.

An international
illustration was the legal battle between mobile phone giant, Apple and the U.S
government, when Apple refused to help F.B.I investigators gain access to an
iPhone used by Syed Rizwan Farook in the December, 2015, mass shooting in San
Bernardino, Calif. Apple argued, that such access could create a permanent way
to bypass iPhone password protection for law enforcement officials or even the
spy agencies of other countries[i].

Sadly, if the above
scenario were to play out in Nigeria, the outcome may not have been as eventful
as the Apple case, as service providers in Nigeria usually cooperate with
directives from security agencies to give out customer user information and
data. This is as a result of the provisions of the Cybercrimes Act, 2015 which
mandates the service providers to do so.

Does this mean all user
data are not protected? Certainly not. User information is protected in-line with
the fundamental right to privacy under the Nigerian Constitution. However, does
this mean all user data is accessible by security agencies in Nigeria? The
answer is yes.

By virtue of Section 38 of
the Cybercrimes Act, 2015, service providers are mandated to keep all traffic
data and subscriber information as may be prescribed by relevant authority, for
a period of 2 years. Furthermore, service providers shall, at the request of
the relevant authority or any law enforcement agency preserve, hold or retain
any traffic data, subscriber information, non-content information, and content
data; and release any such information upon request. It is worthy of note that the law prescribes
that any person who contravenes the above mentioned law shall be liable to 3
years imprisonment or fine of up to N7,000,000 (Seven Million Naira) or both.

Section 39, also empowers
security agencies by virtue of a court order, to request that electronic
communications of service users be intercepted, collected or recorded. The
above makes it clear that security agencies most likely have unbridled access
to customer information in Nigeria and if Mr. Syed Rizwan Farook had been in Nigeria,
the service providers will most likely have handed his information on a platter
to the FBI.

As seen in Section 40 of
the Cybercrimes Act, service providers have a duty to disclose information
requested by any law enforcement agency or otherwise render assistance
howsoever in any inquiry or proceeding under this Act. Such duties include –

(a) the identification, apprehension and prosecution of
offenders;

(b)
the identification, tracking and tracing of proceeds of any offence or any property,
equipment or device used in the commission of any offence; or

(c)
the freezing, removal, erasure or cancellation of the services of the offender which
enables the offender to either commit the offence, hide or preserve the proceeds
of any offence or any property, equipment or device used in the commission of
the offence.

Any service provider who
contravenes these provisions commits an offence and shall be liable on conviction
to a fine of not more than N10,000,000.00.
Also, each director, manager or officer of the service provider shall be liable
on conviction to imprisonment for a term of not more than 3 years or a fine of
not more than N7,000,000.00 or to both
such fine and imprisonment. With such stringent statutory provisions of the
law, hardly will any service provider put up a fight in Nigeria as Apple did in
the US.

In Conclusion, the court
held in FRN V. DANIEL, (2011) LPELR-4152(CA); that –

“Undoubtedly, by virtue of the provision of
section 37 of the 1999 constitution, the privacy of every Nigerian Citizen, the
home, correspondence, telephonic and other telegraphic communications are
cherishingly guaranteed and protected. However, notwithstanding the provision
of section 37 (supra), section 45(1) of the 1999 constitution has provided in
unequivocal terms that nothing in sections 37, 38, 39, 40 and 41 thereof shall
invalidate what appears to be reasonably justifiable in a democratic society –

(a) in the interest of defence, public safety,
public order, public morality or public health; or

(b) for the purpose of protecting the rights and
freedom of other persons.”

Adedunmade Onibokun, Esq.

Adedunmade is the Principal
Partner of Adedunmade Onibokun & Co., a corporate commercial law firm
located in Lagos, Nigeria. He can be reached via dunmadeo@yahoo.com and www.adedunmadeonibokun.com

[i] ^{^[i]} New York
Times. (2016). Breaking Down Apple’s iPhone Fight With the U.S. Government.
Available:
http://www.nytimes.com/interactive/2016/03/03/technology/apple-iphone-fbi-fight-explained.html?_r=0.
Last accessed 29th November, 2016.