By: Dan Bremner
While usually in this space, I highlight some aspect of technology that could be useful in your business, or some news or advice to protect your company from hackers, today I'll try to shed light on the very
public showdown between the FBI and Apple regarding the FBI's demand that Apple write software for them to enable them to hack into an iPhone. The legal battle has split public opinion, with many members of the public backing the FBI, in part because the case deals with a terrorist attack, while most computer security professionals oppose the court's order.
There are many articles and blog posts that have been written about this, so you can find plenty more detail if you'd like to dig into this topic. My purpose here isn't to get into the complexities of encryption technology, but rather to summarize the main reasons that computer security folks are in agreement with Apple. I will also set straight some misinformation that I've seen published.
1. This isn't "Security vs. Privacy".
The FBI has framed the discussion in this way. They argue that allowing them to see if there is any useful non-encrypted data on this phone will make us more secure, and that those who oppose them are overly concerned with a "right to privacy." But it's a false argument. Achieving their goal of unlocking the iPhone of a dead terrorist won't necessarily make us more secure. It's possible, perhaps even likely that the phone will contain nothing useful, or even that any evidence on the phone will be further encrypted, since bad guys have known about and used encryption for years. But the existence of a known method to bypass iPhone security will inevitably make us all less secure.
2. There isn't a grey area with encryption security.
A system with an exploit that allows unauthorized access is no longer a secure system. Once there is a way to defeat the security Apple has designed into the iPhone, it has to be assumed that the hacking tool and/or the knowledge needed to create the hack will become widely known, despite all of Apple's and the FBI's best intentions. It will only be a matter of time before criminals, even terrorists or terrorist nations, have access to it, and use it to commit further crimes. This will have the ironic effect of making the world less secure, under the guise of advancing "security".
3. Other governments will demand the same accommodation from Apple.
If Apple does this for the US government, there will be a precedent and you can be sure the Chinese government will require the same access. Only they have a prior history of punishing citizens just for disagreeing with the government. Even if you assume the US government's motives are noble and pure, would it be a good idea to help China's government hunt down terrorists using the same rationale and technology? Might they use it for less noble purposes? For that matter, do you really trust that no one in the US government would abuse this power? Speaking of precedents...
4. Apple has not previously unlocked 70 iPhones for the government, as has been reported.
Apple has assisted law enforcement in the past, with a valid warrant or court order, to extract data from an iPhone. Prior to iOS 8, there was unencrypted data on the phone that could be read without the requirement of unlocking the phone. Since iOS 8, Apple has increased security and now all iPhone data is encrypted. What the FBI is now asking is for Apple to write software for them that would defeat the very security that Apple just beefed up. This software does not exist now, and Apple's argument (along with security experts) is that it shouldn't exist.
5. Couldn’t Apple create a hack, just for this one time, and then destroy it? Or cripple it, or make it so it would only work on this one iPhone?
No. This is a common counter-argument that is made against Apple's position. But to give the FBI what they want, Apple must develop a technique that, once created, could be used on many devices. If the FBI wins this case, there will certainly be more requests from law enforcement, so many that if Apple is compelled to do this again, many people would necessarily have access to this technique, and it would be trivial to modify whatever "security measure" would artificially tie it to a specific phone. As for creating it and then destroying it, first it would make no sense to do so. If the FBI wins, there will be more cases where this is required, so they wouldn’t start from scratch every time. Of course they will keep it on hand for the inevitable "next time." Even if this were truly a one-time only use, it's not so easy to destroy all copies of a digital file, as the music industry knows all too well.
Regardless of how you feel about this issue, it's an important conversation for us to have in a democracy, and probably something for our elected representatives to debate and create laws to cover. As of now the law the FBI is invoking wasn't written with any knowledge of computers or encryption, or electricity for that matter. It is a law that was passed when George Washington was president, and at the very least it's arguable whether it applies to this situation. I applaud Apple for bringing the issue to the public for discussion and debate, and I hope this summary helps, even though I've only scratched the surface.
You must be logged in to post a comment.