The other night, I was asked to give my brief comments on NBC regarding this security encryption legal fiasco that has pitted Apple against the FBI. I was only given a few seconds to comment so I wanted to elaborate more on some details here. Since this story is about technical security and privacy as much as it’s about legal ramifications and government oversight, I will try to deal with the technical facts primarily and use the legal and government issues as a backdrop since cybersecurity is my specialty and not constitutional law.
So this is not a privacy issue but that doesn’t mean it could not become a privacy issue for all of us.
The device in question is an iPhone 5c which was apprehended soon after the tragic San Bernardino terrorist attacks. It is password locked and encrypted and believed to contain vital evidence for the FBI and since it was owned by the county of San Bernardino, it has been given over to authorities to be used in the investigation in any way they see fit. So this is not a privacy issue but that doesn’t mean it could not become a privacy issue for all of us.
Apple’s CEO, Tim Cook, published an open letter to make a case to not allow this phone to be hacked or unencrypted by anyone – not even this one time. He uses words like “backdoor” and “slippery slope” when faced with the idea that Apple might be forced to hack their own phone. Cook has claimed in the past that all user data is private and that even Apple cannot hack their latest generation of devices. But he is not using that argument in this case. Cook is taking his fight public in an effort to gain supporters in both the government and tech sectors and so far, it seems to be helping. Presidential candidates like Trump and Rubio blast Apple for not complying with law enforcement while tech companies like Facebook, Google and Twitter have all publicly praised Apple for their stance. But the politicians stand to lose votes and the tech companies stand to lose customers so let’s look at the most qualified opinions – tech and security experts.
Famed iPhone hacker, Will Strafach AKA Chronic, is in favor of Apple’s stance saying “The reason Apple stresses that this is a ‘backdoor’ in its statement is because the order is specifically requesting that Apple make a modification that serves no purpose other than to weaken iOS security by allowing brute force attempts.”
Apple is simply being asked to hack their own security system to allow brute force attacks to guess the passcode. Register’s Trevor Pott point out that Apple is actually hiding the fact that this iPhone’s security is flawed under the guise of privacy. But if the security is truly flawed, wouldn’t that make the job of hacking this phone that much easier for the FBI or anyone they hire to do so? Why all the focus on a single iPhone?
It is clear to experts on either side that the government is looking to set a legal precedent here because they have the facts and probably cause to force Apple to unlock this phone. But what the politicians mostly fail to see (or at least admit) is that once this phone is unlocked, everyone from China to local law enforcement will line up outside of Apple headquarters demanding their iPhones be unlocked as evidence for their law enforcement needs too. This creates an infinitely more dangerous landscape than any terrorist could even imagine. China could spy on all of our devices without our own government (who is also spying on us) even knowing it. I’m including all devices here because there is also no reason to doubt that as Apple falls, so will Google, Facebook, Microsoft and the rest of our tech sector.
Recently, Apple has gained further support from tech industry giants like Apple co-founder Steve Wozniak and tech billionaire, Mark Cuban who commends Apple for doing the “exact right thing” and warns “If you think it’s bad that we can’t crack the encryption of terrorists, it is far worse when those who would terrorize us can use advanced tools to monitor our unencrypted conversations to plan their acts of terror.”
Apple has recently been granted an extension to comply with the original court order making the new date February 26. There are no signs of either side wavering yet but a lot can happen in a week.
- Stalking has never been easier so let’s change that - 02/08/2023
- This is why nobody is allowed a cell phone in classified debriefings - 11/18/2022
- Death of the VPN: A Security Eulogy - 08/24/2022