Many technology companies are trying to make the Internet more secure — but the government seems hell-bent on stopping them. Friday, the FBI ramped up the pressure on Apple, asking a court to compel the company to write new software that allows them to hack into a phone recovered from one of the San Bernardino shooters. Admirably, Apple has pledged to fight the court order, which threatens to set a dangerous precedent.
For some, Apple’s position may seem mystifying. The FBI is investigating a crime, has a warrant, and is seemingly only requesting access to one iPhone. But the case is about more than one phone or investigation: It is about the right of Apple — a privately owned and operated technology company — to resist being conscripted by the FBI at the expense of the public’s privacy and security.
Some members of Congress are also wading into the fight. Senate Intelligence Committee Chairman Richard Burr (R-N.C.) is reportedly considering legislation that would force companies to comply with these types of demands, but faces opposition even from those in his own party. Senator Ron Wyden (D-Ore.), Representative Justin Amash (R-Mich.) and members of the House Judiciary Committee are among those who have expressed strong criticism of the FBI’s demands.
Apple knows its customers well and has designed its phones accordingly. Thus, newer versions of their software account for the fact that people’s phones are often lost or stolen. The average person does not want personal photos or intimate text messages exposed if they leave their phone behind. So, newer models may auto-erase the information if someone inputs the wrong passcode 10 times.
Moreover, only a user’s passcode or fingerprint can unlock their phone — not even Apple itself has a magic master code capable of accessing its hardware. This is important because hackers routinely target prominent technology companies themselves.
In 2009, Google’s servers were successfully breached by Chinese hackers who stole sensitive police data. In 2014, Microsoft confirmed that the Syrian Electronic Army had hacked employee email accounts. By placing the ultimate ability to unlock a phone solely into the hands of its consumers, Apple has decreased the likelihood that an inadvertent security breach will result in a bad actor getting information about how to unlock any iPhone at any time.
The court’s order could undermine these positive security strides. The FBI wants Apple to develop new software without the passcode safeguards and transmit it to the target phone. Because an iPhone will only accept software updates from Apple, the new software would need to be cryptographically “signed” by the company.
The government’s demand exceeds its authority under the law. The FBI has the ability to force companies to assist criminal investigations by turning over information that they possess or control. For example, they can ask a bank to hand over financial records. What they cannot do, however, is force a bank to break into your home to get the very same records.
The order is also worrisome for cybersecurity. Software updates are critical to security, as they allow companies to patch vulnerabilities in the growing number of Internet connected devices. Customers must trust that these updates are safe and secure — not government-ordered malware or hacks. Otherwise, people will simply turn them off, leaving themselves and the networks they connect to vulnerable.
The government’s approach is disappointing, but not surprising. Leaked emails from senior intelligence officials last year suggest that the government was waiting for a terrorist attack to exploit in order to argue for greater access to encrypted devices.
Unless courts, companies, government officials and the public push back, this case may indeed become an opening for bad policies that bend technology companies to the will of the FBI — leaving all of us to suffer the consequences.