IoT
IoT
Mobile // Mobile Devices
Commentary
2/21/2016
11:06 AM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
50%
50%

Tim Cook Vs. FBI: Why Apple Is Fighting The Good Fight

A court has told Apple to compromise an iPhone owned by one of the shooters in the December San Bernardino attack that killed 14 people. But Apple should not be required to enlist in the war on bad things.

Encryption Debate: 8 Things CIOs Should Know
Encryption Debate: 8 Things CIOs Should Know
(Click image for larger view and slideshow.)

Apple has been ordered to work for the US government, without compensation, to undo the security system in one of its iPhones. The court order amounts to an endorsement of a surveillance state, not to mention forced labor.

The FBI won the order from a magistrate judge in Riverside, Calif. It directs Apple to create a custom version of iOS for an iPhone 5C that belonged to (but evidently was not managed by) the San Bernardino County Department of Public Health and was used by Syed Farook, one of the two shooters who killed 14 people in San Bernardino in December.

The custom software, dubbed "FBiOS" by security researcher Dan Guido, is intended to disable iPhone security features that delete phone data if the device passcode is entered incorrectly 10 times and that limit the number of passcode entry attempts that can be made per second.

Apple CEO Tim Cook said the company intends to challenge the order, stating that the "demand would undermine the very freedoms and liberty our government is meant to protect."

Nobody likes terrorists. But authoritarian coercion isn't the only alternative.

In this instance, the legal precedent matters more than the crime. If the case were different, if there were a nuclear bomb ticking away somewhere in a major city and the phone in question had information that could disarm it, any company that could help would do so. No judicial process would be required, even if it might be desirable as a matter of legal compliance.

That's not what's at stake here. This isn't a hypothetical scenario constructed to allow only one rational answer. The FBI may obtain useful information, but it may not. The agency doesn't know what's on the iPhone. Yet to access an unknown cache of data, the government has obtained approval for a judicial key that unlocks all digital locks.

(Image: Apple website, altered as commentary)

(Image: Apple website, altered as commentary)

The government suggests it only wants access to this one device. But Cook and others assert that granting the government's demand for access has broad implications. "If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone's device to capture their data," Cook said in an open letter to customers. "The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge."

Companies that do business in the US provide assistance to US law enforcement agencies quite often, either on a voluntary basis or in response to a lawful demand like a warrant or a National Security Letter. But the government hasn't publicly demanded that a business create custom software at its expense to undo the security it has implemented. Such malware might be expected from an intelligence agency, but not from a commercial vendor.

We've lived with technological insecurity for years, which is why encryption has never been a significant impediment to government investigations and intelligence gathering. A recent report from Harvard University's Berkman Center found concerns about encryption's impact on law enforcement overblown. There have always been enough vulnerabilities to exploit to deal with encryption.

But following Edward Snowden's revelations about the scope of government surveillance, things began to change. Apple and its peers began to realize that their businesses were at risk if they didn't improve the security of their software and hardware. Now the government wants to undo that work. And we need to re-examine the notion that any action taken in the name of national security should stand without question.

As the Internet of Things becomes more widespread, the government's ability to compel companies to grant access to any device means surveillance on demand.

[Read IoT Next Surveillance Frontier, Says US Spy Chief.]

It's bad enough that surveillance is a byproduct of connectivity. IoT alarm systems record comings and goings. Internet usage leaves tracks. Movement with a smartphone is easily mapped. Samsung has taken to including a warning in its privacy policy that its SmartTV may capture conversations in homes and transmit them to third parties.

Now imagine how the law enforcement agencies can magnify this IoT side effect if the FBI's demand for Apple's assistance is upheld. With easily obtained legal cover, authorities will be able to require that companies create custom software updates to reprogram routers, cameras, microphones, security systems, and connected cars, among other networked devices.

They may even be able to insist that these insecurity patches get pushed to individuals or groups silently, as over-the-air updates. And it's not just the US government that will do so. Every government of any significance will impose the same requirement, all in the name of protecting us from terrorism.

We can have protection if our data goes unprotected. That's the government's argument.

Developer Marco Arment offers a succinct assessment of the FBI's overreach: "They couldn't care less that they're weakening our encryption for others to break as well -- they consider that an acceptable casualty. They believe they own us, our property, and our data, all the time."

Tim Cook is taking an important stand. Steve Jobs would approve. As Jobs put it at the D3 Conference in 2010, "We take privacy extremely seriously." 

Are you an IT Hero? Do you know someone who is? Submit your entry now for InformationWeek's IT Hero Award. Full details and a submission form can be found here.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 6   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/23/2016 | 11:36:44 AM
Re: With apologies to Archer...
It's really interesting to me how, when I attend tech conferences and the subject of Edward Snowden comes up, no matter how neutral the speaker tries to sound, one can always tell exactly how they feel about Snowden one way or the other.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/23/2016 | 11:35:20 AM
Re: With apologies to Archer...
Indeed, I remember reading once -- during the beginning of the Ukraine debacle not too long ago -- that while the Russian people know that the state media lies to them, they at least feel like they can "trust" it more than foreign media (which they have come to believe is even more untrustworthy).
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
3/22/2016 | 10:42:43 PM
Re: With apologies to Archer...
I'm sure some of the hawks out there, no matter how technically illiterate, still have a grudge against Snowden fed to them by their particular media outlets. These same outlets are the ones pushing the anti-Apple homeland security line. So maybe it's a matter of what your grudge is how long you remember.
virginiaraegan
50%
50%
virginiaraegan,
User Rank: Apprentice
3/21/2016 | 11:58:51 AM
Re: With apologies to Archer...
Good point. Today, there're still more people who'd rather trust authorities blindly than try and figure out at least basic points themselves.
jastroff
50%
50%
jastroff,
User Rank: Ninja
3/21/2016 | 9:30:23 AM
Re: With apologies to Archer...
Good point, that most people don't remember Snowden anymore. That's what living in Russia will get you -- 
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
3/21/2016 | 3:16:25 AM
Re: With apologies to Archer...
@Broadway: I think most people outside of tech don't particularly care -- or even remember -- who Edward Snowden is anymore.  That was nearly three years ago.  The Kardashians have done so much since then.
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
3/20/2016 | 5:32:23 PM
Re: With apologies to Archer...
It amazes me that that trust in federal security forces exist. It wasn't long ago that the FBI and the CIA were investigated for spying on Americans. Then you have the Snowden incident more recently!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/18/2016 | 9:17:30 AM
Re: With apologies to Archer...
I think we still don't trust the political figureheads (Congressional approval has been extremely low for years -- and Presidential approval ratings haven't been very high for the past decade or so), and even local law enforcement agencies have suffered some PR black eyes lately, but there's a great deal of trust in federal law enforcement and federal agencies -- or, if not trust, then disgruntled apathy.
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
3/5/2016 | 10:25:38 PM
Re: Situation could have been avoided
I believe what vnewman reported, but I still can't believe it. You're telling me that on a company issued and owned iPhone, once I am behind the password firewall, that company can't see what I am doing, where I am going, what apps I am using, etc.?? And they give all that away, so that they can rest assured that any company data is also safe?
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
3/1/2016 | 1:55:41 PM
Re: Situation could have been avoided
That is extremely interesting. In essence this would create a good standing for Apple from the view point of employees as they will know that their phone data cannot be viewed by the organization for which they work and this might be a huge plus as individuals do not segregate their personal data from professional data on a device and as a result, they desire a high level of privacy.

It also leaves the organization with no powers even after paying for a device.
Page 1 / 6   >   >>
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.