Apple Vs. The FBI: Protecting The Poetry Of Code - InformationWeek
IoT
IoT
Government
Commentary
3/31/2016
08:06 AM
100%
0%

Apple Vs. The FBI: Protecting The Poetry Of Code

If the FBI had succeeded in its attempt to have Apple write a new version of iOS (FBiOS, perhaps?), then what would a tech vendor have been required to do next?

Apple CareKit, ResearchKit: 6 Apps Aiming For A Healthier World
Apple CareKit, ResearchKit: 6 Apps Aiming For A Healthier World
(Click image for larger view and slideshow.)

The FBI says that it has cracked the iPhone in the California terrorist case. Apple says that it didn't have to write new encryption-busting software. Everyone seems to have gotten what they wanted. So, why are there still many questions bouncing around the industry?

Part of the problem is that we don't know which principles would have prevailed had the case gone to trial. The FBI dropped its charges against Apple after it determined it could get what it needed by other means. Each side claimed to be on the side of the angels, and good arguments were made by each party.

To me, though, the most compelling argument came down to whether it is right, in the US way of doing things, to force someone to write.

(Image: succo via Pixabay)

(Image: succo via Pixabay)

I am not a lawyer. I am someone who makes his living by leaning heavily on the First Amendment of the US Constitution. And certain arguments lead me to uncharitable thoughts. As an example, any argument that includes the phrase, "If it saves just one life..." makes me twitch in unattractive ways.

With all that out of the way, let's get back to the idea of the government forcing Apple (or any company) to write new software. Any software. I have a problem with the very idea, because it seems to me a Stalefish McTwist down a slippery half-pipe of government compulsion. If the FBI had succeeded in its attempt to have Apple write a new version of iOS (FBiOS, perhaps?), then what would an industry vendor have been required to do next?

The FBI's argument that this was a single case, and that no one would ever use the software or ask for anything similar again, had been proven false before the stories from the first press conference were filed. Federal prosecutors were publicly lining up to use the software (or similar legal means) to get Apple to provide paths into iPhones in dozens of cases. A sheriff in Polk County, Fla., had even promised to arrest Apple CEO Tim Cook if a prosecutor in Winter Haven, Fla., wanted iPhone info and Apple didn't comply.

With a legal precedent in place, every company that creates software that has any security feature would have been in the position of having to build a special government edition of the code, with full information-grabbing functionality included. And once those editions existed, then no operating system or application would have been secure.

My real problem isn't with the lack of security (though there are enormous issues with that). Rather, my problem is with the idea that engineers, programmers, and companies who believe in the importance of strong security might be forced to write programs that are intrinsically insecure. It would be like forcing Wordsworth to write free verse, or e.e. cummings to use the Caps Lock key on his typewriter. It would be wrong.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Now, I can hear two arguments about this. The first is that Apple is a corporation and commercial speech has less protection under the First Amendment than does individual speech. That's quite true, though all of the precedent regarding computer software as speech has involved commercial entities as the authors. The precedents leave a bit of murk about protection, though all of them are around whether software can be forbidden -- not whether it must be written.

The second argument is that forcing e.e. cummings to write with proper capitalization might hinder his artistic expression, but it wouldn't place lives in danger. That argument is true but irrelevant. In the US, our Constitutional rights aren't suspended when an individual life (or even quite a few lives) are placed in danger. Don't believe me? I give you the Second Amendment. And the Fifth. And sections of the Fourth.

Put simply, the statement widely credited to John Adams, the second president of the US, that ours is "a government of laws, not of men" means our principles are what matter most and are what we pledge our honor to uphold. We don't promise fealty to a person or an office: We are a nation that is united by ideas and ideals.

Sooner or later, another case will come up and we'll have this argument again. I truly hope, no matter the individual case, that we remember compelling people to work against their will has never gone particularly well for us. There are other ways to solve technological problems, and better ways to preserve our safety.

I suspect that some folks reading this will have other opinions on the subject. I'd love to have a discussion about your ideas in the comments section below. I look forward to the conversation as we all exercise our rights under the First Amendment.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Banacek
50%
50%
Banacek,
User Rank: Ninja
4/1/2016 | 12:12:38 PM
back doors
Oh, and as a point about the 'security' of back doors, just look at luggage locks. The only ones you're allowed to use on travel are to be TSA certified, and all have a special key for use by the TSA to open them up. Their own secret back door.

Except the secret to the backdoor has been revealed, either by leak of someone with the special key(s) or just by reverse engineering the thing. Either way, you can now find all you need to know to make your own special TSA key and break into any luggage you see fit.

The amount of time and money this country (and it's people) spend living in fear of terrorists just goes to show how the terrorists are winning their 'battle'. If it was just a white guy named Jones who went in and shot up the San Bernadino public health center, we would have had lots of discussions about how guns are the issues, it's mental illness. Or guns are the problem. Or it was a race thing. But nowhere would you have people saying "We need more access to people's phones and emails to prevent this kind of thing!". But stick 'muslim' on it, and now we need court cases and more 'security' and 'protections'.
Banacek
0%
100%
Banacek,
User Rank: Ninja
4/1/2016 | 12:03:19 PM
Re: What's to be done?
I'm glad you support the right of these people to go to court to get warrants, as this is in the constitution it's legal anyway. That's not my problem.

My problem is with government overreach. Perhaps if they hadn't spent the last 200 years overstepping their own boundaries (the CIA shouldn't be operating in the US, but has been caught doing so, the NSA reading and listening to everything, and both using special 'rooms on foreign soil' to work around the legal issues). On top of that, we have seen time and time again that the government can't be trusted not to keep information out of the hands of bad people (the snowden leaks, the wikileaks, the OPM breach, the FBI breach, the IRS breaches, NSA workers using their credentials to spy on girlfriends and the like, need I go on).

So now we have the government wanting backdoors into devices in order to get access under 'warranted circumstances'. But what restrictions will be on them to make sure they are under warrants and not just because there's a suspicion? And when the backdoor is released to the world (as it will be), and all the terrorists now have access to American's information and phones, who's protecting us then?

And if American companies put in back doors, what's to stop terrorists from just using foreign phones? Or jailbreak their phone and put their own modified OS on it? Or just use encryption software on their own?
Francoman
0%
100%
Francoman,
User Rank: Guru
4/1/2016 | 10:50:03 AM
What's to be done?
What is the real issue here?  First, there are evil actors in the real world, and we charge our security forces with protect us from these bad actors.  The security people want us to abandon our right to privacy so they can protecting us.  I do not support any wholesale abandonment of our right to privacy.

However, I do support the right of security personnel to take probable cause to the courts in order to obtain a lawful search warrant.  The risk Apple takes by ignoring their obligations to contribute to public security may backfire.  If you carefuly parse Apples statement, they base their actions on an abundance of concern for thier customers.  Their concern is not with protecting the public, and that is where Apple bcomes vulnerable.

I believe that Apples does have obligations to public security, and this is the point where our disfuctional Congress needs to carefully balance the public's right to privacy with the need for all of us to contribute to our security.  The moment a terrorist's Apple phone is shown to have contained data that could have saved the lives of hundreds of men, women and children, Apple could well go from the protect of the right to privacy to an enabler of terror.  Apple and the tech industry should work with Congress and the Executive Branch to forge reasonable public policy on the issue.

 

 

 
Francoman
50%
50%
Francoman,
User Rank: Guru
4/1/2016 | 10:50:01 AM
What's to be done?
What is the real issue here?  First, there are evil actors in the real world, and we charge our security forces with protect us from these bad actors.  The security people want us to abandon our right to privacy so they can protecting us.  I do not support any wholesale abandonment of our right to privacy.

However, I do support the right of security personnel to take probable cause to the courts in order to obtain a lawful search warrant.  The risk Apple takes by ignoring their obligations to contribute to public security may backfire.  If you carefuly parse Apples statement, they base their actions on an abundance of concern for thier customers.  Their concern is not with protecting the public, and that is where Apple bcomes vulnerable.

I believe that Apples does have obligations to public security, and this is the point where our disfuctional Congress needs to carefully balance the public's right to privacy with the need for all of us to contribute to our security.  The moment a terrorist's Apple phone is shown to have contained data that could have saved the lives of hundreds of men, women and children, Apple could well go from the protect of the right to privacy to an enabler of terror.  Apple and the tech industry should work with Congress and the Executive Branch to forge reasonable public policy on the issue.

 

 

 
Michelle
100%
0%
Michelle,
User Rank: Ninja
3/31/2016 | 10:44:22 PM
Achievement unlocked: 1st Amendment Exercised
There's never a problem with those in charge until there is. There are so many issues with a case like this if it had gone to court. It's very good the FBI got into the phone in the end without going forward with litigation that could affect citizens for generations. 
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Register for InformationWeek Newsletters
White Papers
Current Issue
Cybersecurity Strategies for the Digital Era
At its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll