In the name of protecting people from terrorism, the US government has gone to war against the private sector and its ability to build secure technology products. The Justice Department is seeking a court order to force Apple to create software that will enable FBI investigators to crack the password protecting encrypted data on an iPhone used by one of the shooters in last year's San Bernardino terrorist attack.
The FBI insists it is making a narrow legal demand that's relevant only to a specific case. "We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly," said FBI director James Comey in a statement. "That's it. We don't want to break anyone's encryption or set a master key loose on the land."
However, according to an Apple legal filing last week, law enforcement authorities have sought court orders to compel Apple to unlock at least a dozen other iPhones in nine cases working their way through US courts. In a list of FAQs posted on Apple's website, the company claims that law enforcement agents have said they have hundreds of phones they'd like to unlock.
Apple insists the FBI's demand is broad because it would establish a legal precedent that would allow similar demands to be made to any company or individual in the future. "If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone's device to capture their data," said CEO Tim Cook in a letter to Apple customers.
In a New York Times op-ed column published on Monday, New York Police Department Commissioner William Bratton and NYPD Intelligence and Counterterrorism Deputy Commissioner James J. Miller acknowledge, "The ramifications of this fight extend beyond San Bernardino." They assert that they're not asking for a back door. "Complying with constitutionally legal court orders is not 'creating a back door'; in a democracy, that is a front door."
But it remains unsettled whether or not the FBI's demand is lawful.
In a democracy, this door, whether framed as a front door or back door, is barred when authorities impose an "unreasonable burden." As George Washington University law professor Orin Kerr suggests in The Washington Post, the court system will have to decide whether the FBI's request represents an unreasonable burden. That won't be an easy decision. Kerr asks if that standard should reflect whether "the subject company has a business strategy that includes opposing government surveillance requests."
In short, is uncompromising security a legal product?
The American public narrowly favors the government. A recent Pew Research Center survey found that 51% of US adults surveyed say Apple should unlock the iPhone to help the FBI. About 38% disagreed and 11% said they didn't know.
Technical experts largely appear to agree with Apple's characterization of the situation and of the risks compliance poses to its business. In a blog post last week, Jonathan Zdziarski, a computer security researcher and iOS forensics expert, explains that the FBI isn't asking Apple to provide the data on the iPhone in question. It's asking the company to create a forensics tool, which requires exposure of Apple's technology to third-parties.
Zdziarski goes on to suggest that the Justice Department's assertion that Apple will be able to keep its tool secret is disingenuous, because doing so would violate the norms of forensic science, where digital tools must be validated independently.
"Not only is Apple being ordered to compromise their own devices; they're being ordered to give that golden key to the government, in a very roundabout sneaky way," explains Zdziarski. "What FBI has requested will inevitably force Apple's methods out into the open, where they can be ingested by government agencies looking to do the same thing."
Indeed, if the US government can demand Apple's assistance, governments of China and Russia can be expected to seek similar service, not just from Apple, but from Google, Microsoft, and every other company.
Does your company offer the most rewarding place to work in IT? Do you know of an organization that stands out from the pack when it comes to how IT workers are treated? Make your voice heard. Submit your entry now for InformationWeek's People's Choice Award. Full details and a submission form can be found here.