Tim Cook Vs. FBI: Why Apple Is Fighting The Good Fight - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Devices
Commentary
2/21/2016
11:06 AM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
50%
50%

Tim Cook Vs. FBI: Why Apple Is Fighting The Good Fight

A court has told Apple to compromise an iPhone owned by one of the shooters in the December San Bernardino attack that killed 14 people. But Apple should not be required to enlist in the war on bad things.

Encryption Debate: 8 Things CIOs Should Know
Encryption Debate: 8 Things CIOs Should Know
(Click image for larger view and slideshow.)

Apple has been ordered to work for the US government, without compensation, to undo the security system in one of its iPhones. The court order amounts to an endorsement of a surveillance state, not to mention forced labor.

The FBI won the order from a magistrate judge in Riverside, Calif. It directs Apple to create a custom version of iOS for an iPhone 5C that belonged to (but evidently was not managed by) the San Bernardino County Department of Public Health and was used by Syed Farook, one of the two shooters who killed 14 people in San Bernardino in December.

The custom software, dubbed "FBiOS" by security researcher Dan Guido, is intended to disable iPhone security features that delete phone data if the device passcode is entered incorrectly 10 times and that limit the number of passcode entry attempts that can be made per second.

Apple CEO Tim Cook said the company intends to challenge the order, stating that the "demand would undermine the very freedoms and liberty our government is meant to protect."

Nobody likes terrorists. But authoritarian coercion isn't the only alternative.

In this instance, the legal precedent matters more than the crime. If the case were different, if there were a nuclear bomb ticking away somewhere in a major city and the phone in question had information that could disarm it, any company that could help would do so. No judicial process would be required, even if it might be desirable as a matter of legal compliance.

That's not what's at stake here. This isn't a hypothetical scenario constructed to allow only one rational answer. The FBI may obtain useful information, but it may not. The agency doesn't know what's on the iPhone. Yet to access an unknown cache of data, the government has obtained approval for a judicial key that unlocks all digital locks.

(Image: Apple website, altered as commentary)

(Image: Apple website, altered as commentary)

The government suggests it only wants access to this one device. But Cook and others assert that granting the government's demand for access has broad implications. "If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone's device to capture their data," Cook said in an open letter to customers. "The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge."

Companies that do business in the US provide assistance to US law enforcement agencies quite often, either on a voluntary basis or in response to a lawful demand like a warrant or a National Security Letter. But the government hasn't publicly demanded that a business create custom software at its expense to undo the security it has implemented. Such malware might be expected from an intelligence agency, but not from a commercial vendor.

We've lived with technological insecurity for years, which is why encryption has never been a significant impediment to government investigations and intelligence gathering. A recent report from Harvard University's Berkman Center found concerns about encryption's impact on law enforcement overblown. There have always been enough vulnerabilities to exploit to deal with encryption.

But following Edward Snowden's revelations about the scope of government surveillance, things began to change. Apple and its peers began to realize that their businesses were at risk if they didn't improve the security of their software and hardware. Now the government wants to undo that work. And we need to re-examine the notion that any action taken in the name of national security should stand without question.

As the Internet of Things becomes more widespread, the government's ability to compel companies to grant access to any device means surveillance on demand.

[Read IoT Next Surveillance Frontier, Says US Spy Chief.]

It's bad enough that surveillance is a byproduct of connectivity. IoT alarm systems record comings and goings. Internet usage leaves tracks. Movement with a smartphone is easily mapped. Samsung has taken to including a warning in its privacy policy that its SmartTV may capture conversations in homes and transmit them to third parties.

Now imagine how the law enforcement agencies can magnify this IoT side effect if the FBI's demand for Apple's assistance is upheld. With easily obtained legal cover, authorities will be able to require that companies create custom software updates to reprogram routers, cameras, microphones, security systems, and connected cars, among other networked devices.

They may even be able to insist that these insecurity patches get pushed to individuals or groups silently, as over-the-air updates. And it's not just the US government that will do so. Every government of any significance will impose the same requirement, all in the name of protecting us from terrorism.

We can have protection if our data goes unprotected. That's the government's argument.

Developer Marco Arment offers a succinct assessment of the FBI's overreach: "They couldn't care less that they're weakening our encryption for others to break as well -- they consider that an acceptable casualty. They believe they own us, our property, and our data, all the time."

Tim Cook is taking an important stand. Steve Jobs would approve. As Jobs put it at the D3 Conference in 2010, "We take privacy extremely seriously." 

Are you an IT Hero? Do you know someone who is? Submit your entry now for InformationWeek's IT Hero Award. Full details and a submission form can be found here.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 6   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
2/21/2016 | 11:20:10 AM
With apologies to Archer...
Between this and the tax brouhaha a couple of years ago...

 

Do you want Apple to relocate to another country?  Because this is how you get Apple to relocate to another country.
nomii
50%
50%
nomii,
User Rank: Ninja
2/21/2016 | 12:40:05 PM
Re: With apologies to Archer...

@Joe I agree with you there. I believe that with tis we are making another case of PRISM and NSA. What is your opinion?

nomii
50%
50%
nomii,
User Rank: Ninja
2/21/2016 | 12:43:30 PM
Re: With apologies to Archer...

@Joe I believe that asking company to unlock it and the retrieve all data will be a better preposition rather then providing them the tools to unlock the iphone. I am very much against even the law firms breaking into the private and privacy of any individual without their consent. And the legal suit is goimg directly into it. What do you say?

Gary_EL
50%
50%
Gary_EL,
User Rank: Ninja
2/21/2016 | 3:37:19 PM
Re: With apologies to Archer...
If a certain Republican candidate gets elected, I'd like to see what happens if they EVEN TRY to move out of this company and still sell their iPhones here. I'm not interested in protecting terrorists, and neither is the vast majority of Americans. What I am afraid of is, what if, when they're looking for a bomb thrower, they find evidence of ordinary crimes, like theft, graft or fencing stolen goods?
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
2/22/2016 | 5:17:50 AM
Re: With apologies to Archer...
Yes, the tax burden has been causing a few companies to park in different economic regions. Security is a two way street, if the company parks in an economy that is not stable then, it too can erode the value of assets. 

I feel that there is a middle ground between Apple and FBI that can fulfill the requirements and concerns of both sides -- finding the middle ground is the difficult process.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
2/22/2016 | 7:15:59 AM
Encouraging
Although I'm pleased to see Mr Cook taking a stand, what's really encouraging is the number of other companies and heads of those firms standing with him and Apple. If more tech firms organise and make a stand for encryption, it stands a much better chance of surviving this current legislative debate. 
jagibbons
100%
0%
jagibbons,
User Rank: Ninja
2/22/2016 | 1:00:26 PM
Situation could have been avoided
This situation never should have happened if San Bernadino County had properly management over hardware and service that it owns and provides to its employees to undertake their public service.

an iPhone 5C that belonged to (but evidently was not managed by) the San Bernardino County Department of Public Health

Even the most basic mobile device management (MDM) can force a change to a pin or password on a controlled device. If my employer paid for the phone and pays for the service, I have very little expectation of privacy over that device. I can choose to live with that and have both personal and company data on the device, or I can choose to use a separate device for personal use.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
2/22/2016 | 1:02:54 PM
Re: With apologies to Archer...
If Congress ends up stepping into this debate, I wonder if the tax liability loopholes will also come up...
kstaron
50%
50%
kstaron,
User Rank: Ninja
2/22/2016 | 1:27:22 PM
Re: With apologies to Archer...
I'm not suprised the FBI asked to break the codes, but I am disgusted that a judge said they should. That's a precedent for any law enforcement ant any time to crack your phone to see IF you have been doing something less than legal, which strikes me as an infringement of 4th amendment rights. This could have horrible repercussions of the general public that reach far beyond the perceived need to lock up a couple of whackjob terrorists.
Ariella
50%
50%
Ariella,
User Rank: Author
2/22/2016 | 8:49:52 PM
Re: With apologies to Archer...
<Do you want Apple to relocate to another country?  Because this is how you get Apple to relocate to another country.>

@Joe Well, it already has locations outside the US and does play around with its identity for tax purposes. That's why it favors Ireland as a base.
Page 1 / 6   >   >>
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll