“The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand. This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.”
So begins an open letter from Apple’s CEO Tim Cook to both its users but more importantly to the world.
First let’s look at the back story and perhaps a few immutable human rights issues.
Federal prosecutors in Los Angeles requested the magistrates court (an entry level judicial court) to compel Apple to assist the FBI to interrogate [effectively execute a legal search warrant] an iPhone 5C allegedly used by one of the domestic terrorists that killed 14 people and injured 22 others on 2 December 2015.
"Apple has the exclusive technical means which would assist the government in completing its search, but has declined to provide that assistance voluntarily," prosecutors said.
The court ordered Apple to provide custom firmware that would disable brute force pin protection and data auto-delete when a [FBI] computer was hooked to an iPhone to generate every possible pin combination without being locked out – called brute force pin cracking.
Apple’s response was that its strong encryption adopted in 2014 and a number of security features to prevent things like brute force pin attempts made the task impossible. In essence the court order compelled Apple to develop a backdoor into iOS devices.
iOS forensics expert Jonathan Zdziarski [iTWire has no knowledge of this person except he has been widely quoted] said Apple might have to write custom code [firmware] to comply with the order, presenting a novel question to the court about whether the Government could order a private company to hack its own device.
Mr Zdziarski said that because the San Bernardino shooting was being investigated as a terrorism case, investigators would be able to work with the NSA and CIA on cracking the phone. Those US intelligence agencies likely could break the iPhone's encryption without Apple's involvement.
He added that Apple can, on a technical level, comply with the court’s order in relation to an iPhone 5C but later versions of its processors and iOS would make compliance difficult unless a backdoor were part of the hardware and operating system.
Read on for a whole bunch of ethical dilemmas.
Apple’s rejection of the magistrate’s order will be subject to an appeal by it. In turn the outcome of the appeal may be subject to an appeal by the FBI and so on and so on. This could easily go to the highest court in the land and in other countries too.
There really has not been such a watershed case in US history and in essence Apple and the US government are at loggerheads. iTWire makes it clear that it supports the law – whatever that may ultimately be.
Analysts are saying that Apple has in essence stated that it is above the law in ignoring a lawful court order. Apple is a PR savvy company hence its open letter – at least to get the topic discussed from the dinner table to the water cooler. It is not however about whether Apple may not be able to assist – it is refusing to obey a court order and that is, as they say ‘Full stop, end of story.”
To be clear this is the same dilemma that any IT company faces – US based like Apple, Facebook, LinkedIn, Google (Alphabet), Microsoft, Hewlett Packard, Dell, et al – or Asian based like Lenovo and Huawei [that has long been accused – but never proven - of having mandated backdoors for the Chinese Government’s use] et al.
Then this argument could be extended to cloud or on premise storage, encryption software – wherever personally identifiable information is created, stored and retrieved.
The ethical dilemma is akin to the old dilemma ‘Quis custodiet ipsos custodies’ – Who will guard the guards themselves - loosely translated who watches the watchers?
In fact, there is a real conundrum. There are varying legislations, constitutions, and so-called unassailable rights across the free democratic world to protect privacy but equally none in many countries where autocratic governments have the supreme right.
So in the free world we basically have to trust companies like Apple with our data. Or Google with its old overarching statement “Don’t be evil.”
Back to Apple – it has done a good job in building user trust. If it continues to fight the good fight for privacy it could well find itself up against a more powerful force – first the US government and next the world governments where its products are sold. But as Zdziarski points out its actions may be hard to sustain when “Someone has a gun to your head.”
The last thing Apple [and others] wants is regulation forcing it to build in back doors that can be accessed via legal process or worse still cracked and exploited by cybercriminals.
It needs to aim for the ultimate outcome best described by the phrase “Two can keep a secret if one of them is dead.”
It [and others] need to build devices, services (health, insurance, finance), clouds, etc., that can only be accessed by the person that owns it – unless they choose to share that access credential with someone else and by inference kill them later [change the access credential]. We are going to see a lot more two factor authentication (or more) to enable things like firmware updates, storage access, and privacy protection. The trade-off will be if you lose your key – tough, everything is gone, and that is it.
Democratic governments must respect this basic right. Autocratic governments can and will do whatever they want.