Last week Apple and the FBI have entered into a very public stoush over customer privacy.
Essentially the argument asks organisations, in the interests of ‘national security’, to re-think their obligations to their user base.
If Apple is to comply with FBI demands, it could set a precedent that has a wide-range of implications on the way governments regulate and manage the digital space, not only in the US but globally.
The technology compromises the FBI would like overturns those very measures companies like Apple use to protect their users in the first place.
The story began last week when Apple elected to fight a court order that asked them to build a ‘back door’ to access data from an iPhone used in a terrorist attack last December in San Bernadino. The owner of the iPhone in question – suspect Syed Farook – was killed in a shoot-out with police.
For two months the FBI has struggled to ‘break-in’ to the phone. Apple has been co-operating but since it has no decryption key – only password holders have that – it has had no success in gaining crucial evidence that will help with the case.
Last week the Justice Department claimed the order that asked Apple to disable the security feature that wipes out all data if an incorrect password is entered after more than ten attempts.
Once the iPhone is ‘neutralised’ this way the FBI can begin to work on breaking its security code… using millions of combinations to do so.
A day after the Justice Department delivered their request Apple Chief Executive Officer, Tim Cook went public with his concerns.
He published an open letter that that said it “would undermine the very freedoms and liberty our government is meant to protect… it’s asking Apple to hack our own users and undermine decades of security advancements that protect our customers.”
He made it clear that Apple would use the five days the court has given to undermine the very premise of the order.
“For many years,” he wrote, “we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”
Cook’s blog post calls for ‘public discussion’ for what is at stake and it has incited much web-debate since it appeared over 48 hours ago. Apple supporters, civil liberty organisations, and digital stakeholders are already planning protests.
Core to Cook’s argument is the fact that the FBI’s demand requires the organisation’s engineers to build a new iPhone operating system (iOS). But unlike the current iOS, this one would be ‘weaker’ in security terms. Opportunities to breach its features would be built-in.
Once in existence, the new technology could not be controlled Cook said. In the wrong hands, it would be a destructive force.
Aside from the cost involved he is convinced that such technology presents a threat that once realised will know no boundaries.
The FBI has used the All Writs Act of 1789 in making its demands. Cook says that on this basis the government could expand its authority: capturing anyone’s data and even demanding that Apple build surveillance software to track their customers’ every move.
The White House responded to Cook’s post by reassuring the public that it was not asking Apple to ‘build a back door’ for its iPhone.
White House spokesman Josh Earnest said the Justice Department wanted access to just the one phone. However the White House has been silent on the darker undercurrents of Cook’s message.
The FBI vs. Apple case this week is just the latest tussle with lawmakers and enforcers on the one side, and tech organisations on the other over the issue of encryption.
In an age of mass state surveillance, companies have increased their security features on their consumer products.
Meanwhile the FBI and legislators have made even stronger demands for a virtual ‘pass-key’ that allows access to an individual’s private data.
Cook’s announcement this week is consistent with the company’s culture: all its iPhones and devices come encrypted.