By now, you’ve probably heard of the San Bernardino shooting. If you haven’t, then let me refresh your memory. On December 2, 2015, 14 people were killed and 22 were seriously injured in an apparent terrorist attack at the Inland Regional Center in San Bernardino, California.
It’s one of the more prominent acts of terrorism that have hit the U.S. because of one important evidence: the Apple iPhone 5c used by one of the shooters that was found on the scene. It may or may not contain information, but the significance of that piece of technology is not about what it holds but what it represents.
Setting a bad precedent
A few weeks ago, the Federal Bureau of Investigation announced that they couldn’t unlock the iPhone 5c through sheer brute force, i.e., constantly guessing the 4-digit passcode until they get it right. The agency said they couldn’t risk wiping the data with more tries, a security feature built into the device by Apple.
And because the data on the 5c wasn’t synced with iCloud, the FBI had to find alternative methods of accessing it. Their idea — a radical one — was to ask Apple to create a special tool that:
- allows the FBI to guess as many passwords as they like without the data on the phone being wiped; and
- lets the iPhone connect to an external device, such as a desktop or laptop, where the FBI can run a script that guesses passwords quickly.
With the advancement of technology, it was only a matter of time before information security became a national security issue. The problem here is that Apple no longer has the ability to access encrypted data on iDevices running iOS 8 or higher.
Even if they could, Apple firmly believes they shouldn’t, as explicitly stated on their website via an open letter penned by CEO Tim Cook:
In today’s digital world, the ‘key’ to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.
The FBI invoked the All Writs Act of 1789 — a century-old U.S. federal statute that has been used to practically force technology companies to cooperate with the government — to get a court order.
Personal data in the wrong hands
Our phones hold an unbelievable amount of information. They have become windows to our lives. Our location, our messages, our pictures, bank records, statements, emails, and everything else in between? Chances are, all of them can be found on our phones.
In the wrong hands, that data could destroy our lives. Which is why the biggest smartphone OS developers — namely Google, Apple, and Microsoft — have made data security a big, if not the biggest, part of their respective feature lists.
With the FBI asking Apple to create a special system to bypass the tech company’s security setup, that system will be out there. That’s partly why Apple is afraid; even if they could create one, it would undermine everything they worked hard for. Once the system is created, nothing is stopping the FBI — or anybody who gets their hands on the software — to use it for personal or criminal reasons.
The FBI suggested solutions to the problem:
- there will be a custom ID, i.e., each custom OS can only be installed on a specific phone;
- operation of the software will be done only at Apple’s HQ in Cupertino, California; and
- any software update needs Apple’s approval to install.
But most security experts agree this isn’t just going to be about one phone. From the Verge:
That’s a nervous-making thought for security professionals, since no single system is ever thought to be entirely impenetrable. New vulnerabilities pop up in software all the time, and for the iPhone, they can sell for as much as $1 million. iPhone security expert Jonathan Zdziarski says there’s a real concern that an undisclosed vulnerability or existing exploit could be used in a way that Apple and the FBI can’t predict. Even if the signature system isn’t broken outright, the same tricks used by the FBI’s tool could be repurposed to give malware a stronger foothold on a targeted iPhone. ‘It’s not about just stealing one tool,’ says Zdziarski. ‘There’s a lot going on in software like this, and having a direct tap into how Apple can disable functions moves [attackers] along at light speed.’
But more than the system going into the wrong hands, it’s about that system ever existing in the first place. Because once the FBI wins the legal battle, it will set a terrible precedent for all tech companies. It tells them that the government, in their infinite benevolence, will be able to ask for the court order again and again. Once that’s possible, no matter what the FBI, the Central Intelligence Agency, or the National Security Agency says, they’ll have the power to lord over everyone’s privacy just because they’re the government.
And remember Edward Snowden, the former CIA contractor who leaked evidence of the U.S. government practically spying on everybody? Yeah.
That’s why you should care. If the court order holds and Apple can’t fight it back legally, then say goodbye to actual privacy, at least whatever is left of it anyway.
Whether you’re here in the Philippines or not, your privacy will be compromised. Whether it’s the government or some crooks who are spying on you, it won’t matter. Unless you stop using smartphones or any other devices that connect to the Internet, your privacy and your personal life will not be your own.
So pray that Apple wins this injunction and hope that you still hold control over your life after all of this is said and done. Because if they don’t, hackers will be the least of your worries.