A federal magistrate judge has ordered Apple to help the FBI hack into the password-protected iPhone used by Syed Farook, who was one of the two who killed 14 people in a December 2015 rampage. Apple is refusing. Associate Professor of Networking and Communications Glen Sagers says forcing Apple to comply would do extensive harm.
Apple is right not to provide the FBI with a back door to the iPhone.
What the FBI is asking Apple to do is create a unique version of their operating system that could circumvent all the security provisions they have put in place over the last 10 years. They are asking Apple to rewrite their system in a way that allows the government to access it when they want and how they want.
Apple created an encrypted system that is only supposed to be accessed by one person. Even Apple does not have access. For them to rewrite the system means they are putting far more people’s data at risk. The new system would open up owners to “brute force” hacks, where hackers would pound the system with millions of passwords at once. Essentially, no one’s phone would be encrypted anymore, and anyone who gets access to that backdoor would be able to access another person’s phone.
If data is encrypted, it cannot be read by anyone except the authorized user. Period.
If Target and Home Depot had encrypted their data, then millions of people—myself included—wouldn’t have had their credit card numbers stolen. When you ask for a back door to encrypted data, you are opening a way for that data to be accessible by someone besides the authorized user. Someone else will find it. Someone else will exploit it.
Other companies have complied with orders like this in the past. The Greek government required Vodafone, a European cell phone carrier, to open a backdoor. It was hacked, and the same backdoor was used against the Greek government. Google kept a database of backdoor accesses provided to the U.S. government. In 2009, the Chinese breached that database, and it was hacked. In virtually every situation where such a system has been put in place, it has ended up with the provider, or individual customers, being hacked.
Legally, the government is using the All Writs Act to argue their case, which is an odd approach. It comes from the Judiciary Act of 1789, and says the government can issue writs “necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” It’s vague in a way that makes it look like the government is grasping at straws.
I’m certainly not saying the government is so shortsighted as to not see the potential negative outcomes. I think they know full well what could happen. This is a terrible situation where people lost lives, so they’re riding the tide of public opinion. Really, there is no way for anyone to win in this case. Yet asking Apple to breach the security of its products is just putting more people at risk of data and identity theft, stalking, and other crimes.
Sagers can be reached vi Media Relations at MediaRelations@IllinoisState.edu or (309) 438-5631.