In the wake of the San Bernardino tragedy, the Federal Bureau of Investigation (FBI) seized an iPhone that was used by one of the shooters. Recently, the FBI obtained a court order from a California district court, requesting Apple’s assistance in cracking the phone’s passcode. This has sparked an interesting debate around encryption, the outcome of which will ultimately have an impact us all.
The FBI is asking Apple to build a new, custom version of its iOS to help unlock the phone. Later versions of the iPhone have a special security protection that cannot be manipulated by customizing the iOS, an iPhone 5c—and all models prior—can be. If Apple were to move forward with creating the software, the FBI could bypass security measures to crack the passcode, including erasing a key to decrypt data after 10 incorrect passcode guesses and removing the timed delay after incorrect password guesses.
In response, Apple has written an open letter opposing the court order, saying it’s a threat to data security for all of its users, not just for this phone in particular. The company equates what they’re being asked to do with creating “a master key, capable of opening hundreds of millions of locks.” Once the information on how to bypass security controls is known, a hacker that obtains that knowledge can combat encryption. This “backdoor” could be dangerous if it falls into the wrong hands.
There is a legal precedent for all of this: the All Writs Act of 1789, which allows courts established by Congress to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law,” so long as it’s not an “undue burden.”
Of course, this raises an interesting question. Is asking Apple to essentially create malware that could harm its older devices an “undue burden”? Think of all the things you use technology for: shopping, banking, travel, staying in touch with friends and family. It’s an incredible convenience, and while there are inevitable risks, is this asking too much of Apple? One of their top priorities is ensuring their customers are treated fairly and their data is kept secure. On the surface, what the FBI is requesting makes sense–for Apple to help crack the phone of a terrorist. But if this request is granted, it creates a precedent for similar requests in the future, requests that could have an impact not just on older iPhones, but on Android devices, computers, and pretty much any piece of technology.
This discussion is a reminder of how important cybersecurity awareness is, and why we should all be taking action to keep our personal information secure. Even simple steps, like enabling biometric authentication whenever possible, utilizing unique passwords for online accounts, and monitoring personal information, banking or credit card accounts for any potential fraudulent activity, will go a long way in keeping data secure. Consumers need to do everything they can to be aware of emerging cybersecurity threats, as poor cybersecurity practices in one situation can impact everyone. By arming themselves with awareness around the risks that are out there, consumers will be better prepared for inevitable threats on the horizon.