By Russ Levanway
Rhetoric vs. Reality
The standoff between Apple and the FBI over access to the iPhone used by Syed Rizwan Farook in the San Bernardino mass shooting last December is a polarizing case. In the media, the rhetoric has primarily hinged on a question of safety vs. privacy: Should the government have backdoor access to devices like the iPhone in order to investigate and prosecute crimes? Or should private companies refuse to give access on the premise of user privacy?
But that is not the real question.
The real question is everyone’s privacy vs. no one’s privacy. If Apple writes software to create a backdoor into Mr. Farook’s iPhone, that software could be used to create backdoors into every iPhone.
In a letter to customers dated last month, Apple CEO Tim Cook wrote:
In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes.
No Secret is Safe
If Apple were to create such a key, yes, it may benefit law enforcement in the San Bernardino case or any of the government agencies worldwide whose 11,000 requests for decryption on 60,000 devices could help solve cases. But if a key were to exist, what agency, institution or company can be trusted to safeguard it against cybercriminals, elite hackers, or even their own employees and contractors when recent events have made it clear that no secret is safe?
Consider Edward Snowden and WikiLeaks, foreign hackers rummaging through Pentagon files, and Hillary Clinton’s classified emails. Recall the recent data theft from the Office of Personnel Management (OMB), where 21.5 million people’s private data was leaked. Never mind the myriad of reports of data breaches at large businesses and health insurers, including Target, Home Depot, and Anthem. An encryption key or password workaround for all iPhones (and other devices) would not be any safer than top-secret government documents or people’s personal financial and health care information, particularly when the reward for its capture would be so high.
Privacy on the Auction Block
On the black market, a hacker or insider could make millions of dollars selling information about a backdoor to criminals, terrorists, or a rogue state. On the micro level – this act would threaten individual personal freedoms; scale that up and we’re talking about compromising international relations.
Apple’s stance on the San Bernardino case is no PR move – this is not posturing for effect. Designing software to allow law enforcement to “backdoor” devices would set a dangerous precedent, and until encryption can be designed, used and regulated in such a way that the decryption of one device does not compromise the privacy of us all, encryption will continue to be question of everyone’s privacy versus no one’s privacy.