Apple’s Standoff and Security for All: HRW
Feb 19, NY: Contrary to the United States government line, Apple’s resistance to helping it hack the San Bernardino shooter’s phone isn’t about privacy for mass murderers, and isn’t about one phone. It’s about every single technology user’s safety. It’s about your phone and whether you will ever be able to trust any company with your communications, even if you are a law-abiding citizen.
On February 16, a US judge ordered Apple to create a way to access information (a “backdoor”) on an iPhone that was used by one of the perpetrators of the deadly attacks in San Bernardino last December. Law enforcement officials believe the phone could contain valuable intelligence about the attack. However, officials cannot access the data because it is encrypted, and neither can Apple without the user’s passcode. Officials cannot guess the passcode repeatedly because the phone’s security protections will delete all data after too many failed attempts.
What makes this case unique and unprecedented is what Apple is being asked by the court: write new software to override the security measures on the iPhone and trick the phone into installing it. This is not the equivalent of court order for data stored on a phone. Instead, Apple would be required to create malware to enable the government to hack into Apple’s own product. That software, even if it is only used by the government for this phone, will be available to enable hacking of every phone of this model. That raises the risk that the malware might be disseminated, hacked, copied, or recreated to break into encrypted iPhones in any future investigation.
But even if the software is used only once, it creates the precedent that any government – even highly repressive ones – can force digital tech companies to create a backdoor to their products. With Apple’s expansion strategy focused largely outside the US, especially in China, this case comes at a dangerous time. It is no wonder that Apple released an open letter stating it will oppose this order as a threat to the security of all its users. And once the precedent is set, there is also nothing that would stop such an order from applying other software or device makers beyond Apple, from other smartphones to secured chat applications, to write or re-write code on behalf of law enforcement.
No one would deny that investigating the San Bernardino attacks is a national security priority. But it is difficult to argue that it is the only national security priority, overriding the national interest in cybersecurity generally. Make no mistake: the US’s approach to encryption will help set the rules of the road worldwide. If this precedent is followed, it could roll back technology gains that protect the cybersecurity of people worldwide who have no connection to terrorism.
Cynthia M. Wong is Senior Researcher, Internet and Human Rights