When the news broke late last week that the FBI had filed a request with the courts to compel Apple to provide an iPhone backdoor, I had some immediate thoughts. I let those simmer for a while and continued to follow the story on various different sources. After a week of coverage, my thoughts haven’t changed.
Apple is right to fight the order.
I’m not going to focus on the legalities because you can read about them from any number of sources (Daring Fireball has many good links), and it’s important to understand them before taking a position. To me, the bigger question is do we, as citizens of the United States of America, have a right to privacy? Recently passed Justice Scalia, in a 1987 ruling regarding the appropriateness of evidence seizure without probable cause, wrote:
“There is nothing new in the realization that the Constitution sometimes insulates the criminality of a few in order to protect the privacy of us all.”
Our phones are the most personal devices we have. We are asked to trust them with increasingly sensitive information. They are no longer glorified address books, but keepers of financial and health information; location details on ourselves, friends and family; email correspondence; passwords; and more. They are moving toward serving as digital keys for our homes and cars, and controllers for our heating, cooling, lighting and security systems. We need to feel confident in the security of those devices, and the best way to provide that level of confidence is to do exactly what Apple has done—provide a system that even they cannot access. (And they are currently working on making their iCloud backups even more secure and virtually impossible to access.)
If you believe the FBI’s original request, then it would seem that the focus is simply a single phone. Reports over the last week have clearly shown that not to be the case.
To that point, the New York City police commissioner, William J. Bratton, and the Manhattan district attorney, Cyrus R. Vance Jr., criticized Apple after it refused to comply with the court order and said that they currently possessed 175 iPhones that they could not unlock.
Under oath, FBI director Jame Comey also acknowledged that the results of this case will extend far beyond a single device.
In an article for the NYT, Katie Benner and Paul Mozer discussed the international impact.
In China, for example, Apple — like any other foreign company selling smartphones — hands over devices for import checks by Chinese regulators. Apple also maintains server computers in China, but Apple has previously said that Beijing cannot view the data and that the keys to the servers are not stored in China. In practice and according to Chinese law, Beijing typically has access to any data stored in China.
If Apple accedes to American law enforcement demands for opening the iPhone in the San Bernardino case and Beijing asks for a similar tool, it is unlikely Apple would be able to control China’s use of it. Yet if Apple were to refuse Beijing, it would potentially face a battery of penalties.
Several recent cyber attacks have originated from China, including the recent breach at the Office of Personnel Management. If they obtain code that provides them access to an iPhone, why shouldn’t we assume that all iOS devices will be targeted at some point?
(What about Android devices? Less than 35% of them are reported to have encryption enabled even though 97% of them support it.)
Privacy and security are central to future integrations of technology into our lives and the vision of a “connected” world. If we cannot trust that our automated homes, self driving cars, biometric recognition systems, and more cannot be used against us, will we really want them? Should we want them?
I don’t generally get too concerned about what others may characterize as “big brother” behavior. I understand that we must sacrifice some freedoms in the name of public safety. When those sacrifices diminish public safety, we must speak out against them.
This case is not about Apple. It’s not about one iPhone. It’s about the future of digital privacy internationally.
I stand with Apple, and Google, and Microsoft, and Twitter…