Technology law shouldn’t be decided by ignorant, old men who need their grandchildren to help them set up their iPhones.
Following the San Bernardino shootings last December, the Federal Bureau of Investigation (FBI) requested that Apple unlock the iPhone of one of the shooters. Apple refused, citing its commitment to its customers’ privacy. The FBI appealed to court, which sided with the FBI, ordering Apple to unlock the iPhone. Apple refused again and appealed the court order. A hearing is scheduled for March 22.
Meanwhile, debate has raged: who’s right? Apple or the FBI? Notably, many Republican presidential candidates sided with the FBI. Marco Rubio claimed that “Apple doesn’t want to do it because they think it hurts their brand. Well, let me tell you, their brand is not superior to the national security of the United States of America.” Others side with Apple, noting that people need privacy and that compelling Apple to unlock the iPhone could create a dangerous precedent.
There isn’t anything wrong with this debate. However, there are a lot more arguments in favor of Apple that have been ignored or glossed over.
We should be asking ourselves what we want security from. There is nothing wrong with wanting security from hostile people with assault rifles, but as Sun Tzu noted in the widely-used and acclaimed The Art of War, it is difficult to secure oneself against multiple types of threats; strengthening against one weakens against another. Many have noted that increasing the government’s ability to access citizens’ private data—especially in the form of “backdoors” written into the code of every device—would make devices inherently less secure. What the FBI is requesting is in many ways a backdoor. Imagine the police mandating the keeping of a door to your house unlocked so they can use it; burglars might use it, too. While such weakened encryption would certainly irk privacy activists and possibly allow the the FBI to prevent future shootings, it would open Americans up to even more malevolent hacking than is already going on.
It is no secret that many American computers are already woefully insecure. A report authored by the security firm McAfee and the Center for Strategic and International Studies concluded that cyber-espionage costs the American economy roughly $100 billion per year, roughly 0.5 percent of the GDP. Another report by another security company, Mandiant, implicated China in hacking America’s defence industry, energy companies, blueprints for American infrastructure, and the email systems of American officials and journalists. It also traced many attacks to the area around a People’s Liberation Army building in Shanghai. China shamelessly denies the accusations, even after building a fighter jet strikingly similar to America’s new F-35 after being accused of hacking Lockheed Martin, the F-35’s manufacturer. If this all seems rather distant and unimportant, consider that many of IHS’s most computer-savvy students have nearly definite proof that it is not terribly difficult to access any supposedly secure password and username typed into computers in the tech labs months earlier, without authorization.
While companies are starting to make progress and become more secure, more needs to be done. It is because we can make computers fairly secure that we can use them for so much good. Apple allows iPhone users to put a passcode on their iPhones for this very reason; otherwise, using them for anything that mattered would to be too risky, and few customers would be able to take advantage of the immense benefits of being able to read email or take calls on the fly.
One of the things that makes newer iPhones secure is that Apple isn’t able to unlock them without the same password that users use; they don’t know the password. To fully understand why this is, you need to get to the root of how encryption works. Think back to the last time you forgot your password online. If the website you were using was at all reputable, you almost certainly weren’t sent back your old password. Rather, you would be asked to make a new one. This is because websites never get to know what your password is. When you type in a password online, the website creates what’s called a “hash” before storing or checking it. This is a complex mathematical process, using large prime numbers, that turns text into a scrambled alphanumeric code. A good hashing algorithm is set up so that every input has a unique output, and a small variation in input leads to a tremendous change in output. Knowing a hash can’t enable you to know a password, so even if a hacker broke into a company’s database, the password information would be useless. Of course, the process is a bit more complicated than that (for instance, most websites will add in stuff before sending the password through the algorithm—this is called “salting” the hash), but the basic idea is the same. As a result of similar encryption on the iPhone, the only way to unlock the device would be to install a backdoor on it, which Apple’s CEO, Tim Cook, noted would have staggering repercussions:
In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks—from restaurants and banks to stores and homes.
It would also take Apple weeks to write such a backdoor. And once this piece of software is out there, there’s nothing that can be done to ensure it stays in the right hands. If the stupid picture of you in a dress is stuck on instagram forever (this is 100 percent a hypothetical example), you can imagine it would be difficult for Apple or the government to protect one of the most valuable security hacks in the history of computers. Today, people use their iPhones to store secret proprietary information for their businesses, as well as for using a credit card via Apple Pay. Access to credit cards and other valuable data from the over 40 million iPhone users in the U.S. alone would make the software priceless, and when information this valuable and publicized makes its way out there, it will be a free-for-all of hackers trying to get a slice of Apple’s data.
Whether or not you trust the American government to not abuse such a power to oppress people, there are certainly people and entities that would abuse it and steal corporate secrets and people’s identities. It is likely that the ability to unlock iPhones would remain secure, but there is a possibility of it getting out. iPhones are secure as they are, which is why they are typically not infected by malware. Changing that would reverse much of the progress that is being made to undo America’s cyber-insecurity.
Thus, we are back to the question Sun Tzu makes us think of: security from what? How do we weigh increasing the FBI’s ability to stop criminals against our civil liberties and our economy? We should weigh the importance of each type of security: In America since 9/11, statistics show that toddlers are better at killing Americans than Islamic terrorists (though not all terrorists combined). We ought to worry more about our economy and civil liberties than unlocking the iPhones of terrorists.
Worse, the legal defense used by the FBI is so antiquated that it is utterly ridiculous. Their main legal standing comes from the All Writs Act of 1789. As in, the 1789 from over 227 years ago. This is not to dismiss the law simply for being old; Sun Tzu wrote The Art of War thousands of years ago and the book is still recommended reading in sections of the US military, notably the CIA. The problem is that in that time period, legal scholars weren’t even able to begin to comprehend to the depths, complexities, and nuances of modern smartphones, just as the writers of the Second Amendment probably didn’t foresee anything more than slow-to-reload muskets; certainly not AK-47s. Imagine seeking relationship advice from a 7-year old (“You two want to kiss? Ewww gross!”) and then standing by it over many better-informed objections.
Additionally, the civil liberties versus security debate is often limited in scope to America. It shouldn’t be; in fact it is far more relevant to other countries. Millions of people use iPhones in places that are roughly as secure as America and far more repressive, where civil liberties are far more important because they are so undervalued by the government. Russia and China (to name the most prominent culprits) do not need greater power to arrest dissidents and human-rights activists. It would be a great offense for the FBI to help repress civil liberties in more authoritarian countries.
Lastly, in the San Bernardino case, police experts believe that the iPhone in question probably has nothing of value on it.