The FBI’s attempt to force Apple to weaken the security of the iPhone used by the San Bernardino attackers has implications for all of us.
Despite the assurances of FBI Director James Comey, this isn’t just about one iPhone. Instead, the case — should it go the government’s way — threatens to undermine the security of all kinds of devices, software and services.
Tech Files columnist Troy Wolverton spoke with computer security experts about why the case matters to everyday citizens.
Q Why is Apple objecting to the proposed court order that it help the government unlock the San Bernardino iPhone?
A Apple has legal, business and, arguably, moral objections to the demand. But its objection that is most pertinent to everyday consumers revolves around the security of our devices.
Apple argues that weakening the security of the San Bernardino phone would end up weakening the security of all iOS devices.
Q But I thought this was just about this one phone. Why can’t Apple limit its tinkering to this one device?
A Because that’s not the way iOS — or arguably any mass-produced technology product — works. The same code that the government wants installed on the San Bernardino iPhone could be installed on any other iOS device.
Q The government says it would allow Apple to keep the code, and it would only have to use it in a secure facility. Wouldn’t that prevent it from being used elsewhere?
A Almost certainly no. Law enforcement officials have made it clear they hope this case will set a precedent. There are lots of other iPhones they’d like Apple to help them unlock. It’s almost certain that if Apple loses the case, law enforcement officials will try to make the Cupertino company use the special version of iOS to weaken the security protections on those phones.
And there’s a real danger that the code could end up in the wrong hands. Apple and other tech companies constantly are at risk of cyberattacks by criminal hackers and foreign governments, any one of which could compromise its servers and get access to the weakened code. What’s more, law enforcement agencies in countries such as Russia and China could attempt to simply compel Apple to turn over the weakened iOS.
“If they create it, it’s going to get out,” said Bruce Schneier, a computer security expert and a fellow at the Berkman Center for Internet & Society at Harvard Law School.
Q But I have an Android phone. This doesn’t affect me, does it?
A This initial case won’t, because it concerns an iPhone. But it’s only a matter of time before law enforcement officials target other devices, software or services that are protected with encryption, particularly if the FBI wins the San Bernardino case and sets a precedent.
Already the Department of Justice is in a dispute with Facebook-owned WhatsApp over a wiretap order involving messages sent over the service. By default, WhatsApp sends messages with end-to-end encryption, meaning the content of the messages is scrambled for everyone other than their senders and receivers. There’s concern that the government could try to force WhatsApp to either try to break that encryption or help it do so.
Q If I don’t have a smartphone or don’t store anything sensitive on it, why should I care?
A As the WhatsApp dispute indicates, the battle isn’t just about smartphones. It’s also about software and services.
Encryption is widely used to secure data. It’s used to protect your computer from being hacked when you connect to a Wi-Fi hot spot. When you visit your bank’s website, the information being sent back and forth about your bank balance or payments is scrambled so other people can’t read it. Companies that store your health, financial and other information frequently encrypt it to protect their records and your privacy.
The danger of the Apple-FBI case, again, is that it will set a precedent that could eventually force other companies and providers to weaken the security that protects other systems and software.
“It could start with iPhone users, but you could have other people that have other devices, other than iPhones,” said Sophia Cope, a staff attorney with the Electronic Frontier Foundation, a digital rights advocacy group. “There could definitely be a domino effect.”
Q Isn’t there some middle ground between Apple and the government’s positions?
A There really isn’t. There’s no way to weaken security just for the “good guys,” whomever they may be. And the government has made it clear it doesn’t intend to limit the use of this weakness to this one case.
Once you introduce a security vulnerability, you run the risk that it will be exploited by those who have things other than your best interests at heart.
As Schneier puts it, “attacks only get easier. They never get harder. It won’t be the case tomorrow that fewer people will be able to use it.”
Contact Troy Wolverton at 408-840-4285 or twolverton@mercurynews.com. Follow him at www.mercurynews.com/troy-wolverton or Twitter.com/troywolv.
