Why Apple's Tim Cook Is Right on Encryption
I predict that if the Justice Department has its way, encrypted information and communication you and most businesses depend on to be safe and secure could someday be hacked by cybercriminals, demanded by law enforcement agents or subpoenaed by a judge. I see one person standing in its way: Apple CEO Tim Cook.
A federal judge ordered the Silicon Valley tech giant to help the FBI unlock an iPhone linked to the San Bernardino terror attack. In an open message to Apple’s customers, Cook characterized the demands as “unprecedented” and “chilling” government overreach that “threatens the security of our customers.” And he’s absolutely right.
In defying the order, Cook has rekindled a firestorm of debate that’s been raging for years. That clash will ultimately come to a head as this case follows an inevitable path through the federal courts and appeals system until it ends up, in all likelihood, on the Supreme Court docket.
Here’s what’s going on. An iPhone or iPad can be set to automatically erase all data after 10 failed login attempts. The FBI wants Apple to disable that protection on a terror suspect’s phone so it can take as many tries as necessary to crack the password without wiping the device clean and losing all the data.
Cook says Apple has no workaround to accomplish that and, if it came up with a backdoor for this device, that same code could be used to crack and unlock user data on any Apple iOS device. And that would forever unleash a Pandora’s box of trouble upon the world.
For one thing, Cook has previously said that, once hackers know there’s a way to unlock Apple’s mobile devices and encrypted applications, they won’t stop until they figure out what it is. I’ve no doubt that’s true.
And if Apple complies with the court order or loses the case, it could set a legal precedent across a broad range of criminal investigations and civil disputes. Never mind the government’s chronic tendency to overreach.
In any case, it would erode our data security and personal freedom.
For the record, I’m not sure I believe that Apple has no way to breach its own security measures and access certain information on its devices. The company has reportedly complied with law enforcement and prosecutors on many occasions in the past.
But in recent years, perhaps in the wake of Edward Snowden’s NSA data mining revelations, the Cupertino company has emerged as a strong advocate for the safety and security of its user’s information.
Now, I wouldn’t be the least bit surprised if Apple’s evolving service business, notably Apple Pay, has provided added incentive to become a brand that users can trust to guard their information. And I’ve no doubt that archrival Google’s business model – giving away software to obtain user information so marketers can target them with contextual ads – has a lot to do with the change in Apple’s positioning.
Whatever its reasons, Apple appears to be pushing back harder against requests from the Obama administration’s DOJ. Either that, or I suppose those law enforcement agencies have become more demanding over time or over this high-profile case. Regardless, talks reportedly broke down, leading to the subpoena and Cook’s defiant stance.
While the media tends to describe the encryption controversy as one of privacy versus security, that mischaracterizes and, to a great extent, trivializes what’s really at stake here.
The more commerce, communicating, sharing, living and working we do on our devices and in the cloud, the more we depend on encryption to keep the information that matters most to us safe and secure. We simply cannot afford to undermine the integrity of what’s quickly becoming our way of life in an increasingly digital world.
An encryption backdoor that provides access for law enforcement will ultimately be exploited, and not just by cybercriminals, either. Legal precedent and the government’s tendency to overreach will also result in the erosion of both our privacy and security with each passing day.
The debate is not about privacy versus security; it’s about privacy and security, both of which depend on the integrity of data encryption.