As a lawyer who deals with privacy and security issues related to the Internet of Things, it is clear to me that the federal government’s demand that Apple create a way to hack into a single iPhone is a move that could have dangerous consequences.
The iPhone in question is the one that was used by Syed Farook prior to the December 2015 attack by Syed Farook and Tashfeen Malik on the Inland Regional Center in San Bernardino, Calif, where 14 people were killed and 22 seriously injured. It is certainly understandable that the government would want to access the data on this phone. But it is the method in which the government is asking Apple to get into the phone that causes concern.
The government is asking Apple to create a program that doesn’t currently exist in order to unlock and capture the data from the phone. According to the FBI, Apple’s security mechanisms for the device make it impossible for investigators to get past the lock screen. So they want Apple to build a new tool for bypassing those security mechanism.
Many think this action is justified as necessary to keep us safe. They see no reason why the data on this phone should be protected. But a program that would be able to crack open the phone at issue would also be something that could be used on all phones running on the same operating system.
And once it’s created, it would be virtually impossible to prevent unauthorized access or prohibit inappropriate use. Anything that gets invented the cyber world is at risk. As we have seen time and time again with recurring data breaches of some of the most sophisticated corporations out there, there is always someone cleverer than you are looking for nothing other than a way in. That risk is not limited by geographic borders. There are virtually no borders in cyberspace, and one country’s laws mean little elsewhere in the world.
Other privacy concerns are also raised. What exactly is the government looking for and how exactly will the data be used? Will they look for anyone Syed Farook ever communicated with, and then seek to conduct similar investigations into the devices of those individuals? And further, perhaps extend the scope to include contacts of those contacts? Where would it end?
This will be an interesting battle. The government has a compelling argument that they are doing it for the safety of the people. And Apple is trying to preserve its bottom line, as creating a program that disables their products’ security measures is certainly not going to be good for business.