Have the FBI opened a ‘Pandora’s box’ of risks to our data security?
The Apple vs FBI case may be withdrawn, but the aftermath leaves some questions unanswered. It raises questions about who looks after our best interests, how much we can really know about our security and respect for our personal data. It’s an unusual turn of events when a maverick technology company from Silicon Valley claims to uphold the rights of civilians, against the determination of the state.
The story of tech giant Apple and FBI begins in San Bernardino, California. At 11am on Wednesday December 2nd last year the county Department of Health were on an away day, when married couple Syed Farook (a former health department employee) and Tashfeen Malik, broke in and began shooting those present. They kill 14 and wound 22. After this they flee and, in a shootout with the police, are killed.
Why the attack happened, whether it was part of largest terrorist co-ordinated activity is unknown. The FBI have Syed’s phone but were unable to unlock it. They ask Apple to write code to allow them to access the phone. Apple refuses.
Why?
It’s a bold move in America for such a high profile brand to stand in the way of a terrorist investigation, so what grounds did Apple have to debar the FBI?
The ‘Pandora’s Box’ claim
Apple argue that if they wrote this bit of code it would create a vulnerability in iPhone security which would allow anyone to hack the phone. Code doesn’t exist in a vacuum. If you create code allowing an iPhone to be hacked by the FBI, the argument goes, that opportunity won’t be restricted to the FBI, any and all hackers worth their salt will be looking for an inroad into remotely accessing data stored on iPhones via that vulnerability created for the FBI. How real is that threat? Well, to translate a military analogy to a cyberspace one — we are being asked to consider the threat from the ‘unknown unknowns’ of the dark web — we just don’t know, but the scale of the potential threat makes ignoring the risk problematic.
Who’s got our back?
An interesting angle to this case is that it shows that our personal security, our welfare, is not just determined by the state we elect, but also the digital heavyweights (Google, Apple, Facebook) who know so much about us.
We increasingly rely on the tools these companies provide. And these companies know a great deal more about us than, for example, the information we provide on a census return. The internet transcends national legislation and nobody elects the CEOs.
What’s really interesting here, and in light of that, is it the democratically elected state in this case that seems to have less regard for our data, than the tech giant Apple.
“In order to address a security-related issue related to encryption in one case, the authorities risk unlocking a Pandora’s Box that could have extremely damaging implications for the human rights of many millions of people, including their physical and financial security,” Zeid Ra’ad Al Hussein, the U.N. High Commissioner for Human Rights writes.”
The FBI will argue that the threat to National Security warrants hacking the iPhone. But the point they are not engaging on is that if the iPhone is hackable, it is also hackable to terrorists. So, the FBI might get access to Syed’s phone but the implications of that is that sufficiently sophisticated terrorists, hackers and fraudsters would theoretically be able too as well.
I don’t honestly know if Apple is exaggerating its Pandora’s box claim (very likely no one knows). But suppose iPhones were vulnerable, suppose all the data gleaned there could be unlocked — you can see how our ‘physical and financial security’ could very quickly dissolve.
Where does that leave us now?
The FBI have now withdrawn their case against Apple as they have managed to access the phone “using a third party.” The case has gone quiet — the FBI are not collaborating with Apple and giving them the opportunity to address this apparent vulnerability. Has Pandora’s Box been opened?
