Modern field guide to security and privacy

Opinion: The silver lining in the Apple v. FBI showdown

Apple's showdown with the FBI over access to the San Bernardino, Calif., shooter's iPhone might seem like a potential blow to privacy, but it also shows that privacy may not be dead after all.

Carolyn Kaster/AP

It may be hard to imagine but there are probably moments when Apple CEO Tim Cook and FBI Director Jim Comey probably have the same fervent wish: Would someone – anyone – please figure out how to hack into Syed Rizwan Farook’s darn iPhone.

Both would likely take up John McAfee on his offer to decrypt the San Bernardino shooter's phone if anyone understood how social engineering could be used to break into a dead man’s iPhone.

In the short term, it would solve both their problems if a third-party forensics company started selling law enforcement a tool that could access data on iPhones. I’ve written before about lawful hacking as a potential solution to the standoff between law enforcement and the tech companies. It’s a messy solution that pits US companies against the government but it may be the best answer among a lot of bad ones.

The problem with lawful hacking as a solution may turn out to be that Apple and other companies are actually starting to figure out cybersecurity. With all the gloom and doom in cybersecurity marketing, it’s almost hard to believe that any computing device in the world can’t be easily accessed by your average high school kid in a basement. Yet, in almost a year since Apple introduced iOS 9, nothing has hit the market.

It's not for lack of demand. There are, at last count 94 million iPhones in the US alone and more than 12,000 law enforcement agencies. That’s a nice market that plenty of companies would love to tap into. The Russian cybersecurity firm Elcomsoft used to do brisk business selling a forensic toolkit for iOS at $1,500 a pop. Unfortunately, for them at least, their toolkit won’t work on any iPhone running the current operating system.

The FBI has come up with a technically plausible path by which Apple could retrieve the data on the phone. And security researchers have pointed out ways in which Apple could block that path in future updates – for instance by requiring a passcode to update the iOS software. The long-held belief that offense always wins and defense always loses in cybersecurity has been turned on its head.

Privacy groups arguing against the FBI's push to access encrypted data on phones are largely relying on an argument that, while encryption may make certain kinds of data inaccessible, the rest of the cyberecosystem remains so insecure that there are more opportunities than ever for surveillance. The Internet of Things will only increase these opportunities as our homes and our lives are filled with dozens of devices recording our every word and move with little to no security.

The current fight over the iPhone offers a glimmer of hope that that dystopian future where privacy is dead does not have to become a reality. Spying and crime may both become harder, not easier, in our digital future.

Apple has shown us something important with its smartphone: Smart homes and cars and offices do not have to be the building blocks of the surveillance state or an easy path to blackmail, extortion, and unauthorized fund transfers.

Eventually, if cloud service providers follow smartphone makers and redesign their systems to have security as strong as Apple's phones, and if software makers quickly find a patch vulnerabilities, and if consumers push back on industry until products are actually secure, we we might just end up in a situation where the so-called "golden age of surveillance" is over. 

That outcome would be a good thing for our society. But there's a potential downside, too. It would also mean that we might truly have to grapple with the implications of terrorists, child molesters, and criminals also being beyond the reach of law enforcement. 

Robert Knake is senior fellow for cyberpolicy at the Council on Foreign Relations. Follow him on Twitter @robknake. This piece was originally published on Net Politics, a blog by the Council on Foreign Relations.

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.