It may be hard to imagine but there are probably moments when Apple CEO Tim Cook and FBI Director Jim Comey probably have the same fervent wish: Would someone – anyone – please figure out how to hack into Syed Rizwan Farook’s darn iPhone.
Both would likely take up John McAfee on his offer to decrypt the San Bernardino shooter's phone if anyone understood how social engineering could be used to break into a dead man’s iPhone.
In the short term, it would solve both their problems if a third-party forensics company started selling law enforcement a tool that could access data on iPhones. I’ve written before about lawful hacking as a potential solution to the standoff between law enforcement and the tech companies. It’s a messy solution that pits US companies against the government but it may be the best answer among a lot of bad ones.
The problem with lawful hacking as a solution may turn out to be that Apple and other companies are actually starting to figure out cybersecurity. With all the gloom and doom in cybersecurity marketing, it’s almost hard to believe that any computing device in the world can’t be easily accessed by your average high school kid in a basement. Yet, in almost a year since Apple introduced iOS 9, nothing has hit the market.
It's not for lack of demand. There are, at last count 94 million iPhones in the US alone and more than 12,000 law enforcement agencies. That’s a nice market that plenty of companies would love to tap into. The Russian cybersecurity firm Elcomsoft used to do brisk business selling a forensic toolkit for iOS at $1,500 a pop. Unfortunately, for them at least, their toolkit won’t work on any iPhone running the current operating system.
The FBI has come up with a technically plausible path by which Apple could retrieve the data on the phone. And security researchers have pointed out ways in which Apple could block that path in future updates – for instance by requiring a passcode to update the iOS software. The long-held belief that offense always wins and defense always loses in cybersecurity has been turned on its head.
Privacy groups arguing against the FBI's push to access encrypted data on phones are largely relying on an argument that, while encryption may make certain kinds of data inaccessible, the rest of the cyberecosystem remains so insecure that there are more opportunities than ever for surveillance. The Internet of Things will only increase these opportunities as our homes and our lives are filled with dozens of devices recording our every word and move with little to no security.
The current fight over the iPhone offers a glimmer of hope that that dystopian future where privacy is dead does not have to become a reality. Spying and crime may both become harder, not easier, in our digital future.
Apple has shown us something important with its smartphone: Smart homes and cars and offices do not have to be the building blocks of the surveillance state or an easy path to blackmail, extortion, and unauthorized fund transfers.
Eventually, if cloud service providers follow smartphone makers and redesign their systems to have security as strong as Apple's phones, and if software makers quickly find a patch vulnerabilities, and if consumers push back on industry until products are actually secure, we we might just end up in a situation where the so-called "golden age of surveillance" is over.
That outcome would be a good thing for our society. But there's a potential downside, too. It would also mean that we might truly have to grapple with the implications of terrorists, child molesters, and criminals also being beyond the reach of law enforcement.
Robert Knake is senior fellow for cyberpolicy at the Council on Foreign Relations. Follow him on Twitter @robknake. This piece was originally published on Net Politics, a blog by the Council on Foreign Relations.