Modern field guide to security and privacy

Opinion: Why Apple should build iPhones even it can't unlock

If Apple wants to truly improve security for all of its customers, and stave off future government requests to help unlock iPhones, it should sell products that even it can't break into.

Reuters

In the Apple v. FBI standoff, techies are clearly in Apple's corner. But instead of taking sides, the technology community should work to change the entire debate.

Apple got itself into this mess by building insecure products. That's right, the iPhone isn't actually secure. If it were, Apple wouldn't be able to write any code that could help the FBI unlock the San Bernardino, Calf., shooter's iPhone 5c. The government's request would simply be a nonstarter.

In order to call a product or consumer device secure, even its maker shouldn't be able to break into it. And that means Apple, too.

By waging a legal battle against the FBI, Apple is trying to patch a technical security flaw with a legal defense. And if Apple loses, the FBI will score a victory in its war on encryption. Yet even if Apple wins, the public may ultimately lose.

FBI Director James Comey and the Justice Department are using the San Bernardino terrorist attack in their misguided quest to create some kind of legal access – or backdoor – into encrypted consumer technologies. If the court or Congress eventually go along with the FBI or other national security officials calling for greater ability to decrypt consumer communications (and a court loss for the FBI may cause Congress to act) it'll be a bad day for everyone's digital security. 

But if you're against backdoors, that doesn't mean you should necessarily support Apple.

In fact, Apple has designed products so that backdoors are possible. On the iPhone, for instance, the software that safeguards the passcode input process can be modified via an authorized update from Apple – and that's a critical flaw.

The FBI wants Apple to write an update so that the iPhone won't erase data after 10 unsuccessful passcode guesses, there's no delay between guesses, and guesses can be entered via an input port. That modification would allow the FBI to connect the San Bernardino iPhone to a computer that will try passcodes until it finds one that works. And given the limits in human abilities to memorize a passcode, the possibilities aren't that numerous.  

The courts should not force Apple's engineers to write this kind of program. 

Even so, Apple should have designed its products so that engineers wouldn't be put in this position – and it should quickly make design changes so they won't in the future. 

In touting the security features of iOS 8, Apple claimed that it could not break into an iPhone even if it wanted to. We now know that this claim was untrue. Even if Apple wins its current legal fight over the San Bernardino iPhone, that won't stop other governments – with more oppressive methods than those available to the FBI – from forcing Apple to help them unlock other iPhones.

If there's any good news that's coming out of this standoff over consumer encryption, it's that Apple appears to be moving swiftly toward correcting its mistake. The next version of the iPhone will make the passcode protection mechanism impossible to change. Apple should roll out iPhone 7 as soon as possible.

Anna Lysyanskaya is a professor of computer science at Brown University. Her research area is cryptography, especially privacy-preserving cryptographic protocols. Follow her on Twitter @AnnaLysyanskaya.

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.