Last week, Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone’s encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it.
From now on, all the phone’s data is protected. It can no longer be accessed by criminals, governments, or rogue employees. Access to it can no longer be demanded by totalitarian governments. A user’s iPhone data is now moresecure.
To hear US law enforcement respond, you’d think Apple’s move heralded an unstoppable crime wave. See, the FBI had been using that vulnerability to get into people’s iPhones. In the words of cyberlaw professor Orin Kerr, “How is the public interest served by a policy that only thwarts lawful search warrants?”
Ah, but that’s the thing: You can’tbuild a backdoor that only the good guys can walk through. Encryption protects against cybercriminals, industrial competitors, the Chinese secret police and the FBI. You’re either vulnerable to eavesdropping by any of them, or you’re secure from eavesdropping from all of them.
Backdoor access built for the good guys is routinely used by the bad guys. In 2005, some unknown group surreptitiously used the lawful-intercept capabilities built into the Greek cell phone system. The same thing happened in Italy in 2006.
WarGames was a prescient movie. The scene above could almost be used today, with authorities complaining about iPhone security.
We have fought this battle many times. Personal security always wins and the authorities find other ways to legally do their business.
All this means is that the authorities can no konger go around the user and seek out third parties to threaten, third parties who seem to have no skin in the game,
But, in the post-Snowden age, this approach has signifiant and detrimental effects on the business models of the third parties. Now they do have skin in the game as countries where they sell their goods become suspicious.
So, Apple takes the very smart path – simply remove itself. The only way for it to win is to not play the game.
Now the FBI and others still have lots of access to data – anything on the cloud or in teleco servers. They just need to get a specific court order to access a smartphone from Apple.
Distributed democracy wins again. For now.