7 Reasons a Government Backdoor to the iPhone Would Be Catastrophic
You’ve likely caught wind of the fact that the government and Apple are in the midst of an intense legal showdown in what Edward Snowden has called “the most important tech case in a decade.” The battle is over the legality of a court order compelling Apple to write new software — which the company cleverly referred to as GovOS in a court filing today — that disables several security features that the FBI claims are preventing it from accessing the contents of the work phone of one of the shooters in the San Bernardino attack. Apple is resisting the order, and the company’s CEO, Tim Cook, has committed to going all the way up to the Supreme Court if necessary.
"Communications security is critical for the functioning of democracy, and the precedent the government is seeking could do terrible and lasting damage."
Lest there be any doubt, the ACLU is with Apple on this one, as it was in a similar case several months back. The government’s request is not just about this one iPhone — it has far-reaching consequences for every device, for global cybersecurity, and for basic freedoms at home and around the world. Communications security is critical for the functioning of democracy, and the precedent the government is seeking could do terrible and lasting damage.
1. The precedent would undermine some of the most important developments in digital security over the last few decades.
To bypass the iOS security features that are preventing the FBI from accessing the contents of the phone, Apple would need to cryptographically “sign” a new version of iOS before pushing it out to the phone (in the same manner it does whenever iPhone users update the iOS on their phones). The signing step essentially confirms that Apple vouches for the update.
If Apple is forced to sign the new, security-broken GovOS, it would undermine one of the most important developments in digital security in recent years. These days, all tech companies build automatic updates into their products. This is an excellent way to ensure that security flaws are patched up as quickly as companies can discover them and that all of us continue to use secure devices immune from malicious attackers.
But once the government secures a precedent to force a company to vouch for an update that it knows is actually insecure malware, users will stop trusting automatic updates. After all, how would anyone be able to trust an update from Apple when the public knows that the government might be directing the insertion of vulnerabilities into new software, even when it’s signed by Apple? Vulnerabilities will go unfixed, creating an optimal environment for hackers and spies. At a time when even President Obama has recognized cybersecurity to be one of the most significant economic and national security threats we face today, it makes no sense to undermine one of the best online security mechanisms out there.
2. Foreign governments and cybercriminals would rejoice.
The malware that the government wants Apple to write would certainly be used as a mold to break into other iPhones — indeed, law enforcement is lining up in case Apple loses this case. A government-mandated master key to a locked smartphone would be like candy to foreign governments who want to monitor their citizens, and tech companies — who can currently resist such requests by arguing that they simply do not possess the software required to help — won’t be able to refuse to comply with demands abroad if the U.S. governments gets its way in this case. (Keep in mind, also, that most other countries lack the procedural and substantive protections against searches and seizures that our Constitution guarantees.)
"A government-mandated master key to a locked smartphone would be like candy to foreign governments who want to monitor their citizens."
Indeed, a government win in this case would almost surely have a domino effect leading to thousands such requests — not just to Apple, but to all consumer tech companies. If every tech company needs to be ready to write new backdoors into its product, that means the introduction of scores of new vulnerabilities into the world. And the more such backdoors exist, the more malicious actors will focus their efforts on seizing them.
3. The human rights implications are chilling.
Again, it’s not hard to imagine the Chinese government serving Apple with a warrant to hack into the phone of a dissident activist or intellectual. That development would have a devastating impact on democracy and human rights activists and movements worldwide, which depend on secure communications to flourish. Recognizing the importance of encryption to human rights, the U.S. government has spent tens of millions of dollars to equip activists around the world with technologies to allow them to communicate securely. This case could undercut those efforts in one bang of the gavel.
4. With the Internet of Things, the government wouldn’t need your smartphone to spy on you.
If the FBI wins the struggle against Apple, the implications would extend far beyond your phone. The precedent would allow the government to demand backdoor access to any device it thinks might assist it in an investigation. With the proliferation of smart devices that are constantly connected to the Internet, all those warnings about the end of privacy that may have once sounded hyperbolic will have proved prescient. That smart TV, wireless shower speaker, or intelligent oven could be compromised by a manufacturer compelled by the government to monitor you at home.
5. Putting this powerful tool into the hands of law enforcement agencies that have a history of biased policing will compound existing disparities.
We know that there are existing disparities in policing and warrant execution practices. Increased government investigative powers will simply reflect — and likely exacerbate — these disparities. In other words, already overpoliced communities are likely to be the recipients of these new age search warrants, which provide concerning government access to our digital data.
"If the government prevails in the Apple case, it would make for an unprecedented expansion of government overreach — not just into our data, but into our creative agency."
This is particularly concerning because the government has taken the position that once they have access to your phone, they have the authority to look at everything. So, an investigation into a minor drug crime could result in police sifting through emails, text messages, and everything else stored on the phone.
6. In a democracy, companies are not conscripted to work for the government against their will.
Forcing a private company to become an investigative agent for the government is an extreme proposition that wouldn’t stop with this one phone. If the government gets its way in the Apple case, it will get a green light to compel tech companies to work on its behalf whenever it wants help coding its way through the defenses of a given device. There’s a big difference between compelling a company to hand over information already in its possession and compelling a company to serve as a spy for the government. If the government prevails in the Apple case, it would make for an unprecedented expansion of government overreach — not just into our data, but into our creative agency.
7. Encryption has been used to communicate for centuries.
Some of American’s highest level security officials, including former NSA Director Michael Hayden and former DHS Secretary Michael Chertoff, have extolled the virtue of encryption in securing our cyberdefenses. They are part of a rich history. As our friends over at EFF have noted, the Founding Fathers of the United States were big fans of encryption, which they recognized was critical to prevent their communications from falling into the wrong hands. Not only did the Founding Fathers use encryption, but they actually developed encryption tools after America was independent — to protect their communications from the government they helped to start.
The bottom line is that for the sake of privacy, data security, and democracy — we should be focused on strengthening our digital defenses, not weakening them. That’s far more important than the data on any one phone.