Mar 30, 2016
Privacy advocates are warning that if the FBI does not let Apple know how it hacked into the San Bernardino shooter's iPhone, not only would the government be going against its own policy on such matters, it will be putting people's "lives at risk."
On Monday, the FBI backed down from its controversial legal battle to force Apple to develop a backdoor entry into the locked device of Syed Rizwan Farook--instead, breaking into the phone on its own, with the help of Israeli firm Cellebrite.
Apple, along with numerous privacy and rights advocates, argued that the creation of such a tool would open a "Pandora's box," rendering all user-set security features moot.
That box is now breached.
Citing forensics expert Jonathan Zdziarski, two digital rights specialists wrote Tuesday that the creation of an iPhone backdoor is akin to "'a bomb on a leash'; a leash that can be undone, legally or otherwise."
With the emergence of the third-party hack, Julia Powles and Enrique Chaparro say, we now "have a new danger: a classified bomb held by the FBI and unknown third-party hackers--but not by Apple, the one party capable of defusing it."
Federal officials "have declined to specify the procedure used to open the iPhone," the New York Timesreports, while at the same time Apple "cannot obtain the device to reverse-engineer the problem, the way it would in other hacking situations."
Fight for the Future, a digital and privacy rights group which helped lead opposition to the FBI case, issued a statement Wednesday arguing that if U.S. officials "really care about public safety, they must disclose the vulnerability they used to Apple to prevent criminals, hackers, and terrorists from exploiting the same security flaw and using it to do harm."
The statement continues:
Encryption protects our hospitals, airports, power plants, and water treatment facilities. Sensitive information about critical infrastructure is stored on phones, computers, and in the cloud. The only thing preventing it from falling into the wrong hands is strong security technology.
...And it goes without saying that hackers, other governments, and those wishing to exploit this security flaw to do harm to the public are already hard at work trying to figure it out. Worse, the FBI has a terrible track record of protecting it's own data. Just recently they leaked personal information about more than 20,000 FBI agents. They're clearly not capable of keeping this exploit from falling into the wrong hands.
At the same time, as Guardian columnist and Freedom of the Press Foundation co-founder Trevor Timm pointed out on Tuesday, the government is continuing to pursue similar, albeit lower-profile, legal fights. According to the American Civil Liberties Union, there are at least 63 similar cases pending across the country.
As Common Dreams previously reported, this case has never been about "one phone," but rather about setting a judicial precedent.
Timm references a Justice Department statement issued Monday, in which the agency stated it will continue to "pursue all available options [to ensure that law enforcement can obtain crucial digital information] including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors."
"'Pursue all available options' they will," Timm writes:
And their efforts will likely make the entire process even less democratic than it already is. Instead of attempting to ask Congress for a bill to ban the implementation of end-to-end encryption, which they probably know is a non-starter given public resistance, they may now be incentivized to take their fight even further into the shadows, using government secrecy to obscure their actions from the public...
Don't be surprised if justice department instead attempts to keep future cases sealed from all but Apple's lawyers, denying the public the right to even know that court battles are going on for as long as possible. Or perhaps they'll go to the ultra-secret Foreign Intelligence Surveillance court and demand the same thing, where they're even more likely to be able to argue with no opposing side present and will all but ensure the public won't find out what happened for years.
Advocates, including the Electronic Frontier Foundation, are pointing to the U.S. government's official policy, known as the the Vulnerabilities Equities Process (VEP), for determining when to disclose a security vulnerability--such as the one Cellebrite supposedly just cracked.
"As a panel of experts hand-picked by the White House recognized, any decision to withhold a security vulnerability for intelligence or law enforcement purposes leaves ordinary users at risk from malicious third parties who also may use the vulnerability," the digital rights group stated on Tuesday.
"If the FBI used a vulnerability to get into the iPhone in the San Bernardino case, the VEP must apply," EFF continues, "meaning that there should be a very strong bias in favor of informing Apple of the vulnerability. That would allow Apple to fix the flaw and protect the security of all its users."
Join Us: News for people demanding a better world
Common Dreams is powered by optimists who believe in the power of informed and engaged citizens to ignite and enact change to make the world a better place. We're hundreds of thousands strong, but every single supporter makes the difference. Your contribution supports this bold media model—free, independent, and dedicated to reporting the facts every day. Stand with us in the fight for economic equality, social justice, human rights, and a more sustainable future. As a people-powered nonprofit news outlet, we cover the issues the corporate media never will. |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Lauren McCauley
Lauren McCauley is a former senior editor for Common Dreams covering national and international politics and progressive news. She is now the Editor of Maine Morning Star. Lauren also helped produce a number of documentary films, including the award-winning Soundtrack for a Revolution and The Hollywood Complex, as well as one currently in production about civil rights icon James Meredith. Her writing has been featured on Newsweek, BillMoyers.com, TruthDig, Truthout, In These Times, and Extra! the newsletter of Fairness and Accuracy in Reporting. She currently lives in Kennebunk, Maine with her husband, two children, a dog, and several chickens.
Privacy advocates are warning that if the FBI does not let Apple know how it hacked into the San Bernardino shooter's iPhone, not only would the government be going against its own policy on such matters, it will be putting people's "lives at risk."
On Monday, the FBI backed down from its controversial legal battle to force Apple to develop a backdoor entry into the locked device of Syed Rizwan Farook--instead, breaking into the phone on its own, with the help of Israeli firm Cellebrite.
Apple, along with numerous privacy and rights advocates, argued that the creation of such a tool would open a "Pandora's box," rendering all user-set security features moot.
That box is now breached.
Citing forensics expert Jonathan Zdziarski, two digital rights specialists wrote Tuesday that the creation of an iPhone backdoor is akin to "'a bomb on a leash'; a leash that can be undone, legally or otherwise."
With the emergence of the third-party hack, Julia Powles and Enrique Chaparro say, we now "have a new danger: a classified bomb held by the FBI and unknown third-party hackers--but not by Apple, the one party capable of defusing it."
Federal officials "have declined to specify the procedure used to open the iPhone," the New York Timesreports, while at the same time Apple "cannot obtain the device to reverse-engineer the problem, the way it would in other hacking situations."
Fight for the Future, a digital and privacy rights group which helped lead opposition to the FBI case, issued a statement Wednesday arguing that if U.S. officials "really care about public safety, they must disclose the vulnerability they used to Apple to prevent criminals, hackers, and terrorists from exploiting the same security flaw and using it to do harm."
The statement continues:
Encryption protects our hospitals, airports, power plants, and water treatment facilities. Sensitive information about critical infrastructure is stored on phones, computers, and in the cloud. The only thing preventing it from falling into the wrong hands is strong security technology.
...And it goes without saying that hackers, other governments, and those wishing to exploit this security flaw to do harm to the public are already hard at work trying to figure it out. Worse, the FBI has a terrible track record of protecting it's own data. Just recently they leaked personal information about more than 20,000 FBI agents. They're clearly not capable of keeping this exploit from falling into the wrong hands.
At the same time, as Guardian columnist and Freedom of the Press Foundation co-founder Trevor Timm pointed out on Tuesday, the government is continuing to pursue similar, albeit lower-profile, legal fights. According to the American Civil Liberties Union, there are at least 63 similar cases pending across the country.
As Common Dreams previously reported, this case has never been about "one phone," but rather about setting a judicial precedent.
Timm references a Justice Department statement issued Monday, in which the agency stated it will continue to "pursue all available options [to ensure that law enforcement can obtain crucial digital information] including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors."
"'Pursue all available options' they will," Timm writes:
And their efforts will likely make the entire process even less democratic than it already is. Instead of attempting to ask Congress for a bill to ban the implementation of end-to-end encryption, which they probably know is a non-starter given public resistance, they may now be incentivized to take their fight even further into the shadows, using government secrecy to obscure their actions from the public...
Don't be surprised if justice department instead attempts to keep future cases sealed from all but Apple's lawyers, denying the public the right to even know that court battles are going on for as long as possible. Or perhaps they'll go to the ultra-secret Foreign Intelligence Surveillance court and demand the same thing, where they're even more likely to be able to argue with no opposing side present and will all but ensure the public won't find out what happened for years.
Advocates, including the Electronic Frontier Foundation, are pointing to the U.S. government's official policy, known as the the Vulnerabilities Equities Process (VEP), for determining when to disclose a security vulnerability--such as the one Cellebrite supposedly just cracked.
"As a panel of experts hand-picked by the White House recognized, any decision to withhold a security vulnerability for intelligence or law enforcement purposes leaves ordinary users at risk from malicious third parties who also may use the vulnerability," the digital rights group stated on Tuesday.
"If the FBI used a vulnerability to get into the iPhone in the San Bernardino case, the VEP must apply," EFF continues, "meaning that there should be a very strong bias in favor of informing Apple of the vulnerability. That would allow Apple to fix the flaw and protect the security of all its users."
Lauren McCauley
Lauren McCauley is a former senior editor for Common Dreams covering national and international politics and progressive news. She is now the Editor of Maine Morning Star. Lauren also helped produce a number of documentary films, including the award-winning Soundtrack for a Revolution and The Hollywood Complex, as well as one currently in production about civil rights icon James Meredith. Her writing has been featured on Newsweek, BillMoyers.com, TruthDig, Truthout, In These Times, and Extra! the newsletter of Fairness and Accuracy in Reporting. She currently lives in Kennebunk, Maine with her husband, two children, a dog, and several chickens.
Privacy advocates are warning that if the FBI does not let Apple know how it hacked into the San Bernardino shooter's iPhone, not only would the government be going against its own policy on such matters, it will be putting people's "lives at risk."
On Monday, the FBI backed down from its controversial legal battle to force Apple to develop a backdoor entry into the locked device of Syed Rizwan Farook--instead, breaking into the phone on its own, with the help of Israeli firm Cellebrite.
Apple, along with numerous privacy and rights advocates, argued that the creation of such a tool would open a "Pandora's box," rendering all user-set security features moot.
That box is now breached.
Citing forensics expert Jonathan Zdziarski, two digital rights specialists wrote Tuesday that the creation of an iPhone backdoor is akin to "'a bomb on a leash'; a leash that can be undone, legally or otherwise."
With the emergence of the third-party hack, Julia Powles and Enrique Chaparro say, we now "have a new danger: a classified bomb held by the FBI and unknown third-party hackers--but not by Apple, the one party capable of defusing it."
Federal officials "have declined to specify the procedure used to open the iPhone," the New York Timesreports, while at the same time Apple "cannot obtain the device to reverse-engineer the problem, the way it would in other hacking situations."
Fight for the Future, a digital and privacy rights group which helped lead opposition to the FBI case, issued a statement Wednesday arguing that if U.S. officials "really care about public safety, they must disclose the vulnerability they used to Apple to prevent criminals, hackers, and terrorists from exploiting the same security flaw and using it to do harm."
The statement continues:
Encryption protects our hospitals, airports, power plants, and water treatment facilities. Sensitive information about critical infrastructure is stored on phones, computers, and in the cloud. The only thing preventing it from falling into the wrong hands is strong security technology.
...And it goes without saying that hackers, other governments, and those wishing to exploit this security flaw to do harm to the public are already hard at work trying to figure it out. Worse, the FBI has a terrible track record of protecting it's own data. Just recently they leaked personal information about more than 20,000 FBI agents. They're clearly not capable of keeping this exploit from falling into the wrong hands.
At the same time, as Guardian columnist and Freedom of the Press Foundation co-founder Trevor Timm pointed out on Tuesday, the government is continuing to pursue similar, albeit lower-profile, legal fights. According to the American Civil Liberties Union, there are at least 63 similar cases pending across the country.
As Common Dreams previously reported, this case has never been about "one phone," but rather about setting a judicial precedent.
Timm references a Justice Department statement issued Monday, in which the agency stated it will continue to "pursue all available options [to ensure that law enforcement can obtain crucial digital information] including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors."
"'Pursue all available options' they will," Timm writes:
And their efforts will likely make the entire process even less democratic than it already is. Instead of attempting to ask Congress for a bill to ban the implementation of end-to-end encryption, which they probably know is a non-starter given public resistance, they may now be incentivized to take their fight even further into the shadows, using government secrecy to obscure their actions from the public...
Don't be surprised if justice department instead attempts to keep future cases sealed from all but Apple's lawyers, denying the public the right to even know that court battles are going on for as long as possible. Or perhaps they'll go to the ultra-secret Foreign Intelligence Surveillance court and demand the same thing, where they're even more likely to be able to argue with no opposing side present and will all but ensure the public won't find out what happened for years.
Advocates, including the Electronic Frontier Foundation, are pointing to the U.S. government's official policy, known as the the Vulnerabilities Equities Process (VEP), for determining when to disclose a security vulnerability--such as the one Cellebrite supposedly just cracked.
"As a panel of experts hand-picked by the White House recognized, any decision to withhold a security vulnerability for intelligence or law enforcement purposes leaves ordinary users at risk from malicious third parties who also may use the vulnerability," the digital rights group stated on Tuesday.
"If the FBI used a vulnerability to get into the iPhone in the San Bernardino case, the VEP must apply," EFF continues, "meaning that there should be a very strong bias in favor of informing Apple of the vulnerability. That would allow Apple to fix the flaw and protect the security of all its users."
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.