If you’re not following the current battle between Apple and the FBI, you probably should be. Long story short, the FBI wants access to the iPhone belonging to one of the deceased shooters from the San Bernardino incident, and they’ve secured a court order from the United States District Court of California to this effect.
This particular phone utilizes a security feature that will wipe its data after 10 unsuccessful attempts at the password. The FBI wants Apple to create a backdoor to allow them to brute force their way into the phone.
Apple responded with an “important letter to our customers” penned by Apple CEO Tim Cook, and linked to it directly from their front page.
Cook writes (emphasis mine):
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
In fact, other high tech firms, including Apple competitors Google and Microsoft, have backed Apple’s position on the matter.
So what’s the big deal? I’m glad you’ll let me pretend you asked.
This isn’t so much about Apple helping the government solve what was a tragic mass shooting. This is about the government asking a company to write brand new software to create new features that circumvent the very security some of the most brilliant engineers on earth have created.
This is software the government says will only be used once, to access a single phone, and to never be used again.
Despite governmental rhetoric, the issue here is precedent, and precedent is at the heart of the justice system we value in the West. Every day, court cases are won and lost based on precedent set in previous cases. By accommodating the order to essentially write a back-door hack into their own product, the government will be able to successfully argue the same in the future, pointing to this precedent.
If Apple were to comply, they would not be writing a back-door into an iPhone; they’d be writing a back door into all iPhones.
Even if you did trust the government’s future motivations, governments fall victim to security breaches every day. The amount of and ease with which personal information is being stolen is alarming.
Technological security is not like legislation passed by government. Legislative loopholes can be fixed. Loopholes in high-tech security systems will exist forever.
Apple recognizes this, and they are standing up for not just their customers, but the customers of their competition as well. Apple is defending the right to offer secure hardware and software to protect consumers’ personal data.
And as a Salesforce architect, here’s a chilling perspective: Such a precedent would also affect SaaS.
I’m a huge SaaS fan because I don’t want to have to worry about things like security, databases, hardware, etc. Salesforce employs more people to keep their systems secure than many companies have employees.
A big part of SaaS is multitenancy. If a SaaS provider were to receive an order to allow the government access to the data of one of their clients, the government would potentially be gaining access to the data of every client who’s data is hosted on the same instance.
Like the Apple situation where giving access to a single iPhone would essentially give access to every iPhone, giving access to one SaaS client would essentially give access to every client.
This is not acceptable.
Notwithstanding the reasonable arguments in favour of the order from the United States District Court of California, the entire debate really comes down to the final sentences in Cook’s email
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
It’s kind of amazing when you think about it -A hightech company taking the strongest stand on the right side of a data privacy issue is certainly an unlikely situation.