Let’s hope the FBA really can crack the terrorist’s iPhone

If the FBI can crack the terrorists iPhone it gives Congress more time to come up with a thoughtful decision on encryption backdoors and privacy.

iphone apple fbi passcode

It’s good if the FBI has found a way to crack into the iPhone used by the San Bernardino terrorist for two reasons.

First, the FBI can find out what’s on it. Maybe it’s important to the investigation of the shootings and maybe it’s not, but cracking the phone is the only way to find out.

And second, it’s giving Apple (and the tech industry in general), the FBI (and law enforcement in general), and Congress the breathing room to sort out the issues rationally.

The latter is the more important of the two. Yes, it’s important to wring every bit of evidence out of the terrorism investigation, but it’s one incident. The course being set by the lawsuit between the FBI and Apple could have legal implications far beyond the one case.

While there’s a pretty good argument that information on terrorists’ phones should be accessible, the legal precedent set if the FBI wins against Apple would immediately affect investigations for lesser crimes. At what point would privacy concerns supersede the severity of the crime? Assault? Drug dealing? Burglary? Never?

That kind of decision needs to be made through thorough hearings and public debate. The best forum would be Congress, not the press, which is where most of the discussion has taken place. And then Congress needs to act.

The FBI is relying on a law that was written before mobile phones, email, public key encryption and ISIS existed. The country needs a law that deals directly with privacy as it relates to these factors. Creative interpretations of existing laws that don’t address the specifics of today won’t do.

In the absence of such law the FBI will continue to press for access to encrypted data on a case-by-case basis, and eventually courts will define how old laws apply to the new legal environment.

There’s not going to be an answer that makes everyone happy. The technologists are right when they say that any scheme to decrypt encrypted data must create a weakness in the encryption system that unauthorized persons can exploit.

And they are right when they say that other countries will create their own, similar decryption requirements that may be more onerous and weaken encryption further.

And they are right when they say encryption systems without backdoors will be created outside of the U.S. and used by the most savvy criminals inside the U.S.

And they are right about other important things. Mandated backdoors would make it difficult if not impossible for vendors of encryption products to make and sell their wares internationally. They would put corporate intellectual property, health records, online banking and other business that relies on strong encryption at risk.

Law enforcement makes a compelling case that without backdoors some of the worst criminals and terrorists might go free, and crimes that might have been nipped in the planning stage will be carried out.

If there’s a technology that can fully meet the needs of both sides nobody’s made it public, so there will be a compromise. It likely won’t be what the technology side favors, but it will be a more thoughtful and therefor better outcome than if the Apple v. FBI suit goes forward.

Join the CSO newsletter!

Error: Please check your email address.

More about AppleCreativeFBI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts