Apple, Encryption, and the Future of Digital Security


This week, a U.S. District Court judge ruled that Apple must assist the Federal Bureau of Investigation (FBI) by providing technical assistance to help the Bureau unlock the iPhone used by one of the San Bernardino shooters. While a resolution to this litigation is far off (due to likely appeals), the case has suddenly catapulted the debate over privacy, security, and encryption into the headlines of nearly every major news outlet in the United States and beyond. And though this case is specific to Apple—the manufacturer and licensor of the hardware and embedded software—the ramifications of the final decision in the case may have a profound impact, both in the technology industry and beyond.

While this isn’t the first time that policymakers have grappled with serious questions related to encryption and digital security—just last year, the White House backed away from a proposal seeking “backdoors” into encrypted devices after a multitude of stakeholders spoke out about the dangers of such anti-security measures—it is likely the most difficult case yet involving such issues. Certainly, the FBI has a strong interest in thoroughly investigating terrorist activity and preventing such acts in the future. Technology companies also care deeply about stopping criminal activity, which is why this is such a difficult problem: though the FBI’s request is tailored to investigating a specific terrorist activity, it will ultimately weaken security standards and may lead to serious vulnerabilities that will put countless consumers at risk.

In the past, Apple has cooperated with law enforcement to unlock phones in order to gain access to information, at least when doing so was technologically feasible. This situation is slightly different, as the court order requires Apple to create an entirely new version of Apple’s operating system (OS) to allow the government to circumvent security features that Apple built into its OS to prevent brute force attacks. This software will effectively make brute force attacks on encrypted devices possible—whether it’s the FBI attempting to brute force the phone or anyone else that has access to the software. Though the FBI says it intends to use this modified OS in this situation only, the spate of high-profile hacks and data breaches over the past year (including a breach of sensitive government information) should cast doubt on any such guarantees.

And, while some may argue that Apple’s strong opposition to the FBI’s request in this case demonstrates that any future requests for similar security circumvention activities will be limited to only the most extreme circumstances, that only holds true if the company being tasked with providing access to encrypted information has the resources to mount such a robust legal challenge. The startups that are responsible for so much of the tech sector’s growth have nowhere near the legal resources needed to fight spurious requests for dangerous encryption backdoors. Establishing a precedent that obligates companies to undermine the security measures that keep millions of consumers and their data safe from criminals will only increase the chances that these security circumvention technologies are employed in spurious cases or, worse, fall into the wrong hands.

Law enforcement is fully justified in attempting to do everything possible to prevent future terrorist attacks, just as Apple is fully justified in arguing that what the FBI wants could have serious negative repercussions for the security of its users. But, the security vulnerabilities that could arise by forcing Apple to undermine the strong encryption technologies it has built into its products should make anyone think twice about establishing such a dangerous precedent.