Re: “Apple vs. FBI on National Security” February 24, 2016
Dear Editor,
I am writing in response to your editorial titled “Apple vs. FBI on National Security” and would like to offer my perspective. I would also like to state that I am not an Apple consumer. My concern has to do with these ancillary implications of Apple complying outright with this court order. According to The Guardian, the FBI’s director’s admitted this case could be used by judges in the future.
I do not think there is any disagreement that the shooting in San Bernardino is a horrible tragedy. However, you sometimes have to ask the hard questions before acting. Does the possibility of terrorism intelligence justify asking a company to deliberately compromise their own security? Will potentially compromising the privacy of a vast number of people be worth the answers that can be provided to the victims?
Although the answer might seem apparent at first glance, the question still has to be asked. It is this process that may very well shed light on implications missed at that first glance. This in fact is exactly what is happening between Apple, the FBI and the Supreme Court.
Currently Apple has filed to have relief from the court order per the seventh guideline included in the orders they received. According to the National District Attorneys Association, “to the extent that Apple believes that compliance with the Order would be unreasonably burdensome, it may make an application to this Court for relief within five business days of receipt of the Order.” According to Apple, their basis for this relief is that providing this solution would “…undermine decades of security advancements…” and “…make our users less safe…” This sets the stage for asking the relevant questions addressing the concerns of all parties.
In your editorial, you suggest that Apple should simply “destroy or secure” the backdoor after being used. Destroying or securing the software is not the only thing they need to worry about. First, the difference between Apple creating a backdoor and an outside agency creating a solution is the difference of a master key being created and a security flaw being exploited respectively. It may appear like a small difference if the solution is destroyed after the fact, but I would like to direct your attention to Social Engineering: The Art of Human Hacking by Christopher Hadnagy. He defines social engineering as “the act of manipulating a person to take an action that may or may not be in the ‘target’s’ best interest. This may include obtaining information, gaining access, or getting the target to take certain action.”
Even if the program itself is gone, the software engineers themselves may very well be at risk of inadvertently releasing this solution to the world. In such a case a security flaw can be patched, but undoing access by a master key would be nearly impossible. More recently, the case between Apple and FBI has been postponed, as it appears that the FBI may have the means to unlock the phone without Apple’s assistance.
— Joseph R. McCann
