Why Apple Shouldn’t Be Forced to Build a Backdoor for the Feds
Apple’s refusal to comply with a court order to create a backdoor to the iOS operating system raises the question: what is more important, assisting with a criminal investigation, or protecting the integrity and security of a private company and its customers? Is there such a thing as going too far in the name of protecting the American people?
Magistrate Judge Sheri Pym of the Central District of California utilized the All Writs Act of 1789 to issue the order. The Act states that a court has the ability to do anything that is “necessary and appropriate” in a case to achieve its goals, but according to Fred Jennings, an experienced privacy and technology attorney, a court must consider the burden placed on a third party when issuing such an order.
Apple was quick to announce that they have been happy to comply with the FBI’s investigation of the San Bernardino attackers where possible, and that they have willingly turned over information in their possession that could help. But the sheer magnitude of what Judge Pym is ordering places a great burden on Apple. What the government is asking for does not actually exist. Furthermore, Apple intentionally did not give themselves the ability to access their customers’ private information when designing their product, and it is unwilling to open the Pandora’s box that would be the creation of a backdoor to their operating system in order to access the phone of deceased terrorist Syed Farook.
According to Jennings, the government has used Apple to bypass lock screens, but this is far different. They would essentially have to build a new operating system with the necessary holes in it before they or the government could access the information on a phone. This would require a great deal of manpower to invent something that is currently just theoretical, and would take the engineers working on it away from other projects. At the very least, the government should have to compensate Apple for enforcing what is basically eminent domain on their employees.
Besides the burden of actually creating the backdoor, there is also the burden of suffering a potential loss of goodwill in the marketplace. When a computer company that prides itself on security creates a key that undermines that security, customers may jump ship to one of the many competitors that use operating systems like Android or Windows that are not affected by this order.
But is this burden truly as great as Apple makes it out to be? Is it really such a security liability if Apple creates a backdoor to get into one particular device in cooperation with a government agency? Jennings and a Manhattan-based cybersecurity professional who spoke to LawNewz agree that the answer is yes. Once technology gets out there, it is only a matter of time before it either leaks, or someone else figures out how to use the same technique to recreate it.
And this would not be the first time a technology company took a hit as a result of cooperating with the government. There is currently an investigation into the hacking of Juniper Networks that was the result of a backdoor that was believed to be created at the request of the NSA. So the security risk that this court order could create should not be overlooked or underestimated.
There is also concern of a a slippery slope. If the world sees that Apple has to cave to the U.S. government, what might other countries try to get away with? Even if the U.S. government is correct in ordering Apple to do this in this particular case, other countries may use this example as an excuse to pressure Apple in less worthy scenarios. Apple could be opening themselves up to an additional burden of having to litigate against other countries who may have less worthy intentions.
Yes, getting into Farook’s phone could potentially uncover information that would lead to the discovery and arrests of co-conspirators, and possibly prevent future attacks. It is a noble cause that could save lives, which is why such extreme measures were ordered. But there is a line, and courts have standards by which they must abide. This order amounts to government control that places an undue burden on a private business, and could result in a security breach that could harm more citizens than it aims to protect.