The stakes for ensuring that data remains private have never been higher as Apple and The FBI duke it out over the Cupertino company’s refusal to play ball and disable built-in protections on an iPhone 5C owned by now deceased terrorist. Should the FBI succeed in its legal efforts to force Apple to comply, the ramifications of that decision would be felt across the globe, including Asia.
Data Privacy Asia reached out to some experts for their opinions on exactly how that decision may affect privacy and data security in the region.
How it all started
In order to understand the parameters of the legal battle it’s necessary to first have some background on just why the two parties, the United States Federal Bureau of Investigation and Apple are going toe to toe over this issue.
The FBI is demanding that Apple help it to bypass security features of an iPhone recovered from Syed Rizwan Farook, who, along with his wife, Tashfeen Malik, killed 14 people in December 2015 during a mass shooting.
On Feb. 16, 2016, a federal Judge in California issued an order demanding that Apple assist the FBI in accessing data on that phone, an iPhone 5C running iOS 9. Specifically, the FBI wants Apple to disable built-in protections that lock up or erase the phone when an incorrect passcode is input too many times. With that functionality disabled, the FBI can enter every possible passcode into the phone until it unlocks. This method is named “brute force” hacking.
Tim Cook, the chief executive of Apple, is fighting the order, calling it an “overreach by the US government”, National Security Agency whistle-blower Edward Snowden has called it the “the most important tech case in a decade”, while civil liberties campaigners have accused the US government of using the case to establish a dangerous legal precedent.
According to Chief Research Officer at F-Secure, Mikko Hypponen, who has written for New York Times, Wired and Scientific American told Data Privacy Asia that, in his opinion the “FBI was waiting for a suitable case they could use to twist Apple’s arm, and San Bernadino was a perfect case for them.”
What’s at stake?
The question might be asked ‘who cares?’ Joe Public already seems relatively unconcerned about privacy. We use Facebook, Google and Amazon and happily seem to hand over our data without any qualm. Users of websites can’t be bothered to block tracking cookies and ignore software solutions that would protect the privacy of their email.
As enticing as this argument is, it’s comparing (pardon the pun) Apples with Oranges. There’s a difference between surrendering our right to privacy voluntarily and having it forcefully taken from us by either a company, a hacker or even a government agency.
If that happens it’s a slippery slope towards a state of affairs where the ownership and control of data resides not with the individual but with a third party – who can then use that data in whatever way they see fit.
It’s tempting to ascribe only the noblest of purposes to the FBI’s efforts, however this is not the first time that a government has run roughshod over the idea of privacy. In late September of 2015 the US government took on Microsoft in order to gain access to the contents of a single Hotmail account stored on a Microsoft server in Ireland. This case has not yet been decided in the US Court of Appeals.
The consequences of a ruling in favour of the US government are murky – however it’s safe to say that such a ruling would not be good for privacy. If a government in one jurisdiction can force a multinational which stores data in the cloud to hand over information relating to an account held in another jurisdiction it opens up a Pandora’s Box that will be impossible to close. Once that particular genie is out of the bottle then it will be extremely hard to stop governments across the world from reaching out to foreign jurisdictions to force multinational compliance with domestic rulings.
In the case of Apple vs the FBI, the complainant, in this case the FBI believes the construction of this “backdoor” tool can be done privately, in Apple’s own labs, with unique code that will only allow it to work on Farook’s phone, and the software will never be used again. This is difficult to believe because we know Apple has received many such requests from law enforcement.
There is some recent argument that this is against the 13th amendment of the United States Constitution. To quote: “the 13th Amendment explicitly prevents ‘involuntary servitude’. Neither an individual, nor corporation owned by individuals, can be forced into the service of another unless they have committed a crime. Apple has committed no crime and let’s be unmistakably clear, they have no software that can break the encryption system. For Government to compel Apple to invent and then build something that does not exist is claiming they not only own their labour, but also their intellect.”
I don’t understand how FBI can come to any U.S. company and demand them to write software that does not exist at all.
Mikko Hypponen, CRO at F-Secure
This is a very compelling argument – to force an organisation to work against what for Apple at least is a competitive advantage is going against the ethos of the free market system itself.