The potential consequences of the ongoing legal battle between Apple and the FBI are huge, lawyers say — gravely affecting the security of every computer, smartphone and app available today.
“It’s about all of our software and all of our digital devices,” digital rights lawyer Kevin Bankston told Business Insider in an email, “and if this precedent gets set it will spell digital disaster for the trustworthiness of everyone’s computers and mobile phones.”
On Tuesday, a US judge ordered Apple to assist the FBI in unlocking an iPhone belonging to one of the San Bernadino shooters. The FBI says it needs to investigate the shooters’ potential links to Islamist terror groups.
Apple countered with a furious open letter from its CEO Tim Cook, which argues that doing so will weaken the security of all iPhone users: “The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers.” It says it will challenge the ruling.
First, there are a few important things to note. The court didn’t order Apple to remove its encryption (something it’s very likely unable to do). Instead, it’s demanding it remove a certain security protection from the iPhone’s software that restricts the number of passcodes a user can enter — which would let the FBI “brute-force” the device, trying every possible combination. And some experts believe that Apple does have the technical capability to do this, because the device in question — the iPhone 5c — lacks an extra security protection (the “Secure Enclave”) that newer iPhones have built in.
Some people are arguing that if Apple is ultimately forced to do so, the consequences will be far-reaching.
“What the court is essentially ordering Apple to do is custom-build malware to undermine its own product’s security features, and then cryptographically sign that software so the iPhone will trust it as coming from Apple,” says Kevin Bankston, the director of non-proft New America’s Open Technology Institute.
“If a court can legally compel Apple to do that, then it likely could also legally compel any other software provider to do the same, including compelling the secret installation of malware via automatic updates to your phone or laptop’s operating system or other software.
“In other words, this isn’t just about one iPhone, it’s about all of our software and all of our digital devices, and if this precedent gets set it will spell digital disaster for the trustworthiness of everyone’s computers and mobile phones.”
People will stop trusting updates, Bankston argues, making everyone less safe overall. “Not only would such authority undermine everyone’s ability to trust the security of their digital devices, it could dissuade many users from accepting any software updates at all — even critical security updates — which would leaves them and anyone they interact with that much less cyber-secure.”
If Apple can be ordered to do this, potentially any software vendor could be forced to update any device with malware. This is the fight.
— Kevin Bankston (@KevinBankston) February 17, 2016
Nate Cardozo, a staff attorney at civil liberties group the Electronic Frontier Foundation, says there’s nothing to stop this argument being applied to other platforms. “If the FBI’s argument against Apple succeeds have, nothing prevents them from ordering Moxie to backdoor Signal,” he wrote on Twitter on Wednesday.
Christopher Soghoian, technologist at the ACLU, said the same. “If DOJ get what they want in this Apple case, imagine the surveillance assistance they will be able to force from Internet of Things companies … [The Department of Justice’s] fight w/ Apple is really about using software update mechanisms for surveillance. This is dangerous territory.”
In short: If the FBI wins this fight, it will set a precedent to force companies to introduce vulnerabilities in their software — making every tech product less safe.