On the issue of whether Apple should help the FBI crack the San Bernardino shooters/terrorists iPhone, I am on the side of Apple. When I hear “people on the street” talking about this case, they almost always say that Apple should be patriotic and help fight terrorism and crime with the government. These kinds of statements reveal that most “people on the street” don’t understand security technology. And even when I hear or read news pieces on this issue, rarely do the journalists or reporters explain what actually is the real issue with this.
It’s not that Apple is refusing to crack open one iPhone — the “crack” will actually allow any and all iPhones to be opened. Apple has a very good security system built into their phones, and millions of people rely on that good security to keep their personal information protected. If Apple creates a bypass for that security, that security is compromised for everyone. The technology is such that creating a crack for one iPhone, (any iPhone), is essentially creating a crack for every iPhone.
See, this whole thing actually is not simply “cracking a phone” — that is, it is not breaking into the one, single physical iPhone device.
It’s “cracking the phone security system” — that is, it’s breaking into the computer program which locks that one and all iPhone devices.
A company makes a super good physical padlock. No one has been able to pick it — not criminals, not the government, not competing padlock-making companies. Even employees of the company itself can’t pick the lock, because no one person at the company knows exactly how the whole mechanism is created. Each little piece of the lock is designed and created by separate workers, and even the guy who assembles all the pieces into a whole doesn’t know how the individual pieces are made.
Then one day the government wants/needs the company to pick one of their locks. If the company complies, it means they have to get everyone together, compare notes, and create a lock-picking tool for their padlocks. Once that lock-pick tool is created, it can open any of the company-made locks. That’s good for the government because it can now pick the lock they need to open. But it is very, very, very bad for everyone who uses that brand of padlock because there now exists a lock-picking tool for their padlock. What was once an unpickable lock is now totally pickable because the company created the pick. No one’s lock is truly safe anymore, from anyone — government or criminals.
Because we live in and are discussing a digital security system, the above analogy falls far short of the actual danger. In this digital world, the lock-pick tool can easily be copied and multiplied. Hell, even if the actual cracking code (the lock-pick tool) was destroyed*, there now are people who know how to (re)create it. Maybe dozens or hundreds of people, who, even one, could remake the crack, or maybe just pass along the knowledge to someone else.
* Nothing in the digital world is ever truly destroyed.
What if Apple kept a database of everyone’s iDevice password in a “very safe” place? When you buy a new device (phone/tablet/whatever), you told Apple the password you were (ever) going to use. The only way Apple would give away your password is if the government came to them with a proper warrant. Would you feel that your private info stored on your device was safe? Would you, really? Even if you have complete trust in the government — they would never misuse their power to get your password, just think: there exists a database with everyone’s passwords. A database of passwords just like there are databases of credit card info, medical histories, and government secret programs — all things that have been compromised.
If you don’t follow this concept yet, let me try one more (less computery) analogy:
What if there was a law dictating that you have to give the government a copy of your home key? Even if the government was completely flawless and incorruptible, would you feel completely secure knowing that there is a room in the police office where your (and everyone’s) home key was hanging on a hook with your name and address on it? Would you support such a law even for the intent to protect your neighborhood? Would you feel secure and protected when someone else (even the government) has access to your home?