Would you disable a security feature in your product so authorities could access data from a known terrorist?
It’s a hard question, but one to which Apple chief executive Tim Cook is saying a resounding no. The FBI asked Apple to disable a security feature in an iPhone that belonged to one of the shooters in the recent attack in San Bernardino, according to a story in The Washington Post.
Two security experts contacted by EE Times said they agree with Cook.
“I think what Apple is doing is the right thing,” said Bob Hinden, an Internet security pioneer who helped develop one of the first firewalls to protect military networks from what was then called the ARPAnet. “The tradeoff is weakening the ability of everyone’s security versus one particular case,” he said.
Engineers are responsible to protect products. History shows once secrets are unlocked they are hard to protect, said Hinden who currently chairs the Internet Society and works for Check Point Software, but stressed he was expressing his personal opinions.
“This is not just the U.S. but all governments who will want this kind if capability, especially governments who use information to control their citizens,” said Hinden.
“While this is intended for a single phone, the software could be used to open any number of phones and it’s unclear if the software would stay inside Apple,” he said. “The U.S. government itself has a poor track record because not long ago personnel records for almost everyone working for government were taken,” he added.
Bruce Schneier, a veteran security analyst, agreed. “I think Apple’s doing the right thing, they are fighting against a dangerous precedent and fighting for our security -- I hope they win because if they lose, we all lose,” said Schneier who now works for Resilient Systems, a developer of incident response software.
Schneier noted Apple changed iPhone hardware and software in 2014 to close a security hole that let hackers install code to circumvent the need for a user’s password. “The back door existed and Apple closed it, but my fear is Apple may have to open it again…American companies could be forced to offer weak security to their customers,” he said.
One lobbying group called for protests outside Apple stores at 5:30pm local time in on Tuesday, February 23, one week from the date of the court order. They planned to stage a protest outside the Apple store in San Francisco February 17.
“It’s shameful that [the government is] exploiting the tragedy in San Bernardino to push [their] agenda,” said Evan Greer, campaign director at Fight for the Future, a non-profit organization founded in 2011 that has worked on issues such as Net Neutrality.
Protesters gathered outside the Apple store in San Francisco on Feb. 17 to support Apple. (Image: Fight for the Future).
Indeed, the government would have a stronger case if it were in possession of a product from a live suspect believed to be plotting a terrorist act. If asked to intervene in such a case, Hinden said he would stills say no, but “it would certainly be a very difficult decision.”
What would you say?