Tuesday, February 23, 2016

Why Cook is the Apple of Privacy Advocates’ Eye

The battle between civil liberty and privacy on the one hand, and the reach of the law enforcement agencies for the (supposed) benefit of public/national security on the other, is taking interesting turns these days, especially in the digital realm. It is happening in the US right now, but something similar could soon reach Indian shores as well.

The case in point is the Federal Bureau of Investigation (FBI) asking Apple to help it force-access data on the locked iPhone of Syed Rizwan Farook, one of the two perpetrators of last December’s San Bernardino attack in which 14 people were killed (Farook and his accomplice wife were shot dead by the police on the same day; the iPhone in question is in FBI’s possession.) A federal magistrate in California is said to have ordered Apple to write a custom version of the iPhone software that disables key security features and install it on Farook's iPhone in order to foil the encryption, as per a Vox.com report.

Apple has decided to contest the order, citing grave concerns about compromising the security and hence personal data of millions of its customers who trust the iPhone with their sensitive information. In fact CEO Tim Cook has taken the issue to its customers, posting an open letter to them on the Apple website.

“This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake,” writes Cook.

From the way the use of smartphones (not just iPhones but devices based on Android and other OSes) is proliferating around the world, including India, Cook might as well have said “people around the world.” And that is why I chose to post it here on dynamicCIO so that technologists, IT leaders, vendors and other stakeholders in the fast-emerging Indian digital ecosystem could ponder over it and keep their own responses and countermeasures ready when the need arises.

Interestingly, this is happening at a politically charged time here, what with the country in the grips of a fierce debate around freedom of speech, notions of nationalism or anti-nationalism and an allegedly authoritarian regime (which is said to be capable of not only breaching individual privacy—of which there is very little in India in the first place—but also bringing the full force of the machinery at its disposal to undermine any dissenting voices; reminiscent of but not equivalent to the Emergency year).

To return to Apple and FBI, both sides are putting their points across emphatically and logically—even causing a sort of schism in the online community on who is right or wrong in this case.
Says Cook in his letter: “For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”

Cook is highly concerned, and rightly according to several security experts quoted on the Internet in various reports, that once Apple complies with the FBI request to break the encryption on one iPhone, anyone can use that “backdoor” facility to gain unauthorized access to millions of these devices out there.

The FBI seems to understand this though it’s pressing on with its demand; FBI Director James Comey is said to have responded: “We simply want the chance, with a search warrant, to try to guess the terrorist's pass code without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land.” [Source: Los Angeles Times article]

It is not fully clear from most reports (at least not to me, a non-expert in encryption) whether it is technically feasible for Apple to create an exception in the case WITHOUT compromising on the general robustness of the iPhone as far as encryption capabilities are concerned.

Not that Apple was not cooperating with the investigating authorities on the San Bernardino case or other government requests of similar nature. According to a New York Times article, enviously headlined (envious for Sundar Pichai, let’s say) “How Tim Cook, in iPhone Battle, Became a Bulwark for Digital Privacy,” Cook has been tediously cooperating with government requests (not just those from the US guv but globally) for unlocking its smartphones.

The Times writes: “Each data-extraction request was carefully vetted by Apple’s lawyers. Of those deemed legitimate, Apple in recent years required that law enforcement officials physically travel with the gadget to the company’s headquarters, where a trusted Apple engineer would work on the phones inside Faraday bags, which block wireless signals, during the process of data extraction.”

Apparently, Cook has been trying to do the fine balancing act of entertaining government requests and keeping its tight grip on the security features of its product intact but—as the latest (still developing) case reveals, a time has come when the envelope on “government overreach” is pushing the boundaries to an unprecedented, treacherous level.

And so the debate rages on.

Do let me know what you make of it.


(Image courtesy: Apple.com. Curiously, I happened to notice that this photo of Tim Cook is uploaded by someone at Apple under the name cook_hero :)

Note: This blog post first appeared on dynamicCIO.com.


No comments:

Post a Comment