Observing Thinking

Observing Thinking
Observing Thinking

Tuesday, May 10, 2016

INDIVIDUAL vs SOCIETAL Security: Deja Vu all over Again

You may have thought that the lawsuit by the FBI against Apple was amicablly settled out of court on March 21 but if you thought that you would be wrong. For those of us with less than adequate memories, here is a synopsis of the events leading up to lawsuit.

The FBI wanted to examine the Apple iPhone taken from the San Bernardino terrorist shooter in the hope it would reveal connections to other terrorists. Unfortunately the FBI bungled the attempt to hack into the phone which prevented anyone from logging into it let alone get information from it --- except perhaps the Apple Corporation who made the phone and theoretically could restore it to its prior state so the FBI could get on with its investigation.
Now comes the tricky technical part. In order to restore the phone, Apple software engineers must create a Trojan Horse virus which appears to be a valid update to the phone’s Operating System but in fact will launch an attack on it, disabling the code that is blocking the FBI and letting them have another crack at getting to its contact list. This process is called “white-hat” hacking (as opposed to “black-hat” which is what the baddies use).

All the FBI says that it wants is the phone back in the same condition it was before the shooter was killed and his phone captured. Then they can get back to work protecting the Homeland. “Not so fast!”, replies Apple CEO Tim Cook. If we do that and the code leaks out then everyone who owns an iPhone (an estimated 64 million people in the US alone as of 2014) will be at risk from malicious hackers --- not only in the US but in other nations) and tt will be a HUGE invasion of privacy and the world will never be the same. So the FBI responds, “if you won’t do what we want you to do voluntarily, we will have the courts issue an injunction forcing you to do so.” And they did and the blogosphere exploded with claims and counterclaims about what was the Right Thing to Do.

Privacy advocates claimed that this was like the government getting a search warrant to enter a home only to encounter a locked safe for which it had no permission to open so it asks the manufacturer of the safe to provide it with a master key and the manufacturer responds that it has no assurance that this master will be safe and not copied thus violating the security of their product and consequently their business trade will suffer.

A CBS poll of the US general public revealed that 50% of the respondents supported the FBI's position, and 45% supported Apple's.


The case never made it to court as the FBI blinked and ostensibly found a white-hat hacker to dig out the information they wanted to examine. (According to the Wall Street Journal, “FBI Paid More Than $1 Million to Hack San Bernardino iPhone”)

So, who’s right? I’ll tell you. I don’t know.

What I do know is that this is not the end but the beginning of the tortuous process of sussing out several thorny issues. One issue is that we have consciously designed a system of jurisprudence that meant to be slow and deliberate so that we sacrifice speed for for accuracy --- for getting it right. However, technology turns that philosophy on its head; we not only want our gadgets to run fast but we want them be created fast as well --- if it’s not right, we’ll make it right in the next version.

Also in our law system, precedents are important and you can be sure that law enforcement agencies will continue to press this issue because, for them, security will usually trump privacy

And finally, beyond smartphones, is there a reasonable expectation of privacy on Internet or not? When I post to Facebook, certainly not; when I send email, I certainly do expect privacy. T
his is not yet settled law and there is an ongoing conversation on this issue (on the Internet of course --- search on the term, “reasonable expectation of privacy”)

No comments:

Post a Comment

Search This Blog