Would Apple's "Backdoor" Create More Issues than it Solves?

taken from http://imgur.com/mhYai1M

The decision of whether Apple should be forced to create a system to unlock the phone of the San Bernandino shooter has tremendous implications on the future of the security of our information, and this precedent will be the first step in a series of decisions that will either continue to limit or dangerously expand the exposure of our personal data. Apple’s argument for denying the request, backed by what seems to be a general consensus among tech companies and security experts, is based on the possibility that creating this “backdoor” would essentially be creating a master key that can be used to hack into any iPhone in the future, and the technology would eventually leak to hackers and criminals, sacrificing the security of encrypted personal information everywhere. 

It’s important for the FBI to have the capability to access devices if it leads to solving a crime, especially when it’s related to a large tragic terrorist case. This seems clear cut, although in this case both sides’ arguments are grounded. On one hand, tech companies like Apple are usually cooperative when it comes to assisting law enforcement and this is important as it expands the resources and reach of the investigation. On the other hand, the more often companies design ways to circumvent their own systems, data security experts suggest the more likely it is that criminal and government hackers will figure it out and be able to do the same. So although intentions are good, one could argue a vicious cycle will be created if the request is followed, in which data-based companies are forced to create the tools of their own demise, resulting in more hacker crimes and dissatisfied customers. Security professional Rich Mogull explains such increased exposure and the civil rights implications setting this precedent would entail:

…No legal case applies in a vacuum. If this goes through, if Apple is forced to assist, it will open a floodgate of law enforcement requests. Then what about civil cases? Opening a phone to support a messy divorce and child custody battle? Or what about requests from other nations, especially places like China and the UAE that already forced BlackBerry and others to compromise the security of their customers?

And once the scale of these requests increases, as a security professional I guarantee the tools will leak, the techniques will be exploited by criminals, and our collective security will decline. It really doesn’t matter if it’s the iPhone 5c or 6s. It really doesn’t matter if this is about dead terrorists or a drug dealer. It doesn’t matter what specific circumvention Apple is being asked to create.

Donald Trump also weighed in after Apple’s refusal, siding with the government to say the technology would only be used once in this particular case to “find out what happened and why it happened.” According to legal and security experts, this is simply not the case. Because no precedent currently exists for law enforcement to coerce companies to actually create tools to hack their own security, and due to the likeliness of the techniques created spreading into the wrong hands, the outcome of this situation goes far beyond this one iPhone.

The population is about evenly split in a USA TODAY poll conducted by SurveyMonkey on whether they support the FBI’s request. But if we look at some more recent developments, the FBI’s motives and handling of the investigation thus far have become a little foggy. It turns out engineers from Apple have already been very involved in helping law enforcement access the phone, as they always do, and they are just now being publicly called out and being made to look like their refusal is all a marketing scheme. 

What didn’t come to light during the original request the public saw along with the letter to Apple customers was that a San Bernandino official reset the iPhone’s password in an attempt to access information shortly after the attack, and according to Apple, doing this made the information in the phone impossible to obtain without creating the "backdoor" that sacrifices the security of all devices. It was later revealed the orders to attempt to reset the phone were given to San Bernandino county by the FBI, and Apple suggests if this hadn't happened, they would have had better luck accessing the information using other methods that don’t break down their entire operating system. So it seems the FBI either set this situation up to willingly use this large emotional case to catalyze a favorable legal precedent that might make their jobs easier in the future, or made an early mistake handling the iPhone when it was first retrieved and wanted Apple to tend to their screw-up, or maybe a combination of both. 

So Apple at least deserves some credit for protecting the population’s information instead of immediately being used as a scapegoat to cover the FBI. Not to undermine the importance of law enforcement, this tragedy, and figuring out all the details, but if it will really sacrifice data security for years to come (as experts say it will) in an increasingly data-based country and world, forcing Apple to create this key to all of its encrypted information will likely create more security problems than it solves, inducing more technologically able criminals for law enforcement to deal with. Apple made a socially conscious decision denying the request.