Fear IPhone Hackers or the FBI? Two Views in One Chat
A federal judge in California ordered Apple to exploit a security weakness for the iPhone to help law enforcement investigate the San Bernardino terrorist attack. The company is refusing to provide a piece of software that would effectively allow federal investigators to bypass the strong security that Apple implemented in 2014. Bloomberg View columnists Eli Lake and Megan McArdle discuss.
Megan McArdle: Hey, Eli. So this order is pretty interesting. Right now, it's impossible to brute-force a passcode by simply trying combination after combination, because there's a feature that will wipe the data after 10 unsuccessful tries. The judge has ordered Apple to create a piece of software that will raise that limit high enough for investigators in the San Bernardino shooting to keep trying until they unlock the iPhone belonging to San Bernardino County, which one of the shooters used.
On the one hand, the Constitution is not a suicide pact. On the other hand, I see several major issues here. The first is that such a back door, once created, is probably not going to stay with the U.S. government. China, for example, is probably going to demand a similar bypass, which could easily be used to persecute dissidents. Second, we have an interest in privacy from our own government, which this damages. And third, they are arguing for this under a very expansive reading of the All Writs Act, a law dating back to 1789. The government's interpretation would represent a very dramatic expansion of its search power, and as citizens, we should all be concerned about that.
I am interested in the thoughts of one of my favorite national security reporters....
Eli Lake: I largely agree with what you just wrote. But I would point out a few things. We are currently having this conversation in a Google Hangout. Even if you have the most secure settings in your Google account, there is still a back door that allows Google to access our conversation so they can tailor better ads for our e-mail and web searches.
I realize that a physical phone is different from an e-mail service. But I do think it's important to bring up the issue of back doors for advertising when we are talking about back doors for law enforcement.
That said, I think the danger here from a cybersecurity perspective is real and it requires a kind of balancing. What's the greater threat? Insecure products that are easily hacked, or the prospect of terrorists using secure products to create dark spaces that impede counterterrorism?
Megan McArdle: That's a good question, and it's hard to answer in any definitive way. Most of us are at far greater risk of having hackers do us damage than we are from terrorism. On the other hand, being dead is rather more harmful than being hacked. Society has never come up with a fully satisfying way of balancing common, lower-level risks against uncommon deadly ones.
That said, we are in many ways at quite high risk of creating a sort of quasi-legal authoritarian state. By this I don't mean that the dark night of fascism (or communism) is about to descend across the land, but
that the government's habit of continually expanding vague laws into vast powers needs to be firmly checked at every turn.
Those who were happy about the timing of Antonin Scalia's death should note that he waged a noble war against vague statutes that allowed the government to construe very broad powers out of ambiguous laws.
Eli Lake: We certainly agree on this point. But I would go one further. I think we have a national interest in empowering the democratic opponents of authoritarian states like Russia, Iran and China. This is slightly different from the lukewarm blather we always hear about the importance of spreading democracy or encouraging reform.
Megan McArdle: I'll agree with you there.
Eli Lake: I think in the long run America's real national interest is in protecting spaces for dissidents and other activists to organize in unfree countries.
Megan McArdle: I love democratic opposition to authoritarian regimes. ☺
Eli Lake: If Apple allows a back door for the FBI, then it will be inevitable that this back door will be available to the Saudis, Iranians, etc....
Hillary used to be very strong on this issue, by the way. But she has since modified her views from when she was secretary of state and she supported the creation of these easy-to-use encrypted communications and web browsing tools.
Megan McArdle: There's a general trend toward people in government becoming fonder of expansive readings of the law, and extremely wide search powers, for law enforcement. And it's easy to see why.
We hold them accountable for results. If there's a terrorist attack, they get blamed. And of course, they know that they're splendid people who would never abuse the powers they need, so they argue forcefully for them.
I used to think that law enforcement abuses were a problem of bad cops or prosecutors. But then I watched Janet Reno pioneer the use of the SWAT team in the child custody dispute, and I decided that this was simply inherent to the job.
Which only makes it more imperative that we watch those folks like hawks.
Angry, paranoid hawks with a well-developed persecution complex.
Eli Lake: This is true, but I wonder sometimes whether we focus too much on the 20th-century model of government threats to our privacy.
I think a greater threat to our privacy these days comes from just bad actors in cyberspace.
Put another way, I think your e-mails and Amazon purchases are more likely to be snooped on by private hackers than by the U.S. government.
Libertarians have not thought as much about this kind of threat.
I acknowledge it's different because a private hacker cannot have you arrested. But the tech-illiterate are more vulnerable.
Megan McArdle: I certainly think there's a great deal of threat out there from private bad actors. As the person responsible for regularly removing malware from my mother's computer, I curse those people and wish them ill.
But there are two key differences, the first of which is that bad cyberspace actors are not likely to come after me with guns, and the second of which is that I don't have much democratic recourse to stopping them.
Eli Lake: Yes. All true.
Megan McArdle: Although to be sure, one of the most disturbing developments on the Internet in the past few years is SWATting, where false complaints are filed to the police, resulting in a SWAT raid on someone's home, as an extension of cyberharassment.
No one has been killed yet, as far as I'm aware, but if this keeps up, it seems inevitable.
But I think we're agreeing too much.
Eli Lake: Well let's get back to the issue at hand: Tim Cook's decision to fight the FBI on what he calls a skeleton key for all the iPhones.
We got our wires a little crossed there. I think there is a real threat of these dark spaces. ISIS and al Qaeda have adopted strategies of semi-inspired attacks. The process of turning a disaffected loser into a walking smart bomb is aided by these digital dark spaces.
But we are kidding ourselves if we think for a minute that if Apple decides to give the FBI a back door to its iPhones, no other company will come along and offer the easy-to-use encryption that Apple now offers.
So the FBI could win the battle and get U.S. companies to comply, but lose the war by opening up a market for foreign companies to provide more secure products.
Megan McArdle: For that matter, you can change your iPhone code to a custom long alphanumeric password that would take eons to break.
I just changed my password to a complex alphanumeric 28-digit password while we sat here. Takes about a minute, and it would take a heck of a long time for law enforcement to brute-force. It's an arms race, and the government will never quite win.
I have been annoyed by people arguing that if Apple allows law enforcement many many attempts at guessing a passcode, it will create a security vulnerability. If the company can make software that bypasses the phone security, then the vulnerability is already there. This is fundamentally different from asking Apple to write a back door into the code.
That said, I'm still against both the back door and the expansion of passcode attempts, because merely admitting that the company could do this is tantamount to inviting both hackers and governments to break in.
I mean, personally, nothing on my phone is worth protecting with a really secure password. Come to think of it, I'm going to change back to my old short passcode.
Eli Lake: Ha!
Megan McArdle: But I can certainly imagine circumstances under which I would want better security. Especially if I were travelling abroad, to unsavory regimes.
Eli Lake: Don't bring your phone abroad.
Megan McArdle: Never. The Chinese government shall NOT have access to my cute dog photos!
Eli Lake: I would end on one more point here. You are correct when you say it's always been an arms race. The difference today, however, is that since Snowden's disclosures, the intelligence community no longer can count on the tech companies to protect the secret of their partnership. This has created an environment where the tech companies and the government are adversarial. This is new. For decades, the NSA had a secret partnership with the telecoms. No more.
Megan McArdle: I would add only that while we need to fight for privacy, from our government and others, we will also have to get used to the idea that we're in an era when it is easier to spy on people than ever.
And not just spying. In many ways, the digital era may mean less freedom, not more. For example, the end of cash is profoundly worrying.
Eli Lake: Yes. It's also easier to use encrypted communications these days as well.
Megan McArdle: Since that's depressing, I will add a gratuitous cute dog photo.
I hope the Chinese government enjoys it.
Eli Lake: OK, that is cute. Now I need to send a cat photo.
Good chatting, Megan!
Megan McArdle: Cheers!
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
To contact the editor responsible for this story:
Philip Gray at firstname.lastname@example.org