Why the Apple Security Request is Scary (and it’s not why you may think it is)

apple hackIf you haven’t heard yet, Apple has issued a public response to the US Governments request for software that would allow them to circumvent encryption on an iPhone.

The long and short is that after the San Bernadino attack was found to have ISIS ties, the FBI found themselves in possession of the attacker’s iPhone.  They are wanting to go deeper into the device to see what else they may be able to find in it’s internal memory and cache that may have been deleted but reside somewhere within those internal stores.  They have stated that this request is specific to this one device, and that the software patch or special OS would only be used on this phone.

Now in order for a piece of software like this to work, the FBI would have to have the physical device in hand.  It can’t be used to remotely access random devices at will.  However, Apple’s Tim Cook issued a statement that Apple is always willing to assist and complies with subpoenas for information on devices.  They go on to say that in this case, they feel creating a special OS like this that circumvents their encryption and security protocols violates the end user privacy agreements they have with their device owners.  They go on to make an argument as to how a piece of software like this could be misused on any device they may acquire or by someone who happens to get the software in an unauthorized manner.  Their statement is as much an appeal for public support as it is a denial of the governments request.

There is already some buzz about the legal implications of all of this if Apple buckles.  There are also concerns about the precedent that may be set if the government forces Apple to comply through the courts.

I am going to leave the legal, privacy, and potential slippery slope arguments on the misuse of this type of request and software to greater minds than mine.  I’m sure we will see many opinions surfacing on that from the tech space and our AV community as well.

I will just say that I find the US Governments request scary… but not for any of the reasons above.

I am terrified because it seems that the CIA and FBI, our government’s two highest intelligence and law enforcement agencies, don’t have access to someone who can hack an iPhone.  It’s amazing to me that they would need to ask Apple for their help on this.

Imagine World War II and the results of that war if the British Intelligence Agency wasn’t able to hack the Enigma code to gather intelligence.

Shouldn’t the CIA have a better hacker/programmer on staff than Apple?

Here’s an idea.  Go to MIT, find the smartest student in the building and then use the $500,000 you were going to spend on the studies relating how bovine flatulence affects the ozone layer (yes those studies exist), and use it to pay this person to hack the OS.  How’s that?

Or reach out to Anonymous, who after the Paris attacks has pledged to hack the living hell out of ISIS, and ask them to do it for you.

Both of these sound like better options.  Then Apple has nothing to say about the matter, because you didn’t ask them to potentially betray legal agreements and the trust of their millions of customers.

Oh, and a better idea still, is after you get this MIT student and/or hacking group to produce this for you, shut up about it.  Nobody needs to know, especially people thinking privacy laws will protect their illegal and murderous behavior.

The US and British governments went to great lengths during WWII to make it look like many of their successes and preemptive moves against the Germans were pure coincidence or luck, just so they didn’t tip their hand that they were deciphering the code and give Germany a chance to adopt something else.  It’s called strategy.

So yes, I am disturbed and terrified that the US Government has asked Apple for this piece of software, but less for the privacy implications than for the implications about the inability of our intelligence agencies and military today to accomplish the things that literally saved the world 70 years ago.  We talk about how to attract top talent to AV, well I think attracting top talent to champion the cause of national security is exponentially important, and it seems we may not be doing that either.