There’s a storm brewing in the tech world. The FBI has asked Apple to help them crack into the iPhone of the deceased San Bernardino attacker, and Apple is refusing to do so. If you’re a developer like us or if you’re knowledgeable about how digital security works, the battle likely makes sense to you and you don’t need to read this post. But what about those who don’t live and breathe technology? Why should you care and how do you pick a side if you don’t understand the nitty-gritty of what’s being asked? Here’s what’s going on in plain English.
Why iPhone security exists
What you do on your iPhone is your business, not your neighbor’s or your boss’s or your insurance company’s. We track things like our health and financial information using our phones. Very few people would ever want to make that information public. Technology companies like Apple and Google build their software in a way that makes it safe to store that information in your phone, even if your phone falls into the hands of an unsavory character.
Since Apple is at the center of this debate, we’ll focus on the iPhone. Let’s say your iPhone gets stolen on the subway. The thief runs off with it into the crowd and you know you’ll never see it again. Think about all of the intimate details about your life that are on that device – your passwords, your social security number, your bank login, contact information for your loved ones, your medical conditions, and so on. Without a passcode on your phone, all of that information would be accessible by the thief who swiped your phone. Someone could totally wreak havoc on you by stealing this information. Logically, we put a passcode on our phones to prevent exactly that, turning a stolen iPhone into simply an unfortunate case of stolen expensive hardware.
The basics of iPhone security
The most direct way into anything password or passcode protected is to crack the password. To crack a password, there are a couple options the average person should know about:
Phishing – The criminal takes advantage of the victim’s trust and poses as a legitimate company requesting information to reveal the password.
Sheer luck – The victim used a common password such as “password” or “1234” and the criminal just stumbles on to it.
Brute force – A computer throws as many combinations of characters possible at the login until the computer finds the right password. (This is why longer passwords are harder to crack.)
It’s up to each individual to be aware and smart about avoiding phishing attempts and creating secure passwords. We rely on technology companies to protect us from brute force. Apple has done exactly that. The data on your iPhone is encrypted, and can only be unlocked by the passcode you have set. To view the information on a passcode-protected iPhone, you must enter that exact passcode. If you enter the wrong passcode too many times, the device starts locking you out for longer and longer time periods – up to more than a year before the next allowed attempt. This protects against brute force attacks. The phone simply stops accepting a passcode before a brute force attack can succeed. You can stop an attack like this even faster by turning on a feature to erase all data from the phone after 10 failed passcode attempts. These features make sure that users’ information stays safe if the phone ever falls into the wrong hands.
The FBI’s request
The terrorist’s iPhone has a passcode on it, just like the vast majority of iPhones. The owner is dead, so there’s no asking him to unlock it for them. The FBI wants Apple to build a version of the operating system that cannot withstand an attack so that this one particular iPhone can be accessed. Re-read that sentence if you missed it: “…a version of the operating system that cannot withstand an attack…” This isn’t picking a lock; this is making a master key.
What Apple would have to build to comply is like creating a key that opens every safe in existence in order to open one person’s personal safe at their house. It would unlock your grandmother’s safe deposit box, it would open bank vaults in Switzerland, it would open the safes of every hotel room, and it would even open the vault at Gringott’s in Harry Potter. The requested version of iOS could be used to break open any iPhone on the planet.
Why should you care if this gets made?
Let’s say you’re an upstanding citizen with truly nothing to hide. Your political views may not find issue with sacrificing your own privacy for the sake of national security. What happens when the next terrorist uses an Android, and Google has to unlock their operating system, too? What happens when people with malicious intentions get their hands on the unsecured version of a mobile OS? What happens when another country demands that OS to spy on and prosecute citizens that simply get in the way of the national agenda? What happens when another country uses that OS to peek into the iPhones of US citizens? And so the snowball gets rolling…
The creation of a key like this is the basis for a fantastic James Bond movie. The key with all the power falls into the bad guy’s hands and he threatens to take down the world because nothing is sacred anymore. The world needs 007 to save the day by destroying the key and restoring privacy to the world.
If Apple complies with the FBI’s request, every iPhone and iPad on the planet is vulnerable to attack if the key to unlocking this one individual’s iPhone ever falls into the hands of someone with impure intentions. Is it worth building something with that much power?