With NYC iPhone ruling, who should break smartphone encryption?
While the tech community watches the drama unfold between Apple and the FBI over the phone used by the San Bernardino shooter, there are other cases working their way through our legal system. Yesterday a federal judge in Brooklyn ruled against the FBI in a situation where law enforcement wanted Apple to unlock the phone of a suspected drug dealer.
In his ruling, Judge James Orenstein said “The relief the government seeks is unavailable because Congress has considered legislation that would achieve the same result but has not adopted it”, referencing recent legislation that Congress failed to pass.
Obviously this New York case won’t have a direct influence on the situation in California, but it does help set precedent for future verdicts. It also helps Apple with some additional media and PR. In the case of San Bernardino, public opinion news polls often show more people siding with the FBI in compelling Apple to unlock the phone.
Who should break the lock?
The problem with discussing technology situations like this, we have to balance information accuracy against pithy sound bites. Most of our metaphors are somewhat flawed. As reporters talk about locks and keys, it’s understandable that many people don’t understand why Apple isn’t helping the FBI.
“Why can’t they break the lock this one time, and then make a new lock?”
It’s a fascinating examination of intellectual property rights and citizen protections. Should law enforcement have the authority to compel a company to break its own product?
Let’s stick with the lock metaphor. Chances are pretty good that your physical home has a door which can be locked. When police serve a warrant to search a home, they are allowed to break down that door. They can defeat the lock on a door if a significant amount of time passes between announcing their presence and waiting for a resident to open the door.
Breaking down the door is a brute force attack on that security solution. Law enforcement does not compel the manufacturer of the door lock to attend a search to pick the lock. They find a solution which circumvents the lock. Police do not force lock manufacturers to provide a master key for all homes, nor do they require manufacturers to develop a system to defeat all locks.
This lock metaphor is getting stretched thin. Returning to the iPhone, data encryption is obviously a different situation than a physical lock on a door. Apple responded to criticisms regarding consumer privacy and security by building more robust protections into iOS. Defeating those protections is substantially more difficult than bashing in a door or cracking open a safe. Because it’s more difficult, should Apple be tasked with defeating the iPhone’s security?
This is a rapidly evolving conversation including every aspect of our government, individual citizens, law enforcement, lawmakers, and judges. Consumers will increasingly rely on “smart” products and cloud services. Protecting that information will be vital to our future economy. Who should have access, and how should that access be granted?
It’s clear, given the current climate, that tech enthusiasts need to be more involved in leading the discussion for both citizens and elected officials. It’s up to tech savvy individuals to make this conversation more accessible, so we can have a proper debate. At the least, we should be able to walk away from inaccurate metaphors.
Have you had success in explaining this situation to family and friends? Have you written to an elected official to voice your position? Share your experiences in the comments below.