Apple, the US Intelligence Community, and Encryption

Today I'm going to write about something different. I'm sort of a hybrid creature: I'm a creative, but I'm also a techie. While my last few posts have been about creative inspiration, this time I'm going to head in a different direction and write about something that's been in the news recently. Perhaps you've heard of recent events concerning Apple and the FBI. If you haven't, a quick synopsis would be that the FBI has submitted a court order to Apple, requiring them to develop a tool to break the encryption on the iPhone of one of the San Bernardino terrorists (ostensibly to gain iMessage access, since that is behind the encryption wall). Tim Cook has written an open letter refusing the court order, and here's a link to the letter:

I'm very much pro-America, and pro-Defense. I've gotten asked quite a bit over the last few days what my opinion is on Apple's stance, and it's seemed to surprise people that I side with Apple. But, I do. I think the letter addresses a lot of very valid points, and leaves a few out that I'll address my feelings on myself.

First, I feel the government is overstepping its bounds to require a company to develop a tool that breaks their own software. Namely, to defeat the entire point of the tool in the first place. As Tim Cook stated, they do not currently have the ability to de-encrypt the information, and it would take quite a bit of work to be able to create.

Secondly, I don't feel the FBI is being honest in saying that they would only use this tool this one time. That makes no sense at all, and besides, the case seems to be pretty strong against the terrorists, without needing any more information. The nature of how terrorist cells work implies that the foot soldiers who carried out the attack wouldn't be privy to information about future attacks (for one thing, they usually aren't that organized, and for another, it would make no sense to tell people on a suicide mission about things that will happen after they *boom*, for obvious reasons), so I don't know what valid information would be gained that justifies the potential security breaches.

This brings me to my third point: Asking Apple to break encryption on millions of devices, to gain access to non-essential data on one, is a security threat in which the potential threat does not justify the gains. In the past 5 years or so, the federal government has shown itself to not be the best custodian of highly sensitive data. From Snowden, to multiple intrusions from other state players, including the hacking of the databases that hold the SF-86s (which holds the most sensitive information about its most sensitive workers), to not even maintaining the minimum of professional security on highly sensitive data (anyone hear anything about how Hillary Clinton was safeguarding classified data, btw?), there's just not a lot of trust there. The thought that IF the government was made a custodian of such a powerful tool, that they would treat it carefully and protect it as it should be, just hasn't been proven. At all. In fact, I would put money on Russia or China getting their hands on it within six months. And that's just not worth it. 

Despite my strong pro-United States stance, I am with Apple here. I feel at this point in time, the marketplace has been a better guardian of sensitive data than the government, and until the tables are turned, they'll just have to take their medicine. The sensitive data that apple devices hold for millions of US citizens is just not something that I want in the hands of our enemies at the click of a button, and I think it's something they would be able to get. INCLUDING, by the way, biometric data, which is not something that can just be reissued (when's the last time you got a new fingerprint?)

The last point I'll bring up on this is the fact that there are tons of legal precedents that this case will have in international law, but I am not knowledgeable enough to really comment on it. It bears thinking on though.