Information security is in the news again - this time for a completely different reason than normal. There's not a huge company that got hacked. There's no hacktivist group threatening to DDOS a company that threatens their beliefs. No - this is completely different. And it's far more important than many people realize.In the aftermath of the San Bernardino shooting in December 2015, where 14 people were killed and 22 were seriously injured in a terrorist attack, the United States government has engaged in a legal battle with Apple. The government wants Apple to craft a new operating system for the iPhone of the terrorist responsible for the shootings in the name of threat intelligence. While this seems similar to a warrant for information, this is entirely different. Why? Because Apple doesn't own that information.
iPhone's use an encryption that is end-to-end. This means that when one iPhone sends another iPhone an iMessage, the sending iPhone scrambles the data until it is received by the recipient iPhone, where the private key to unscramble the message is stored. At no point does the data get sent to any Apple servers, therefore meaning that Apple doesn't own the data that the government wants.
However, since Apple owns the operating system for iPhones, called iOS, the United States government is requesting that Apple write a new version of the operating system that will effectively counter all of the current security measures that iPhones have to protect data - including a feature that will erase the content of an iPhone if an incorrect pass code is entered 10 times.
While the government argues that this is a one-time case, there are both privacy and security implications if Apple is forced to write this "back door" operating system.
First, once the code is written, it will become a target for cyber criminals. If a cyber criminal can access the vulnerable operating system's source code, it could be used against any iPhone that is the target of a cyber attack. This creates our first issue - information security. While the government may gain threat intelligence by accessing the terrorist's phone, the same vulnerable operating system could be used in a cyber attack against government officials, who (you guessed it) - also use iPhones.
Second, once the courts set a precedent that the government can force companies to hack their own systems, the case will be used in the future to counter end-to-end encryption. This creates our second issue - privacy. Whether or not you believe that the government uses mass surveillance for good or evil, what anyone can understand is that the government will be able to have virtually unrestricted access to your data.
Get pulled over with some marijuana in your car? Well now the government is in court requesting a warrant to search your entire iPhone for evidence of how you got it in the first place so they can bust your dealer. A landmark precedent is being set by this case.
I wouldn't say that the general population of the government officials who want Apple to break their operating system would use that as a gateway to large-scale monitoring, but if Apple creates a backdoor to one phone, the code is then available to be stolen and used on all phones. For cyber criminals, it'd be as easy as jail-breaking a iPhone, but to the point that it changes the OS's password system.
And that's not even to mention the apparent fact that the FBI already changed the pass code on the iPhone in question. The pass code on the phone changed within 24 hours of it being within government possession. So someone is the government knows the pass code and is using this in order to set the precedent that the government should be able to force a company's hand in these situations.
OPINION
I think it's a pretty simple issue once people understand the facts. It's being framed as a security vs. privacy debate. In reality, it's a physical security vs. information security debate. People who are huge proponents for physical security and don't understand cyber security will go on the side of the government. People who understand that this opens a huge information security hole will lean on the side of Apple.
In reality, if Apple creates this backdoor, it will make the government more vulnerable because a large portion of government workers use iPhones. There's really no way to frame it that makes sense for the government to get away with this. Unfortunately, there are too many people that are too stubborn to learn about the information security implications of what the government is asking Apple to do.
