Security Pros React To Apple VP Federighi’s Op-Ed On Dispute With FBI
With an op-ed by software VP Craig Federighi in the Washington Post today, Apple used its top software guy to explain why the company is refusing to help the FBI break into the iPhone of San Bernardino shooter Syed Farook.
Through public statements and court filings, the two parties have been ratcheting up the drama, which could see its final act played out in front of the Supreme Court. The matter would likely first have to percolate in the lower courts, however. In the meantime Congress could intervene, in which case public sentiment (read: voter sentiment) on the issue could mean a lot.
Federighi’s op-ed comes as many on social media are still asking why Apple has refused to help the FBI. Some have asked why a speculative threat to future data security should take precedence over the investigation of what could be an immediate physical threat to national security.
Cooper Levenson attorney and cybersecurity expert Peter Fu explains the difficulty like this:
“On the one hand, it is conceptually simple to understand law enforcement’s desire for total data access capabilities,” Fu says in an email to Fast Company. “On the other, data privacy is a complex gray area of diverging interests, even among allies.”
“There is no 60-second answer in defense of data privacy,” Fu writes.
The FBI says it hopes to find evidence on Farook’s phone of links between the San Bernardino shooters and terrorist groups in Iraq and Syria.
Apple argues that once such a custom OS is built, it opens up a vulnerability that hackers could exploit in the future, a view shared by Fu.
Federighi had a new way of making the potential security threat more real:
“Our nation’s vital infrastructure—such as power grids and transportation hubs—becomes more vulnerable when individual devices get hacked,” he writes in the op-ed. “Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks through access to just one person’s smartphone.”
Trail of Bits security expert Dan Guido said Federighi isn’t playing the fear card here. He says an iPhone could be used as the starting point for an attack on major infrastructure if the device is “used for remote access or administration of the power grid or a transportation center and a hacker gains access to it.”
Cooper Levenson’s Fu agrees, with a condition: “I am unaware of any power plant that can be directly turned off by a mobile phone,” he says. “However, there are plenty of possibilities in which a mobile phone can be used to affect power plant operations.”
Until today it’s been Apple top brass and attorneys who have spoken publicly for the tech giant, Trail of Bits’ Guido points out. “Others at Apple have already made the political appeals (‘if we do this once, we’ll be forced to do it again and again’),” Guido says. “It looks like they are now sending out engineers to come at this from a different direction.”
Federighi is the Apple executive responsible for all software the company creates, so he’s closer to the company’s actual security work.
Federighi repeats some of the points previously made by Apple CEO Tim Cook, and by Apple attorneys. Still, the op-ed still leaves room for doubt, which is not hard to find in the comments below Federighi’s piece.
“Apple’s argument is weak,” writes reader Gussie Fink-Nottle. “In their view if they write a backdoor to disable the password try limit, that hack will eventually leak out into the world. If they can’t secure that piece of code, then why should anyone believe they can secure any other piece of code, operating system, payment system?”
A Pew Research Poll conducted from February 18-21 found that slightly more than half of Americans think Apple should help the FBI unlock Farook’s phone. But the question asked of participants offered no reason for Apple’s resistance. The poll also found that three quarters of people surveyed knew at least a little bit about the dispute. Another Reuters poll a few days later found that 46% of Americans agreed with Apple’s point of view on the issue.
When the FBI decided to leave the February 16 court order unsealed and publicly available, the matter became a PR battle between Apple and the government. Experts say creating such a high-profile public debate was likely the Department of Justice’s strategy all along—to raise the volume to such a level that Congress would be forced to intervene.
Fast Company , Read Full Story
(11)