Skip to main content

Apple vs. the FBI: who’s right? And how will it affect our privacy?

Concordia expert Jeremy Clark weighs in on the headline-making cyber-security battle
March 1, 2016
|
By Tom Peacock


Jeremy Clark: 'People are concerned about the precedent this case could set.'


Apple is in a heated battle with the FBI over the right to safeguard its customers’ data.

Today, in Washington, representatives from Apple and the FBI will testify at a House Judiciary Committee hearing titled "The Encryption Tightrope: Balancing Americans' Security and Privacy." The proceedings stem from Apple’s appeal of a court order compelling it to unlock an iPhone belonging to mass shooter Syed Farook.

In anticipation of Tuesday's free public conversation at Concordia with the CBC’s Nora Young, Jeremy Clark — an assistant professor in the Concordia Institute for Information Systems Engineering (CIISE) — offered this insight.


The FBI’s demands: is this more of the same, or one step too far?

Jeremy Clark: This is a big case, and people are concerned about the precedent that it could set, and the way it could creep the law forward in a variety of different directions.

It’s interesting because of the amount of work that the FBI is compelling Apple to do. This is not just a case of the company being asked to go into its database and grab some records, then return them to the FBI — they already did this with the iCloud back-up of the phone, so Apple has cooperated with the FBI to the extent that they feel that they're legally compelled to. 

But now the FBI is asking Apple to write a custom piece of code that's going to make these really deep-seated changes. You need a lot of expertise to pull this off, and Apple is saying it's too much.

Should Apple be in court?

JC: I think there's a balance to be found here.

It strikes me that this is probably too much to ask Apple to do. But at the same time, Apple is not necessarily saying, “We're never going to comply with this. We'll go to jail before we do this.” They're just saying, “We're going to contest this in court. We're going to get a judge to decide.”

I'm on Apple's side in the sense that they should be taking this to court. They should get some judicial review. They should be allowed to make a case for why the law doesn't cover this type of thing. There are no provisions of the law for these types of actions. 

I'm withholding my judgment, but I definitely support Apple contesting it.

Is this a case of "build it and they will hack"?

JC: If this tool is built, and if it ever gets out, it's not like it would allow people to just automatically start attacking everyone's phones.

But 90 per cent of that attack would be completed. All you would need is that last 10 per cent, which is Apple applying its certificate to sign in.

If there's some way to circumvent that signature check on the phone, then that's the one piece of the puzzle you’d need, and the rest would already be done for you.

Maybe Apple could make the code and destroy it, but someone would have to write that code and they would know how to do it; those employees could leave Apple at any time, so it's not just like you destroy it and then that knowledge is gone. 

What's the impact on Apple’s bottom line?

What we’ve seen from the privacy literature is that people don't pay for security, or privacy — or they value it very little.

So I'm not sure how much competitive edge Apple really has in terms of its privacy. Blackberry's new phone is called "Priv," which is short for privacy. They really play up security and they're not doing so well. 

Privacy is definitely part of Apple's marketing strategy, but honestly, I think Apple actually just values privacy. I believe that Tim Cook — especially since he took over from Steve Jobs — is really deeply principled about privacy. This isn't just marketing; it's actually him just standing up for certain principles. 

Is this a case that should lead to legal reform?

This is not a case of the FBI preventing an imminent terrorist attack, or a case of someone committing a terrorist attack and we don't know who they are but we have their phone — if we can get into this phone, then we can catch them.

It's not even a case of having to build enough evidence against this person to put him in jail. He's dead.

To me, this just seems like the wrong sort of case to really push the law forward. It doesn't seem that getting into this phone is going to help the FBI. I'm not denying that it'll be useful to them, but the amount of use needs to be balanced against what they're asking for.


On March 1, Jeremy Clark met CBC broadcaster Nora Young for Connecting Your Tech Future: A Conversation About What’s Next, a free public conversation in the D.B. Clarke Theatre (1455 De Maisonneuve W.) on the Sir George Williams Campus.

 



Back to top

© Concordia University