Opinion I Phone cracking Pandora’s phone

It’s just an iPhone, but cracking it threatens to disturb the fabric of the digital security environment.

April 4, 2016 12:01 AM IST First published on: Apr 4, 2016 at 12:01 AM IST

AppleiPhone_BIG_NEW When the FBI cracked the iPhone of San Bernardino shooter Syed Rizwan Farook, it was supposed to end a controversy in which the right to privacy was pitted against the imperatives of national security. Instead, it seems to have escalated the absurdity of the story. Three days after it demonstrated its hacking prowess, the FBI agreed to help extract the data on the iPhones of two teenagers accused of murder, a matter with no national security dimension. At the same time, there is speculation in the industry that the FBI may not be required to reveal the crack used. A bad precedent for the security environment, this would be at odds with the traditional industry practice of publicising security weaknesses in code and hardware as they are found, so that manufacturers can patch them.

Every chapter of this saga would have been laughable if it was not frightening. First, the FBI sought the assistance of Apple to open one phone. Just one, a terrorist’s. In response, the court ordered Apple to provide an operating system without safety features, which could be flashed to Farook’s phone. It is rather optimistic to expect an IT company to compromise its own security, and Apple demurred. That was read as an invitation to an unofficial Apple hackathon, and an Israeli company owned by a Japanese corporation rose to the challenge. So the phone which the FBI claims to have hacked was actually compromised by a private, foreign entity. And now the agency, which had wanted just one phone hacked in the interest of national security, is offering the technology to hack more phones for routine police investigations.

The focus of the debate on security versus privacy has shifted to Europe after the terrorist attacks in Brussels. However, the problem remains the same — it is impossible to sunder one from the other. If government attempts to compromise privacy, an element of personal security, by invoking the imperative of national security, it must eventually compromise the security of the collective too. In this case, the ease with which an iPhone was opened by a private player could encourage entities to market tools to governments for attacking other operating systems. Besides, the FBI is unlikely to reveal the method by which it is hacking iPhones, since the technology is owned by a private concern. That would create a dangerous precedent, upending the very philosophy of data security.