My Friday morning post on Apple’s new iOS8 operating system pretty much kicked the hornet’s nest, both here and on Twitter. In this post, I want to discuss what I think is the strongest counterargument made against my post. It’s a good argument, and it has pushed me to change my view from “very troubled” to “need more information to decide.” In later posts, I’ll hope to address other arguments, most of which I found much less persuasive.
Recall that my question in the earlier post asked, “What’s the public interest in thwarting lawful search warrants?” I thought the best response was along the lines of the following, with the text below my best effort at expressing the position:
Although it’s unfortunate that Apple’s new approach will thwart lawful search warrants, the benefit to the public outweighs that loss. Under Apple’s old operating system, Apple maintained a backdoor enabling it to bypass passcodes when the government sent them the phone. That backdoor created major security risks. First, if Apple can break in when they have possession of the phone, then bad people may find a way in when they have possession of the phone, too. But more importantly, if Apple can break in when they have the phone, there may be a way that hackers can exploit that backdoor to break into iPhones remotely. As a result, Apple’s old operating system was dangerous: It was a huge problem waiting to happen. The security risks it raised are great enough that it’s a net public benefit to have the backdoor closed even though it has the unfortunate side-effect of blocking lawful warrants in some cases. Put simply, the computer security gains outweigh the public security losses.
I like this argument. In my initial post, I was assuming that if the government needs to send phones to Apple to break into them, then the passcodes would offer at least some amount of security to its users against thiefs, trespassers, and the like. And even if others can get into the phones, I was thinking, that unauthorized access is going to be quite limited because it requires physical access to the phone. But this may be wrong, it was pointed out to me, and it introduces a cost of Apple’s old approach that I hadn’t appreciated. I still tend see the threat as fairly limited when it requires physical access to the phone. As a practical matter, the requirement of physical access would seem to substantially limit the significance of the vulnerability. But if Apple’s longstanding backdoor works such that the government can’t figure out physical access but hackers can use that backdoor to gain unauthorized remote access, then closing that backdoor adds a security benefit at the same time it imposes the unfortunate cost of thwarting valid warrants.
So where does that bring me? As I see it, it brings me from the “very troubled” category to the “need more information to decide” category. To have a view, I need to know more about the details of the risks on both sides. On one hand, there’s the risk of lost cases; on the other hand, there’s the risk of security vulnerabilities outside the warrant context, and especially remote access crimes. To have a view of which Apple policy is in the public interest, I’d need to know more about how the technical issues play out in both scenarios.
I discussed one side of this in my earlier post: Under the new operating system, just how often will lawful government access to important evidence in a case be thwarted, given the possibility that the government can get the important data via lawful access to unencrypted iCloud backups, guess the passcode, effectuate subpoenas to force decryption, or have other means? The more investigators can use warrants to get the data anyway, the less the new design is an issue. For example, if iPhone users who are the targets of investigations are backing up everything to iCloud, and Apple will hand over that data to the government with a warrant, then the government won’t need to access the physical device and the concern with thwarted warrants isn’t a major one.
Just as I need to get a better sense of the risks to public safety of lost criminal cases under the new operating system, I also need to get a sense of the scope of the security risks under the old approach. In particular, how significant over time is the security risk of maintaining a backdoor intended only for physical access, especially in terms of the risk of remote access? The greater the security risk that was closed with the new operating system, the more the new design is desirable. Putting the two sides together, I can’t really answer what is in the public interest because I don’t yet have a studied sense of how the two risks play out in context. So that brings me from “troubled” to “need more information to decide.”
One minor aside to conclude. Some readers objected to me asking what is in the public interest, raising the libertarian objection that companies owe their duty to shareholders not the public. Even if a company is doing something contrary to the public interest, they noted, it doesn’t mean it should be regulated. My response: Sure, of course. I’m just trying to formulate my opinion of what Apple is doing, and my opinion is based on what I think is in the public interest. If something’s not in the public interest, there’s a separate question of whether the government should respond to it given the risk that the government solution will go astray. That’s a separate question that I haven’t addressed.
Time permitting, I hope to respond to other arguments in later posts, and in particular the argument that the Edward Snowden disclosures show that Apple’s new approach is necessary.