It’s good if the FBI has found a way to crack into the iPhone used by the San Bernardino terrorist for two reasons.
First, the FBI can find out what’s on it. Maybe it’s important to the investigation of the shootings and maybe it’s not, but cracking the phone is the only way to find out.
And second, it’s giving Apple (and the tech industry in general), the FBI (and law enforcement in general), and Congress the breathing room to sort out the issues rationally.
The latter is the more important of the two. Yes, it’s important to wring every bit of evidence out of the terrorism investigation, but it’s one incident. The course being set by the lawsuit between the FBI and Apple could have legal implications far beyond the one case.
While there’s a pretty good argument that information on terrorists’ phones should be accessible, the legal precedent set if the FBI wins against Apple would immediately affect investigations for lesser crimes. At what point would privacy concerns supersede the severity of the crime? Assault? Drug dealing? Burglary? Never?
That kind of decision needs to be made through thorough hearings and public debate. The best forum would be Congress, not the press, which is where most of the discussion has taken place. And then Congress needs to act.
The FBI is relying on a law that was written before mobile phones, email, public key encryption and ISIS existed. The country needs a law that deals directly with privacy as it relates to these factors. Creative interpretations of existing laws that don’t address the specifics of today won’t do.
In the absence of such law the FBI will continue to press for access to encrypted data on a case-by-case basis, and eventually courts will define how old laws apply to the new legal environment.
There’s not going to be an answer that makes everyone happy. The technologists are right when they say that any scheme to decrypt encrypted data must create a weakness in the encryption system that unauthorized persons can exploit.
And they are right when they say that other countries will create their own, similar decryption requirements that may be more onerous and weaken encryption further.
And they are right when they say encryption systems without backdoors will be created outside of the U.S. and used by the most savvy criminals inside the U.S.
And they are right about other important things. Mandated backdoors would make it difficult if not impossible for vendors of encryption products to make and sell their wares internationally. They would put corporate intellectual property, health records, online banking and other business that relies on strong encryption at risk.
Sign up for Computerworld eNewsletters.