Unscrambling Apple's case
Last week I was kayaking along the Florida straits when the year’s biggest cybersecurity story—so far—broke. I’m still adjusting from tropical Keys to encryption keys.
To review: Apple APPL and the Federal Bureau of Investigation are at a standoff over a case involving accessing data stored on a phone used by Syed Rizwan Farook, one of the San Bernardino massacrists. The FBI wants Apple to create a new software tool that would undermine the phone’s security features and help unlock its contents. My colleague (and boss) Adam Lashinsky weighed in on the matter as part of yesterday’s Data Sheet. He came down in favor of the Feds. Apple is not above the law, he reasoned; if a court has determined that Apple should help the FBI break into a terrorist’s iPhone, then the company must oblige—just as it has in past investigations. That’s that.
Yet is the law so clear? Philip Elmer De-Witt, another colleague of mine and longtime Apple devotee, alternatively pitched his support for the colossus of Cupertino. He contended, citing the the company’s 65-page motion filed Thursday, that the FBI’s request violates Apple’s First and Fifth Amendment rights by unprecedentedly forcing it write and sign deliberately weakened code it does not agree with, and that the government has no authority to compel a company to decrypt customer data when it does not possess the needed cryptographic keys. Besides, as Apple noted, Congress decided in its 1994 Communications Assistance for Law Enforcement Act that cops lack the power “to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service.” So there.
Fortune isn’t the only divided house. Bill Gates seemed to side with the FBI earlier this week, before (sort of?) walking back from the position. Microsoft MSFT , the company he founded and continues to advise, on the other hand, voiced its full-throated support of Apple a couple days later. (A position the rest of Silicon Valley has since rallied behind.) The country is split too. A Pew Research poll and a follow-up Morning Consult poll found that the public only narrowly—a slight 51% majority, both coincidentally reported—sides with the FBI. Admittedly less scientific surveys, including Fortune’s own, seem to indicate the contrary.
The Apple versus FBI debate has also polarized legal experts. Some who spoke to Wired said they indeed view the government’s ask of Apple as entailing compelled speech. Another authority, Lawrence Lessig at Harvard Law School, told CNNMoney that he believes Apple will have a hard time arguing that this case is different from past ones in which it aided law enforcement—never mind that the latest circumstance involves Apple developing a crippled version of its iOS software, which could have grave implications for consumers’ security. (As National Security Agency analyst-turned-cybersecurity entrepreneur Jay Kaplan wrote in a piece contributed to Fortune this week: “If there is even a single mechanism through firmware or changes in the security architecture for the government to access encrypted information, that same ‘backdoor’ will inevitably be used for nefarious purposes and have serious long-term ramifications.”)
Most experts agree, nevertheless, that the primary component of this legal battle that will come under court review is the All Writs Act, a law as old as America and upon which the FBI’s case rests. As many commenters have pointed out, legislators approved this search warrant-executing act before humans powered the world with electricity, let alone before they had to worry about cloud computing, “smart” devices, and ubiquitous esoteric mathematical algorithms that scramble communications records. An original version of the bill passed in 1789, and the U.S. adopted its current form in 1911. Microsoft president and chief legal officer Brad Smith brazenly demonstrated just how antiquated the law is when he plopped an adding machine from the same era down on a desk during a testimony before Congress this week. His message was clear: “We need 21st century laws that address 21st century technology issues.”
Apple, of course, has the right to object to the FBI’s court order. Whichever side loses in court will no doubt appeal the ruling. If Apple fails twice to win its case, then the company is plum out of luck; the phone’s secrets will spill. If an appeals court ultimately backs Apple, then the case could end up airing before to the nation’s highest court. As Norm Pearlstine, content chief of Time Inc., Fortune’s parent, has noted: We may very well have a Supreme Court case in the making.
Thankfully, America’s founders architected the nation with a mechanism to settle such seemingly intractable disputes. Now that’s a principle of secure design.
Thanks go to my colleague Jonathan Vanian for holding down the fort in my absence last weekend. Note that he’ll be reporting on the ground at the annual RSA cybersecurity conference next week. Follow him for updates at the confab.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Telegram growth rockets. A encrypted messaging app popular among ISIS sympathizers that began as a pet project to keep Russian security services from snooping on two brothers’ conversations has hit 100 million users in just two years. Pavel Durov, the company’s founder and noted Russian exile, says he supports Apple in its fight against the FBI. (Fortune, Fortune)
IRS hacked worse—again. The Internal Revenue Service said it likely misreported the number of people affected by a recent website security breach. This is the second time the agency has more than doubled its estimate of the number of people victimized in that tax refund scam: a figure raised to 724,000 from 334,000 people—and in turn from an earlier 114,000. (Fortune)
Today in cybercrime. Ransomware—malicious software that holds a computer’s data for ransom—is on the rise, says cybersecurity firm FireEye. Meanwhile, fraudsters masquerading as CEOs have recently duped employees into wiring more than $2 billion into their crooked coffers. (Fortune, Fortune)
Alphabet shields newsrooms. Jigsaw, a division of the search giant formerly known as Google Ideas, has invited journalistic websites to join “project shield,” a service that protects websites from computer server-flooding denial of service attacks. (Fortune)
Cyber-unicorn leadership changes. Tanium, the world’s highest valued cybersecurity startup, announced that its co-founder and former chief tech officer Orion Hindawi has taken over the CEO role previously held by his father David Hindawi, now named exec chairman. Unrelated: Larry Biagini, General Electric’s former chief tech officer, has ditched retirement to become chief tech evangelist at the Internet traffic-scrubbing startup Zscaler. (Fortune, Fortune)
Climate controlled? An app that regulates heating and cooling in Nissan Leaf vehicles has coding flaws that hackers can exploit to manipulate the temperature in the cars. The company has suspended the app until it can issue a fix. (Fortune)
Where are they now? Catch Me If You Can ex-con man Frank Abagnale has joined the identity-proofing startup Trusona as an advisor. He recently visited Fortune to chat about the company, which raised $8 million in funding last year. (Fortune)
Play-Doh can hack your iPhone. Yes, fingerprint scanners are susceptible to Play-Doh. So much for biometrics. (CNBC)
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Fortune’s Mathew Ingram explains why the government’s attempt to co-opt Google, Twitter, Facebook and other tech companies in its battle against ISIS propaganda is dangerous.
Ever since the Middle Eastern terrorist group known variously as ISIS, ISIL or Daesh first started intruding on the public consciousness, the organization’s savvy use of social media has been one of its calling cards. With YouTube videos of prisoners being beheaded or burned alive, and Twitter accounts that spread its message of radical Islam, ISIS has adopted social networks and the web as a distribution method a lot faster than many Western media organizations and governments.
Given that, it’s not surprising that governments have been trying to convince online services like Google and social platforms such as Twitter and Facebook to help cripple ISIS in any way possible. The latest in that effort was a series of recent meetings in Washington, where about 50 different digital companies met with various members of the U.S. government’s anti-terrorism agencies to talk about cutting the flow of digital oxygen to ISIS.
The problem is that these attempts, as laudable as their goals may be, involve security agencies asking Google, Twitter, and Facebook to suppress and/or promote certain kinds of speech. And this is one of the slipperiest of slippery slopes imaginable. Who decides which speech is to be tolerated and which isn’t? The Pentagon? Facebook? The same secret FISA court that decides who the NSA can spy on?… Read the rest on Fortune.com.
Salesforce CEO Marc Benioff Battles Georgie Over Gay Rights by Jonathan Vanian
Are Activist Investors Good for Tech Companies? by Dan Primack
Here’s Why Honeywell’s Bid for United Technologies May Crash by Shawn Tully
Robots and Voice Interfaces Making the Smart Home More Chaotic by Stacey Higginbotham
ONE MORE THING
Could machines become self-aware without humans realizing? Consciousness defies definition. If the complex and unpredictable systems that software developers are currently building—deep learning algorithms, neural networks—deliver true intelligence, how would anyone know? (Aeon)