I’ve felt conflicted about the struggle between the FBI and Apple over the iPhone. On the one hand, I am sympathetic to the government’s need to gather information and investigate the attacks in San Bernardino last year. I worked at the NSA for six years gathering and combing through all sorts of intelligence from foreign governments to learn about advances in weapons systems, nuclear proliferation and cyber actors. On the other hand, I know how important the integrity of platforms such as the iPhone are to the advancement of the Internet; and if Apple were to comply with the government’s request to unlock the iPhone, millions of devices would be compromised.
The FBI has acknowledged that it is working with third parties to unlock the iPhone. And on Monday, the U.S. Justice Department dropped its fight against Apple (AAPL), saying it no longer needs the company’s help to access data stored on an encrypted iPhone used by one of the San Bernardino shooters.
The latest development might signal a victory for both Apple and the FBI, but there really are no winners here. Federal authorities’ efforts to gain access to private data through a third party highlights a thriving black market where companies sell information on software vulnerabilities to governments and non-state actors, including the United States. This is business as usual. But in its zeal to crack the iPhone, the U.S. government was actually taking a huge step backwards, letting down the tech industry and its own citizens.
What’s more, the FBI made a mistake in trying to force Apple’s hand. Setting up an unintentional iPhone hacking challenge isn’t in anyone’s best interest. Even though the agency didn’t directly seek help in unlocking the iPhone, they enticed security researchers to offer aid by revealing that they couldn’t hack it on their own. It’s not surprising that hackers across the globe have come out of the woodwork to lend a hand. Some are doing it for fame and others for money. An iPhone hack like this is worth millions on the black market.
This mad rush to hack the iPhone was more than just a PR problem for the FBI. It undermined the security of technology that people rely on every day. It put the public at greater risk of compromise and attack. And it sent a signal that the government prioritized the potential to get intel in one case over the security of the many.
In outlining his Cybersecurity National Action Plan last month, President Obama cited both the need for strengthening the U.S. government’s partnerships with the private sector to deter, detect and disrupt threats, as well as the need to do more to help empower Americans to protect themselves online.
The FBI-Apple battle is an unfortunate contradiction and reveals a surprising schism at the White House today. The President says he wants to strengthen the security of the Internet and has increased the budget for that. Yet the FBI is taking steps to counteract those policies. I understand the need to stand behind law enforcement, but people often don’t realize how interconnected these things are. Actions like these can destroy the secure fabric of the Internet — the platform that enables e-commerce and communications — which has transformed the economy over the last 20 years.
Instead of going to great lengths to break U.S. tech products, the government should be aligned with tech companies to create more secure products. It will be impossible for U.S. businesses to succeed in a world where public-private partnerships are compelled by court order. The FBI needs to get to work building relationships with the private sector. The government should do everything possible to encourage a safer and more secure Internet.
The United States leads the world in technology innovation and entrepreneurial know-how, which bolsters our ability to compete in the global marketplace. We need government and private companies to work together to improve the integrity of technology and the security of data to keep the bad actors out. Otherwise, we all lose.
Oren Falkowitz is co-founder and CEO of Area 1 Security, a San Francisco-based cybersecurity company. Neither Apple nor the FBI are currently clients of Area 1 Security. Falkowitz does not own shares of Apple.