Wednesday, 30 March 2016

Apple v FBI - Some Uncomfortable Truths

‘We must not lose sight of corporate power.’ Grand Central, an installation by Valentin Ruhry, cleverly subverts digital consumer culture with a product display featuring everyday objects found at a train station. MAK GALLERY, Vienna, 2014, curated by Marlies Wirth. Courtesy of Christine König Galerie, Vienna.

Julia Powles and Enrique Chaparro in The Guardian

It has been a spectacular six-week showdown – the world’s most valuable brand, Apple, pitted against the powerful American agents of the FBI. Two titans of spin, locked in a fast-moving battle over a dead terrorist’s smartphone. Now, as dramatically as it exploded, the FBI’s legal demand that Apple help it crack the iPhone of one of the San Bernardino killers has evaporated – the agents hacked their way in anyway, assisted by a mysterious third party.

There was always more to the Apple v FBI case than met the eye – and it is true for this latest twist too. The biggest issue is that both sides stand to gain a lot more from this battle than any of us. With little relation to reality, and backed by a worryingly partisan chorus, the notoriously closed Apple is emerging as a champion of users’ rights. Equally worryingly, a government agency is claiming the power to keep to itself a tool that can potentially break security features on millions of phones, while earmarking a demand for further judicial or legislative intervention in the future. Whichever way you look, this feud is far from a road to freedom in the digital environment.

Breaching Fortress Apple

From the FBI’s side, it seems clear that the case was opportunistically selected. No one wants to defend a terrorist. And after hammering on about law enforcement “going dark” on secured communications, the authorities were salivating for a pin-up case. Terror on home soil provided it.

But the FBI failed to account for one thing: the fallout of enraging a cultish brand on top of the most guarded, controlling ecosystem that computing has ever seen. Apple, incensed at the idea of anyone trespassing on its authority, went public – an equally opportunistic move, straight from the Taylor Swift playbook. And in so doing, Apple debunked the FBI’s otherwise earnest rhetoric that it only wanted to get at one iPhone, from one terrorist.

The key fact is that the FBI demanded a general tool: a modified operating system able to circumvent certain user-set security features in any given iPhone. There are clear dangers in bringing such a tool into existence. As forensics expert Jonathan Ździarski puts it, this is “a bomb on a leash”; a leash that can be undone, legally or otherwise. The FBI’s last-minute deferral of the court hearing in this case would, ideally, have been the enlightened recognition of this reality, as well as the multiple case-handling incompetencies and dubious legal foundations of the FBI’s request. Bizarrely, the withdrawal was on another ground: a third party had emerged with a hack. With the case now wholly dropped, we have a new danger: a classified bomb held by the FBI and unknown third-party hackers – but not by Apple, the one party capable of defusing it.

These facts are as much as the public debate has countenanced, resulting in predictable mud-slinging between techies and bureaucrats; big tech and big brother. What this misses is that this case has been a cause célèbre all along because it presents minimal threat to vested interests and power.

Apple v FBI was never the mother of all privacy battles. It is and always has been a security battle, between alleged national security and individual security, fought over a landscape of increasing insecurity.

It is this insecurity – existing, pervasive, worsening, global vulnerability of our infrastructure, communications and rights – that has been the greatest deception in this battle to date. Because despite how Apple has portrayed itself and been valorized by the media, phones are not impregnable, nor are our data and the platforms they reside on. Not by a long shot. The outside hack proves just that: if an external source that decided to cooperate with the FBI could break into the phone, and in shockingly short time, other less savory sources could do so too.

This case should be a tremendous opportunity for a global conversation about technology fragility. We need responsible leadership that recognizes that there is no such thing as perfect security, and that responds with restraint and redundancy, rather than a headlong tumble into connecting all the things.

Coupled to this must be a specific concession at the heart of the case and the unsatisfactory truce now reached. Digital locks and picks, by their very nature, are binary – they work for all or for none. In the current state of the art, it isimpossible to manufacture what the FBI wants: implanted vulnerabilities, or “backdoors”, that work exclusively for “good guys with a warrant”. Whatever the FBI is holding now, it suffers from this reality. But the problem is also bigger than that. As renowned computer security expert Matt Blaze describes the essence of the dilemma: “We can’t discuss how to make our systems secure with backdoors until we can figure out how to do it without backdoors.”

Boxing in the shadows of vast corporate power

This case, and others like it, are also an opportunity for a deep and reaching conversation about corporate power, and about the increasing intrusion of tech majors into democratic space. This is an angle that has been worryingly absent in most of the case’s commentary.

Regardless of the merits of its position, many of the arguments that have been marshaled at Apple’s feet in recent weeks set a dangerous, potentially pernicious trend. In particular, the argument that corporations are subjects entitled to human rights such as freedom of expression is deeply problematic, undermining reasonable regulation and presenting a destabilizing influence on democracy. The black box society is real, and this case and inevitable future iterations of the same battle have every indication of making it worse.

So we are at the crossroads. And out in the cold. Many decisive questions still remain open, and despite the reams of technical jargon written about this case, its core is not primarily technical, but political.

Under ideal circumstances, and privilege against self-incrimination aside, we should expect that any society would reasonably cooperate with law enforcement to investigate heinous crimes. But what is the most rational response to take when authorities such as the FBI, as well as lawmakers around the world,continue to overreach in their demands, seemingly unwilling to protect an already fragile technology ecosystem and our rights within it?

At the same time, the sheer scale of corporate power challenges the very foundations of democracy, while keeping us locked within walled gardens. Apple,Google, Facebook and the rest have received a tremendous windfall from this case, with nothing more than their words to induce our trust. But trust must be earned. It is predicated on transparency and it demands accountability, not marketing and press releases. Big tech will maintain privacy (or whatever theydefine as privacy) as far as it is convenient for their business. And when it is not, they will gladly forgo it. Apple is no more immune to this than any other business, and we should be as vigilant about its power as we are about any government.

Political, legal and technical solutions (in that order) for these problems may exist. Only honest, open, democratic discussion can find them.

No comments:

Post a Comment