It might gall the FBI to no end, but now that it has unlocked the iPhone belonging to one of the San Bernardino terrorists without Apple's help, it should tell Apple how it managed the feat so the company can patch the weakness as quickly as possible.

Otherwise data belonging to many iPhone 5c owners could be vulnerable to hackers, and that is in no one's interest — not the government, Apple or consumers.

As the security technologist Bruce Schneier wrote this week in The Washington Post, "The problem with computer vulnerabilities is that they're general. There's no such thing as a vulnerability that affects only one device. If it affects one copy of an application, operating system or piece of hardware, then it affects all identical copies."

So far, the government has not revealed whether it intends to share information with Apple, or for that matter whether it has made a decision. Meanwhile, unfortunately, the Justice Department's success in unlocking Syed Rizwan Farook's iPhone doesn't seem to have mellowed the agency regarding its approach to similar cases in which it seeks to obtain data on devices protected by encryption.

Even as the department was dropping the case against Apple, it reasserted its intention to ask judges to force companies to assist in unlocking data if they balk.


Advertisement

At some point the courts or Congress will have to provide greater clarity on whether tech companies must invariably comply, since efforts to improve encryption are only going to intensify. Can the government simply conscript tech companies to help them investigate crimes, forcing them to delegate scores of employees to the task in multiple cases across the country?

Remember, the phones aren't even owned by the manufacturer. They are the property of the individual suspect (or in Farook's case, his employer).

While the FBI is understandably focused on the abuses of encryption by law-breakers, most people who value encryption do so for legitimate privacy and security reasons. And they know that if police agencies locate a potential back door to their data, it exists for hackers, thieves and foreign governments, too.

Moreover, on what basis would a company like Apple resist the demands, say, of an authoritarian country like China to unlock its phones if it routinely and uncomplainingly performed this task for U.S. authorities?

Contrary to the alarm raised by some law-enforcement officials, it is simply not true that encryption threatens to put police at a historic disadvantage against criminals and terrorists. As The Wall Street Journal's Holman Jenkins noted this week, "The centrality of the individual device to privacy can be exaggerated. The vast majority of our sensitive information is not trapped exclusively on a phone but is exchanged with the world and duplicated on the servers of many parties ... which police can reach."

A recent report from the Berkman Center for Internet and Society at Harvard University on the encryption debate makes much the same point. It's time for federal officials to take note and back off from their efforts to enlist companies like Apple to undermine encryption.

~ The Denver Post