In this day and age of fast food journalism, with technology pundits vapidly expunging their opinions on that day’s technology fare, we sometimes miss something that is truly seminal that happened in our industry. That “something” would be Tim Cook’s refusal to turn over the keys to the kingdom – the security of the iPhone itself – to Federal authorities.
The goal of these government agencies was to secure a skeleton key that would allow unfettered access to Apple devices, in important cases that would help solve crimes. Ultimately, it is widely believed that recent leaks of software backdoors made famous by Wikileaks originated with federal agencies of the US government.
What’s odd is that in normal times, we would see a mea culpa from someone. Yet, we hear almost nothing about it. So I’ll say it – Tim Cook was right about the dangers of entrusting a master key that could unlock Apple devices to anyone, including a government agency for fear that it could leaked or be misused.
In December 2015, a day after the horrific San Bernardino shootings happened, the FBI was able to recover a single working iPhone used by the terrorists from their apartment. Because the iPhone hadn’t synced recently with its iCloud counterpart, the recent data on the phone was of keen interest to the federal agents. However, the phone was locked and they didn’t have the passcode, and the person who did was dead. Apple puts in a failsafe where if the wrong passcode is entered 10 times, the device automatically erases itself.
The FBI’s solution was to ask Apple to create a special version of iOS, the software that runs the iPhone, without this limit so the FBI could try all combinations until the phone was unlocked. As CEO of Apple, Tim Cook made the very hard decision (both morally and ethically) to deny this request. A few months later, the FBI obtained a court order from a federal judge that would compel Apple to create this specialized version of iOS for the government to use. Ultimately, the FBI dropped its case against Apple, claiming it had found another way into the particular phone in question.
This may have been the end of it, or so most people thought…
Earlier this year, a hacker group by the name of The Shadow Brokers published several leaks containing hacking tools believed to have originated from the National Security Agency (NSA), including several vulnerabilities that were brand new, frequently referred to as zero-day exploits. These exploits targeted Microsoft products.
Within a few weeks of these exploits becoming public, a now famous ransomware known as “WannaCry” infected thousands of computers. When a computer is infected with ransomware, it encrypts all the data on the computer and requires a payment to gain the ability to decrypt it. WannaCry caused mass upheaval for many of the world’s largest entities. Today, it is believed to be contained. WannaCry is the direct result of leaking a backdoor that is believed to have been put in by the NSA.
It is important to note, however, that this exploit didn’t affect Apple products. While that may just be plain luck – the NSA isn’t telling us what exploits it has for Apple devices, but it does open Pandora’s Box when it comes to trusting government. While the existential threat of a government agency accidentally leaking exploits they might be using to maintain national security was possible, it wasn’t plausible. Therein lies the problem, you can’t go back.
The government cannot ever again legitimately claim that methods designed for their exclusive use to defeat security measures for national security purposes will be only used for that. But, when Tim Cook made his decision, Pandora’s Box was still closed. Only Mr. Cook knew that given enough time, that someone would pry it open. He deserves credit for that.
One positive outcome from all this is that the Apple brand is stronger than ever. What technology company do you trust with your information? Google? Facebook? Since they don’t charge you anything to use their products, their sole source of revenue is monetizing your information. Apple remains the only “mega tech” company that has proven through its difficult choices, that it values its customers trust, and that its customers can trust it.
This is an enormous halo that will only grow as the Internet grows, and customer data can be weaponized for malfeasance. In addition, since it actually charges customers to use its products, it’s not reliant on slicing and dicing customer data to be sold in advertising marketplaces.
Tim Cook made a hard decision to not cooperate with the FBI a few years back, and yet no one is giving him credit for it. It turned out he was right, that entrusting anyone, even a supposedly secure government agency could turn out badly. Imagine the havoc that we may have narrowly dodged if a similar tool, with Apple’s blessing, had leaked and was exploited to disable or abuse millions or hundreds of millions of iPhones.
Sometimes, it’s a win when you dodge a catastrophe, and while we may never know for sure what bad things might have happened, Mr. Cook’s action decidedly reduced Apple’s contribution to something like that happening. At the same time, Mr. Cook would never want to be in a position to see crimes happen and not be able to intercede or help. It was a difficult call, but in hindsight, he made the right one. Yet amazingly, we see almost no coverage. No talk or discussion about what could have been one of the biggest decisions in the tech space. But, ultimately we all should acknowledge it.
Tim Cook, you were right.