Dear hackers; the FBI is hiring. Using the 18th century federal law known as The All Writs Act, the federal government has been trying to compel Apple to decrypt the iPhone of one of the San Bernardino shooters, Syed Rizwan Farook. At issue in the FBI’s pursuit to unlock the phone themselves is the phone’s encryption program that is set to wipe the entirety of the phone’s contents if the FBI’s brute force method guesses incorrectly too many times too quickly. Given that only Apple software can be uploaded to its products, the FBI is now asking Apple to build a decryption framework to upload specifically to the terrorist’s phone in question. The problem is that because Apple has claimed it doesn’t keep a secondary copy of the encryption keys accompanying its newest line of phones (meaning after the phones leave the factory, Apple is unable to decrypt any one particular phone), the software required to unlock just one iPhone could easily be intercepted by malicious hackers and used to remotely unlock any iPhone the hackers desire because the software required to unlock Farooz’s iPhone would be specific to all iPhones. The skeptical should remember that Apple and the FBI are not immune to attacks by hackers attempting to, if not succeeding, to steal damning decryption software. Given the media attention already fixated on this case, if the software needed to decrypt the phone is built, stored, or transferred using any known or detectable servers, the FBI’s single request could compromise every iPhone holder worldwide. What remains to be understood is whether Apple should be legally responsible for tying its own hands by not keeping a copy of each individual phone’s encryption key, effectively creating the “all for one, and one for all” vulnerability for every iPhone should it choose to decrypt just one.With the FBI’s heavy presence in the media compelling Apple to comply in their investigation, the FBI seems to be indicating that this particular legal case for compelling Apple only comes secondary to their plea that technological companies not build and sell products outside of the government’s technological ability to decrypt them. The question of whether Apple will unlock the San Bernandino terrorist’s iPhone seems to already have been resolved, instead, the question that seems more pressing is whether Apple and other technology firms have a legal responsibility to be able to decrypt any product they encrypt in case the federal government needs to gather evidence against criminals using these products. Given that Apple has been touting the nearly unbreakable nature of its products for quite some time, Apple’s loss in this case would only signal to criminals who previously sought out Apple products in order to encrypt their malicious communications that they should move to another more secure communication platform. This would effectively create a deferred criminal effect—moving potentially damning conversations into a new undetectable sphere—and further complicate the federal agency’s effectiveness at intercepting malicious communication nationwide. If any precedent is to be set here, it’s not the tired question of whether the federal government can employ private companies as agents in their investigations, the precedent in question is whether companies should be legally obligated to be capable of decrypting anything they encrypt. With legal frameworks not keeping up with the scale and complexity of telecommunication in recent years, what companies should and should not have to do to comply with government requests has become a battle between ambiguous legal text encompassing any action the government feels necessary for companies to take, and technological limitations of what the company can and cannot do without compromising its own security and that of its customers. It seems unambiguously clear that, by the very nature of what a “request” is, one cannot be asked to do that which it is impossible for them to do. As such, if companies have no obligation to be able to decrypt what they’ve encrypted, technological limitation would always trump government requests and the government would be rendered ineffective at doing its sole constitutional job—protecting its nation’s citizens—and in collecting damning evidence buried in the crevices of technologically savvy products if their own cybersecurity department isn’t capable of decrypting the products themselves. Ironically, the only exit from the government’s pressure on technology firms to comply with their investigations is if the government department in question strengthens its own technological expertise so that they can effectively maneuver the products in their possession without the help of the product’s producer. Perhaps this is a call from technology firms nationwide that only those equipped to handle today’s technological devices will be effective defenders of justice making this case an open application invitation to white-hat hackers everywhere that their government needs them.Aside from reports abroad that hackers have been able to maneuver around Apple’s newest encryption software, the general public should remember that they can only go so far to hold a company responsible for the actions of its consumers. Speaking to NPR about the case on Monday, February 22nd, Cyrus Vance Jr., Manhattan district attorney, made the case for corporate responsibility, arguing that with Apple and Google owning 96.7 percent of the worldwide smartphone market, “we know communications [that] exist on these phones, are being used by the criminals to perpetrate the crimes”. On one hand, if you’re not going to conduct background checks for who can own a Google or Apple smartphone, how can you hold them accountable when their products are used as communication devices to plot malicious crimes against fellow members of society? On the other hand, while building products beyond the scope of decryption as a response to market forces hardly seems unreasonable, knowingly building software that will render a company unable to assist government investigations with national security implications, is a prime incentive for concerned Congresspersons to revise ambiguous legal text lacking foresight of company responsibility post-production of manufactured products. Fortunately for Apple, contextualizing their encryption software in the status quo’s encryption framework, only strengthens their case. Beyond Apple’s encryption software, many customers install additional software packages without traceable authors to answer to. In fact, as a leaked White House Encryption Working Group document points out, “many encryption solutions are open-source projects developed by communities of volunteers that are based in multiple countries…As a result, there may be no central authority that can update these solutions to comply with any requirements for implementing encryption in a manner that would support law enforcement access”. To fix the root of the federal agencies troubles is to acquire hacking talent that doesn’t rely on the assistance of private technology firms to do its job.Perhaps the overreliance on tracking electronic communication has given federal investigators tunnel vision when hunting down criminals, and perhaps the savviest hackers and technology experts will never feel as compelled to work for the government which they see responsible for pushing Google and Apple to develop secure products outside of government reach by extending their own agencies surveilling reach, but what citizens young and old seem to have forgotten is that the success of any company, be it the largest technology firm or not, is not possible if the country in which it is based cannot effectively detect and quell terrorist threats. The case asks us whether we have decided as consumers, before deciding as citizens of democracy, to fire the government as our defender against malicious threats to our nation, and whether we are prepared to live in a nation where consumer facing companies release massively available unbreakable encryption software that protects us against our government while rendering it ineffective at protecting us.This article was written by Ella S. Please send an email to [email protected] to get in touch. Photo Credit: Savan Sekhon via Flickr