In having discussions about home connectivity and the Internet of Things coming to your living room, one of the most common questions or concerns I hear goes something like:
Well doesn't that mean the government can listen in through your Echo?
And you can insert "Kinect" or "Smart TV" for Echo and often "corporation wanting to use your private information to sell you stuff".
Actually that second one is plausible, just not really in the Big Brother kind of way people assume. To avoid going into detail, let's just say if you compare using your Smart TV like how you use Chrome you'll get the basic idea.
The former, that the NSA will spy on you through your smart device, is really just ludicrous. It would be asking a company to open a backdoor into their software which performs nothing useful for them. It would make their software less secure on a fundamental level, probably less performant (voice processing is not cheap on a CPU level for instance) and would result in massive, seriously massive, amounts of data with extremely low amounts of actual data.
In light of the FBI's recent actions, however, I must confess that by "ludicrous" I mean "increasingly plausible". Which is more than a little scary.
Now as many people have pointed out to me recently, corporate collusion with the government isn't terribly new. Telecom, Internet Service Providers, and consumer tech companies have all responded to requests for data and technical support to assist the government in a variety of ways.
To that narrow that down to the relevant, Apple themselves have unlocked 70 phones for the feds in the past. However, Apple has recently been trying to put the blocks on the request by both entrenching themselves legally and most notably, encrypting iOS so that they couldn't simply unlock the phone anymore.
It is very, very important to note that previous requests did not require Apple to create new software specifically to break their old software. Apple intentionally backed the government into that corner.
Now let's take a step back and take a look at what exactly the FBI is asking. They are using the All Writs Act to justify this request. It is not part of the Patriot Act, it is not part of the DMCA, nor it is part of CISA. In short, it is not backed by any action from Congress even remotely related to technology in the last three hundred years.
Actually, more like 350 years. In fact, when All Writs was created in 1651 the first calculating machine wouldn't be invented until twenty years later.
So it's not like Apple is exactly stretching when they ask where the legal foundation for this request exists. All Writs is effectively conscripting a civil entity for government action. It's like in those old westerns when the local hick gets deputized so that the sheriff can have someone else get shot.
That lack of a legal framework also makes it very difficult to believe the FBI when they say it won't be made into a precedent because there is absolutely zero safeguards in place to keep it from becoming exactly that.
Wired accurately put it this way:
“The precedent isn’t that they unlock one phone,” says Jake Williams, CEO of Rendition Infosec. “There’s no reason down the road they can’t go to Microsoft, or anyone else, for that matter, to create some intentionally vulnerable applications.” In the scenario Williams envisions, the FBI could force Microsoft to send out a malicious Windows update to any machine connected to a specific IP address, like the Wi-Fi at a coffee shop.
Or, for instance, have Amazon push an update to your Echo which doesn't wait for a wake word to start listening.
The FBI is asking Apple to open Pandora's Box.
The question should not be whether Apple is right to question that request and challenge it in court.
The question should be why if this is a legitimate request from law enforcement with no impact outside of their investigation that no law in the last three hundred and fifty years codifies how it should and should not be used.
The question is why we didn't have this fight decades ago.
Apple is right. But that doesn't even matter. If the FBI is right, it is their responsibility to go to Congress and have our democracy lay the foundation for how and why they are right.
Because this is way too important for "because we asked" and "you can trust us".