Left to Our Own Devices
Medium co-filed an amicus brief yesterday supporting Apple in its refusal to create custom code for the FBI that would weaken iPhone security. This brief was a joint effort with 16 other Internet companies, including Automattic, Reddit, LinkedIn, Kickstarter, GitHub, and Twitter. Combined, over a billion people use our products and services.
What does the FBI want Apple to do?
Granting the FBI’s request, the court ordered Apple to write custom code that allows the FBI to brute force open an iPhone used by San Bernardino shooter Syed Rizwan Farook.
The custom code would update the phone’s OS to do three things: (1) remove the “10 passcode attempts or everything is erased” feature; (2) remove the time lag between each attempt; and (3) allow passcode input from an external device rather than the touch screen.
Why oppose this?
There’s been a lot of opposition to the FBI’s request for many reasons, including fear that the code will almost certainly fall into other hands; that the government may not restrain its future use of the custom code and if it doesn’t, we won’t have any way of knowing; and, most broadly, that this precedent will provide a basis to force tech companies to undermine their own products’ security in the future. Congress held a hearing on these issues last Monday.
We submitted this brief for our users. We think every single day about how to earn and keep our users’ trust — through transparency and clear language, through privacy policies that go beyond, through security, and many other ways. The government is asking Apple, and, if successful, all of us, to weaken the technical security and user trust that we work so hard to build.
We told the court that we strongly oppose a precedent under which law enforcement can have companies ordered to weaken their products’ security in ways likely to be systematic and uncontainable. We do and will continue to cooperate with law enforcement to help keep people safe by giving them information they need to investigate wrongdoing. However, we do so under well-established and more transparent ways of seeking the information, such as subpoenas.
There are more than enough inadvertent security flaws in the world. Creating them intentionally and on demand would make us all less safe.
Here’s the brief:
Apple has collected the various amicus briefs on its website including submissions from another group of tech companies, civil society groups like the Electronic Frontier Foundation, and a group of redoubtable crypto nerds.