Co-written by Alex Mitchell and Alex Schulz
History has shown time and time again that there is no such thing as absolute security. Apple’s recent scuffle with the FBI, a weeks-long battle over unlocking the iPhone of one of the San Bernardino attackers, seems to be offering society a not-so-subtle reminder of this valuable truth. It’s a lesson that we should all take seriously when it comes to security communications.
Bear with us for a little history. Absolute security did have a moment of existence, but only for a short time. In the 1770s, English locksmith Joseph Bramah introduced a lock that was unbreakable. He was so confident in its design that the lock sat in his shop window for years, with a prize going to anyone who could crack it. For many years, this lock remained unbroken, and with it, the notion of perfect security stayed alive.
Almost a century later, on the first day of the Great Exhibition in London, an American locksmith by the name of A.C. Hobbs declared he would crack Bramah’s lock, a seemingly incredulous claim; Hobbs sprung the lock after working on it for 52 hours over 14 days. Just like that, years of unbeaten technology was undone by Hobbs in a matter of hours. Absolute security was no more. (Check out this episode of 99 Percent Invisible if you want a deeper dive on the history of locks.)
Fast forward to 2016, Apple has replaced Bramah, the FBI has taken on the role of A.C. Hobbs, and we are again examining the fleeting notion of perfect security.
There is no doubt that the legal battle between Apple and the FBI has addressed a number of interesting topics. Can the government compel a company to modify its own software? What is the “proper” balance of privacy and national security? Did the FBI accidentally reset the password?
But beyond those questions, the entire case was built on the premise that there was no way to unlock the phone without Apple’s assistance. In short, the FBI publicly stated that Apple had achieved perfect security.
And then, on March 28th, the night before both sides were due to reappear in court, the FBI filed a 3-sentence motion, announcing it had secured an alternate method of accessing the iPhone and no longer required the assistance of Apple. The government withdrew its suit against the company, and just like at the Great Exhibition in 1851, the idea of absolute security dissolved.
Though the FBI’s motion may have been small, the implications of the bureau’s actions are profound. While the cybersecurity community understands that most locks can be broken, given the necessary time and resources; the general public has come to believe in, and rely on, the notion of perfect security when they use online banking, store their information in electronic medical records or fill out a Web form. This principle is a sacred cornerstone for businesses in the intelligence, security and technology sectors, and Apple stood on this cornerstone in refusing the FBI’s court order.
In one quick moment, the FBI, like A.C. Hobbs, struck a fatal blow against the perception of perfect security. Consumers, companies and industry experts alike would do well to remember that when approaching an issue of security, nothing is truly “uncrackable.”
The FBI’s capacity to unlock the phone is an important moment in security communications. The intensity of the debate over the lawsuit demonstrated the passion surrounding privacy and security. The hacking of the phone has made it common knowledge that no single security solution is forever. Going forward, the idea that we can provide customers with perfect security is dead – only to be replaced by nuance, subtlety and caveats.
In a world where simplicity, sound bites and taglines rule all, communicating about security just became much, much trickier.
Co-written by Alex Mitchell and Alex Schulz
History has shown time and time again that there is no such thing as absolute security. Apple’s recent scuffle with the FBI, a weeks-long battle over unlocking the iPhone of one of the San Bernardino attackers, seems to be offering society a not-so-subtle reminder of this valuable truth. It’s a lesson that we should all take seriously when it comes to security communications.
The Unbreakable Lock
Bear with us for a little history. Absolute security did have a moment of existence, but only for a short time. In the 1770s, English locksmith Joseph Bramah introduced a lock that was unbreakable. He was so confident in its design that the lock sat in his shop window for …
Continue reading >
