The escalating battle between the FBI and Apple reached a temporary ceasefire after the Bureau managed to hack San Bernardino shooter Syed Rizwan Farook's iPhone without Apple's help. Professional hackers identified a security flaw that enabled the FBI to build new hardware to hack the phone.
While that battle may be over, the war goes on. In the wake of the controversy, Apple rolled out security upgrades to make its phones even harder to hack, while continuing to develop encryption methods to further harden iPhone security. Meanwhile law enforcement remains concerned that tighter smartphone security measures may inhibit their ability to pursue criminal cases.
Fallout from the FBI-Apple encryption debate lingers, fueling policy debates and security technology challenges that continue to impact consumers.
More Debate on Security vs. Privacy
The policy debate over balancing security needs against privacy concerns continues with renewed impetus in the wake of the Orlando shooting. Within three weeks of the FBI announcing it had hacked Farook's phone, Senate Intelligence Committee members Richard Burr and Dianne Feinstein introduced a draft of legislation that would mandate private companies to assist government investigators seeking to access locked data. Following the Orlando shootings, CIA Director John Brennan testified to the Senate Intelligence Committee that the law's failure to keep up with technology gives terrorists a potential means to evade U.S. intelligence. Brennan did not directly mention Burr and Feinstein's bill, but instead praised a bill introduced by Senator Mark Warner and House Homeland Security Committee Chairman Michael McCaul calling for a commission to study the matter.
The Burr-Feinstein proposal is meeting resistance from the tech community. Cybersecurity professor Susan Landau, a former Google privacy analyst, has published an article in "Science" arguing that the FBI's demand to force Apple to hack its phones reflects a misguided approach. The FBI wanted Apple to create a custom operating system that would bypass normal iPhone security measures, and Landau says that creating such a security bypass would effectively create a key that could be misused by malicious parties, enabling criminals to impersonate smartphone users and compromising everyone's security. Landau suggested that instead of forcing technology providers to weaken security measures, the FBI should develop its own hacking capability.
For its part, Apple renewed its commitment to protecting user privacy in a keynote speech at the Worldwide Developers Conference held one day after the Orlando shooting. This cycle of debate between security and privacy advocates will undoubtedly continue as Congress considers the Burr-Feinstein and Warner-McCaul proposals.
More Pressure on Technology Providers to Develop Security Innovations
The intelligence community's efforts to bypass smartphone security have put more pressure on technology providers to develop security innovations. Apple has rehired Pretty Good Privacy co-founder Jon Callas, who has periodically worked on encryption for Apple since 1995. Apple unveiled a new Apple File System with stronger encryption at the World Developers Conference and is considering adopting technology that would prevent even Apple staff from accessing customer iCloud data.
Other smartphone providers are also improving their security measures. For instance, the Samsung Galaxy S7 comes with fingerprint security and gives users the option to encrypt their Secure Digital memory card so no one who removes it can read it on another device. Samsung is also set to introduce eye scanning technology and is planning additonal steps to improve security.
More Responsibility for Users to Protect Themselves
Technology providers' best efforts to protect smartphone users ultimately depend on consumers themselves. SociableBlog sums up four simple steps users can take to improve their smartphone security.
1. Lock the phone so unauthorized users can't open it without credentials.
2. Keep your apps updated to incorporate the latest security upgrades.
3. Download anti-malware software to stop the latest viruses, always making sure to download from a legitimate provider and not a malware source in disguise.
4. Activate location-tracking software in case the phone is lost.
In addition to these measures, TigerMobiles.com provides steps users can take, such as choosing a strong password, using two-factor authentication, activating a firewall, using a virtual private network and avoiding insecure networks and downloads from suspicious sites.