Apple CEO Tim Cook on Wednesday cited backdoor access to health records as just one of many violations of privacy the FBI would be guilty of if the iPhone maker agreed to create a means to unlock a user’s smartphone.
Cook made the argument in an open letter strongly rebuffing the U.S. government’s efforts to get Apple to unlock an iPhone owned by one of the terrorists involved in the December attack in San Bernardino, California.
Cook said the protection of consumer privacy is paramount, and that Apple creating a program to unlock an iPhone and turning that program over to the FBI would endanger the security of the data, including personal health information, on every iPhone user’s device.
“We oppose this order, which has implications far beyond the legal case at hand,” Cook wrote. “Smartphones have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.”
All of this information must be protected from hackers and criminals who seek to access, steal and use it without the knowledge or permission of consumers, Cook said, adding that when the security of personal information is compromised, it can ultimately put personal safety at risk, which is why encryption has become so important.
Apple has provided the FBI with data in the company’s possession, and has made Apple engineers available to advise the FBI, offering ideas on a number of investigative options, Cook wrote.
“But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” he added. “They have asked us to build a backdoor to the iPhone. Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software – which does not exist today – would have the potential to unlock any iPhone in someone’s physical possession.”
Building a version of Apple’s iOS mobile operating system that bypasses security in this way would, without question, create a backdoor to the iPhone, Cook wrote.
“And while the government may argue that its use would be limited to this case, there is no way to guarantee such control,” he said. “Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks.”
The clash centers on how the iPhone locks. Users of the iPhone choose a numeric passcode to lock their devices, a passcode generally familiar only to them. The iPhone then ties device encryption to a private user’s passcode, which becomes the encryption key, so even Apple cannot access the device.
Should the FBI win and gain a precedent for forced circumvention of security capabilities, then all data that resides on any device could be at risk, said Jeff Pollard, a principal analyst at Forrester Research Inc. who specializes in data security and hacking.
“This should force consumers and creators of apps to think in broader terms about healthcare and other data used, stored and transmitted,” Pollard said. “However, when building an application that relies on sensitive data, developers of said application shouldn’t rely on any individualized aspect of a device’s security, but instead approach their application and the data it uses from a security standpoint including use of certificates and encryption where available.”
Undermining the strong encryption found on Apple’s iPhones would be disastrous for healthcare users, whether the users are consumers with mobile health apps or clinicians with clinical apps on their respective iPhones, said Lynne A. Dunbrack, research vice president at research and consulting firm IDC Health Insights.
“HIPAA mandates that protected health information created by covered entities be encrypted,” Dunbrack said. “If the FBI succeeds and forces Apple to create a backdoor to unlock the iPhone, then what happens if that backdoor technology falls into the wrong hands? Information stored on the device would be vulnerable to hacking, and if the device was owned by a clinician or healthcare organization, the covered entity responsible for that data could face stiff HIPAA penalties if protected health information is compromised.”
Fill In The Form Below for industry news, and information about our services, events, webinars and more.