Business Monday

Co-opting business for government hacking

A recent order requiring Apple to produce a hackable version of its smart phone operating system raises serious concerns for businesses. If Apple can be forced to facilitate government hacking, then any business is subject to being co-opted simply because our government has invoked the phrase “national security.”

We live in a world with very little privacy. Our activities on the Internet can be easily tracked, and even electronic devices that we may carry are capable of allowing others to track our movements. Nonetheless, there are also technologies that can help us maintain some, albeit minor, privacy, and perhaps the most common is encryption.

Strong encryption combined with other security features in our personal electronic devices (e.g., features that delete all data on a device after 10 failed password attempts) help maintain what little privacy exists today. That presents a significant challenge to the government when, for instance, it attempts to hack into a phone. Even the relatively outmoded 128-bit encryption used for Internet traffic allows for a considerable number of key combinations (the number of possible key combinations is 2 to the 128th power, which roughly translates to a very big number beginning with 339 and followed by 33 zeros). A brute force attempt to decrypt the data on a smart phone would potentially need to run through considerably more than 10 key combinations.

Because the government cannot easily hack the encryption on an iPhone, U.S. Magistrate Judge Sheri Pym ordered Apple to provide assistance in doing so. Her order is not limited to requiring that Apple provide the government with data in its possession or to providing technical guidance. Apple claims to have already done both. Instead, Pym’s order requires Apple to create a version of its iOS operating system susceptible to being hacked so that the government can automate its efforts to hack the encryption protecting data on the phone. Such an order raises significant constitutional concerns.

The Fourth Amendment was established to limit government intrusion: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” This amendment protects our “papers,” even though we may live in a digital world where our papers are maintained in an electronic device.

However, the larger question is whether the government should be able to co-opt a businesses’ resources, and dictate that a business produce products susceptible to being hacked, simply because the government claims it is acting in the interest of national security.

Businesses need to give careful consideration to the very rights that we are supposed to enjoy in our democracy, and which the Bill of Rights safeguards. Pym’s order starts us down a very slippery slope, and at stake are the very liberties upon which this country was founded.

Samuel Lewis is a partner at Feldman Gale, P.A., in Miami. He can be reached at SLewis@FeldmanGale.com.

  Comments