As the push-pull relationship between Apple and the FBI unfolds through the mainstream media headlines, a multitude of questions and concerns come to the forefront – and for those of at the leading edge of cyber security research, this situation in particular hits close to home.
Most agree that in this case, the iPhone security vulnerability was disclosed for the greater good, but on a broader level the fast-paced, modern reality of security technology leaves room for debate and looming questions of morality.
The hacking world for the most part has been kept under wraps, but as complex situations involving smart devices, terrorists and national security happen more frequently, hackers and their unique abilities are becoming more known and crucial to national defense organisations – such as the FBI.
To most of the common population, the term ‘hacker’ is usually considered negative – in light of recent events, however, that stigma is changing ever so slightly. White hats and now ‘gray hats’ are changing the negative persona most people had in mind when they thought of a hacker.
In fact, most people are oblivious to what makes hackers so helpful – they have done some great things for the improvement of the internet and technology in general.
When it comes to coding and programming, hackers know the latest and greatest. A hacker’s vocal or viral critique of software encourages companies to pay close attention to their product’s security measures, benefiting consumers substantially.
Although using a hacker’s abilities to inform companies of their vulnerability can be extremely helpful, problems arise when hackers (with the exact same capabilities and knowledge) could also turn around and sell those vulnerabilities to the highest bidder, or steal personal data for their own benefit.
Like any form of intelligence, what matters is how it is being used and what kind of impact it will have. Technology in general is constantly evolving and changing – the law and government protocol, however, couldn’t be more contrary.
It would be next to impossible to come up with the proper protocol or procedure for every single security breach in a responsible amount of time – every situation is different and the circumstances are always changing.
While there are few details about what the vulnerability the FBI used was, and from whom it was purchased, in countries like the US and Germany the simple act of attempting to find vulnerabilities in software is generally illegal.
Moreover, while it’s easy to say that privately selling vulnerability information to the FBI was for the greater good in this case, the people who engage in such sales don’t generally pick and choose their customers. How would we feel if the same vulnerability was sold to a government with a history of human rights violations, or a criminal organisation? It’s difficult territory.
Ultimately, if the law catches up to technology and the digital world, defense organisations have to do what they think is best in the short term – and most importantly, what call of action will save the most lives with the least amount of damage.
It was much better for the FBI to engage in the arms race through outside hacking than to use the power of law to coerce companies like Apple into weakening the security of their products in a permanent way.
If this calls into question the matter of privacy and illegal hacking practices, it is a double-edged sword regardless – and that can be a good thing.
Sourced from Oliver Lavery, VP of research, IMMUNIO