Government should inform private companies about security flaws

Arnav Damodhar | Staff Writer


Government should inform private companies of security flaws

After a long and bitter dispute between Apple and the FBI, the FBI emerged victorious even without Apple’s help.

The FBI has gained access to the iPhone used by one of the gun men involved in the San Bernardino shooting in December 2,  and has now dropped its case against Apple. Government officials said that they were able to break into the iPhone with the help of an unnamed third party. The third party had the best intentions on its mind when it was helping the FBI, but this action can now set a precedent for what extremes a law enforcement agency can do to compromise privacy in the name of security.

The controversy first ensued when U.S. Judge Sheri Pym ordered Apple to unlock the iPhone. It was a violation of privacy, causing many companies to come to Apple’s aid. This landmark case attempted to the answer the role of government in our private lives and to what extent can privacy be sacrificed for security.

But what is most frightening is that instead of having the judicial body decide this boundary, the FBI has set its own boundaries.

The fact that the FBI was able to hack the iPhone suggests that Apple’s security is not as great as it was thought to be. Apple’s security system, iOS 9, was supposed to be the most protective and the hardest to hack. Apple now needs the the help of the FBI to comprehend what was wrong with its encryption in the first place, but the FBI denies to help Apple in any way. Though the FBI is not legally obligated to inform Apple about its security flaws, it does have a moral obligation.

The FBI’s ability to hack into this iPhone, means that it will be able to hack into other iPhones in the future. The debate was never about one iPhone but millions. The ability and jurisdiction to hack one phone compromises the security of the other millions.

The dilemma now is if tech companies should be notified of their flaws or should they wait till government authorities expose it through using bugs, like the FBI did. Though government entities may not have a legal obligation to reveal the information to the companies, in a world where we rely more and more on technology every day, it is imperative to protect our computers as they contain classified information on commerce and communications.

The National Security Agency, for example, took advantage of the way websites communicate sensitive data like account information for two years before private researchers discovered the flaw and amended it. The NSA was certainly beyond its jurisdiction to silently harvest data without informing the websites. We as citizens have a right to privacy and the government should do its part to inform us how we can ensure that our privacy is secure. We should stand strong and against the government when it undermines our enumerate right.

That’s our right. That’s our duty.