First a little background.
As everyone who reads this blog I am sure knows, several months ago, the Gadget blog Gizmodo purchased a then secret unreleased iPhone from someone who claimed to find it in a bar. Gizmodo then wrote a major article about the phone and then gave it back to Apple.
What has followed is an investigation by local police, kicked off with a search warrant executed on the home of Jason Chen editor of Gizmodo, looking for evidence to support a criminal case against him for "theft" of the already returned phone. They broke down his door, when he was not home, and took all of the computers out of his house.
Fast forward to last week.
On Wednesday, Gawker published an article about a major security flaw in iPads discovered by Goatse Security. Goatse did not publicize the security flaw until it had already been closed there was no opportunity for the flaw to be exploited. AT&T then blamed their security failure on the whistleblowers.
Unauthorized computer “hackers” maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service.
The fact that AT&T chooses to blame the people who found the problem and reported it is bad enough. It is pretty clear to everyone in the tech universe that what Goatse did was a service to the community and that blaming them is lame. But what follows is truly shocking.
Today the leader of the Goatse team, Andrew Auernheimer, had an FBI search warrant executed against him.
Are you getting the pattern now?
Unfortunately, it gets worse. In executing the search warrant, the FBI found drugs, and arrested Auernheimer on possession charges. Now I have no idea if Auerheimer is an overall good guy. And I am not a drug user and personally dont like the idea. But the idea that the FBI gets to ransack your home because you told on some huge corporation who couldn't give a hoot about your security unless they are publicly embarrassed about it is the ultimate example of no good deed going unpunished.
And while there will be lots of talk in the coming days about AT&T, security, and the Goatse situation, I want to focus on a larger issue.
Why is it so easy for these huge private companies to get law enforcement to do their bidding?
In the Apple case, I'd really like to know how easy it would be to get a "task force" to search for evidence that *MY* **RETURNED** phone was "stolen".
The truth is that if you are just some regular schmo, and you go to the police and tell them your kid is missing, they will tell you you have to wait 24 hours, no matter how egregious the situation. But in the case of a lost but quickly returned phone, they have no problem sending in a crew of cops to ransack someone's house.
We all know that in the case of Apple, their beef isn't that Gizmodo bought the phone. Their beef is that Gizmodo wrote an article about their secret phone. If Gizmodo had bought the phone and returned it without writing the article, do you think there would be an investigation?
But Apple doesn't have a legal right to secrecy. They have to achieve that secrecy through vigilance. If they fail, there is no legal remedy unless it is some form of breach of contract in connection with a non-disclosure. It is certainly in no case criminal. But what law enforcement is really doing here is creating a punishment for having exposed Apple's secret, because even if they don't ultimately pursue a case, the horror of being searched and investigated by the police is a powerful deterrent.
To suggest anything else is patently absurd.
In the case of AT&T of course we don't yet know all the facts. But if things play out the way they look, its more of the same. Law enforcement is punishing someone for exposing an embarrassing corporate secret. This should not be the role of law enforcement in our society.
We should all have equal access to the law, and certainly there is no way in hell that I could get the police to investiate someone who returned my missing property. Ever. Of course I know that in this country you get as much access to the law as you can afford, but the fact that Apple can induce a criminal investigation that no regular person or even regular corporation could is scary.
Similarly, as far as I know, there has never been a case of the FBI investigating someone for exposing a security exploit even if they did so before the exploit had a chance to get fixed, which it did in this case. This case represents a new danger to all of us if security researchers are now punished for exposing their discoveries.
The bottom line is that if we are not careful, we are at grave risk of our freedoms being eroded. The usual concern about such issues is that government is too big. That is not my worry because no matter what, government will, by necessity, be big. My concern is who controls it. Because if Apple's or AT&T's vote counts more than mine and yours, we have a problem.