The Apple versus FBI showdown that's been playing out over the past six weeks is over. But in reality, the battle to circumvent encryption has just started.
Yesterday's news that the government was dropping its case against Apple wasn't a surprise. Last week the Department of Justice informed the courts that it had found a third-party solution to break into the iPhone used by Syed Rizwan Farook and no longer needed the tech company's help. Case closed.
But there are other phones out there, which means there will be other cases. Each device in the possession of local and federal law enforcement is a potential avenue to convince a court to force Apple to circumvent its encryption.
Or the Justice Department can just wait until another phone is used in the course of a crime that's as horrific as the the one perpetrated by Farook and his wife, Tashfeen Malik, in San Bernardino. Higher-profile cases give law enforcement additional leverage with judges and the public. There are hundreds of phones in police custody right now; it's no coincidence the DoJ asked for help with the one used by a terrorist.
Buzzfeed reports that a government official said it's "premature to say anything about our abilities to access other phones." Even if it does manage to use this exploit on other iPhones, there's a chance the FBI won't be able to access new devices from Apple.
Farook used an iPhone 5C. The encryption on this phone is software based. It doesn't have the additional hardware security found in Apple's A7 and later processors. With the introduction of that chip in the iPhone 5S, the company added a secure element that makes it even tougher to crack the encryption on a device. Apple insists that even the company itself can't read the encrypted handshake between the hardware and software when a passcode or Touch ID is used to unlock the phone.
But the thing is, we don't know the full capabilities of the exploit the FBI is using. According to The Guardian, the Justice Department wants the exploit to be classified. So it could potentially keep the vulnerability a secret from not only the public but also Apple. Without transparency or proper disclosure, the capabilities of the tool are unknown. If the government says it won't work on an iPhone 6, we have to take its word for it.
So while Apple has stated that "this case should never have been brought," it should prepare itself for others like it. And not just Apple: Other tech companies like Google and Microsoft should be ready for a call from the FBI, CIA, NSA or Homeland Security if an encrypted device is used during the course of a crime.
All the government needs is to set a precedent to circumvent encryption. If the courts rule that a company has to help law enforcement bypass the security of a device, it doesn't matter if it's Apple or not. It'll be the first step in a series of court battles against tech giants that'll be tougher to fight as more phones are unlocked.
There are now two security races going on. One is to build tougher encryption to keep hackers out of users' devices. The other is to build a legal team to keep the government out of users' phones. It's not a quick sprint solved by a single case. This is an ultramarathon that started with that first motion.