There has been quite a lot of internet noise in the last few months about the FBI’s demands of Apple that it decrypts the data on the iPhone recovered from the San Bernardino mass shooting, an act of terror that shocked the entire world. There is a lot of emotion packed into the desire to hunt down terrorists and attempt to protect the American people from its horrors but consequential decisions should be evaluated and weighed and not decided based on the emotional desire to prevent evil.
So what exactly is the FBI asking Apple to do? The FBI has long since been advocating for US tech companies to build a back door into their secure devices and services, a method to bypass the strong encryption that is becoming the standard now.
The FBI’s claim is that the technology sector could easily implement a system that would allow law enforcement agencies to decrypt communications with proper authorizations without compromising the end user security. On the other side, almost all prolific information security specialists have come out contrary to that notion, arguing that any weakening of security would be exploitable by unfriendly actors and would greatly diminish the benefits of encryption. It is worth noting that the experts are correct and even the NSA has backed the position that any back doors will seriously degrade security.
In the San Bernardino case the ship has already sailed for having Apple build a back door into their iPhone encryption and in fact, since iOS 8, they have been encrypting devices by default with a key that is tied to the passcode and not shared with Apple. It can also be configured to wipe the device if the wrong passcode is entered into the phone ten times in a row.
This has prevented law enforcement agents from accessing the information stored on that device and, according to the FBI, holding up the investigation. So now, the FBI is asking Apple to assist with just this one case and develop an alternate version of iOS to install on that phone in order to either decrypt the device or allow them unlimited attempts at the passcode. Because the request is being directed towards a single device, it seems on the surface to be more reasonable than implementing a back door into all of their devices; however, it is exactly the same request and Apple has responded in kind.
In Tim Cook’s letter to Apple’s customers he is quite explicit in the fact that Apple has already provided all information and tools at their disposal to the FBI and what the FBI is asking for is not something that currently exists.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
This statement is telling because it is clear that Tim Cook has correctly identified the FBI’s true motives in their request to unlock the San Bernardino phone, which would allow them to replace the operating system on any encrypted iPhone they come across. What the FBI is asking for does not currently exist. The only reason for creating it would be to undermine the security of Apple’s users.
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.
The reason why it is so critical that Apple responds in this way is that it sets a precedent among operating system vendors to prioritize the protection of their users over flawed court orders demanding that they break that. Remember, this is not Apple’s property they are being asked to turn over. They are being asked to develop a technology to hack their own users in order to facilitate the FBI’s recovery of information from one of Apple’s customers and in turn, all of Apple’s customers.
There are two important arguments mixed in with the emotional narrative of preventing terror attacks: the first is that Apple is not the holder of the key to that phone and the second is that Apple has no method of decrypting that phone without the key.
Because the encryption key is only held by the user, there is no technological way that Apple could decrypt that phone for the FBI any easier than the FBI could do it themselves. The second point is more important, and that is that because there is no technological method to decrypt this phone, the FBI cannot simply hand it to Apple and request the data.
If, however, they force Apple to develop a method of replacing the operating system on an encrypted iPhone just once then it will be known that a method exists and it will make the first point irrelevant, since Apple will have a method of decryption. Once they do, there will be more court orders demanding that iPhones be decrypted from various law enforcement agencies. British, French, Russian and Chinese law enforcement agencies will begin demanding that Apple decrypt phones for them. The method will leak and the iPhone will no longer have any semblance of security.
After the method to decrypt an iPhone is leaked, sold, or stolen, Apple will be forced to once again fundamentally alter the security of their devices, locking everyone out again. This time there will be precedent for the FBI to demand they break their own security and the cycle will repeat itself. Not only that, but other tech companies with whom our data is trusted will be forced to develop methods to compromise their security, so it is important that Apple continue to stand with their users against the full force of US law.
Microsoft has been fighting this war with the United States over data stored in overseas cloud accounts and Apple is fighting it over data stored on our personal devices. The FBI is not asking Apple to help stop terrorism. They are asking them to attack their own customer base and Tim Cook’s response has shown that Apple will not fold, at least not yet.
Phone theft lock image by Shutterstock