When FBI director was first asked if he had any intentions to force Apple to unlock more than the single iPhone 5C in question, he answered “unlikely to be a trailblazer” for setting a precedent for other cases. But a week later when asked before a congressional panel under oath, he said the judgement on this single iPhone would be “potentially precedential” for Apple and other technology companies. So do the Feds want Apple to create a one time backdoor for encryption or do they want the keys to all the doors? They want both.
How Apple Went From Complied To Compelled
Using the All Writs Act, the FBI has always enjoyed a vaguely worded but dominant relationship over telecommunications companies. Now they are leaning on America’s tech companies but recently running into some strong resistance. Recent polls show the public now backs Apple and the FBI in equal parts in the San Bernardino iPhone 5c case with Apple gaining support from many tech companies, law professors and elite iPhone hackers. Public opinion has swayed but what about Apple and the FBI’s stance?
When the news of these tragic terrorist attacks first broke, Apple was already working closely with the Feds to help out but they were publicly silent on the whole case. Apple initially wanted sealed court documents and to proceed just as they had before in working with the FBI. The plan was to simply guide law enforcement to backup the latest data from the iPhone to iCloud at which time Apple would hand over that data to the Feds. It was a working relationship that kept Apple out of the law enforcement’s hair while being only a minor burden upon Apple. But the FBI (for reasons still unclear) ordered San Bernardino to change the iCloud password putting an end to easy data extraction.
Now Apple is tasked with re-writing their own iOS in order to weaken security and they are fighting back. And the FBI have gone from a reasonably secure working relationship with Apple to statements like, “Apple’s rhetoric is not only false, but also corrosive of the very institutions that are best able to safeguard our liberty and our rights.” Is it even possible to go back to the way it was? Not really, but that’s the way both sides want it.
Skirting Around Encryption Entirely
Depending upon whom you ask, the NSA, China and an assortment of bad actors have broken Apple’s encryption or have had Apple write secret backdoors for them already. Famed cybersecurity expert Bruce Schneier says “We simply have no idea who already has this capability.” but goes on to write of law enforcement that “They would need to have stolen Apple’s code-signing key so that the phone would recognize the hacked as valid” in order to make this and future hacks without the help of Apple. But why steal the master key when you can force the key maker to give you one?
In court papers filed just this week, the DOJ wrote in a footnote, “The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers.” The DOJ is beginning to show their claws here with a veiled threat hiding a no-win scenario. Either Apple can continue to fight and risk losing everything or they can just give up their source code now and risk losing everything. If the courts were to force Apple to hand over their source code and electronic signature (the only thing keeping the powers that be from placing backdoors into seemingly harmless security updates), there would be no need for brute force attacks or encryption backdoors anymore. Clearly, any law enforcement agency that stands to save an hour, day or week by using their own security backdoor will take that option every time but that is where Apple and law enforcement continue to butt heads.
Caught Between Criminals and Law Enforcement
In his counter testimony to Director Comey, Apple’s lead counsel Bruce Sewell told committee members that if Apple complies with the FBI’s request to help unlock the San Bernardino iPhone, “it will weaken our security, but it will not affect the terrorists.” Apple’s stance has always publicly been to uphold the law and assist the FBI in any reasonable way but they also reserve the right to question and fight legislation that forces them to weaken security for their users. But in an effort to avoid getting caught between criminals and law enforcement, Apple has managed to place itself centerstage in the trial of the year.
With invitations for a March 21st event from Apple going out this week, it’s hard to not see them take the opportunity to publicly re-state their stance and get in a last jab before facing off with the FBI in court on the very next day. Both sides have played a good PR game but can even the largest corperation in the world stave off attacks from a behemoth like the U.S, government? We shall see.
- Stalking has never been easier so let’s change that - 02/08/2023
- This is why nobody is allowed a cell phone in classified debriefings - 11/18/2022
- Death of the VPN: A Security Eulogy - 08/24/2022
[…] conversations we are having right now on encryption are beginning to wake up the IoT industry to the dangers of weak security facing billions of […]
[…] The conversations we are having right now on encryption are beginning to wake up the IoT industry to the dangers of weak security facing billions of devices. Unfortunately, the government’s basic lack of security understanding risks undermining that entire effort. We need government to legislate and law enforcement to prosecute bad actors but if they can’t distinguish the difference between their citizens’ privacy they are employed to constitutionally protect and the terrorists and hackers they are commissioned to prosecute, they will never be effective in helping IoT stability and security advance. It’s not government’s job to innovate and drive the tech industry just like it’s not Apple’s job to help police terrorism by weakening their own security. […]