Google, Microsoft back Apple on encryption; Trump blasts Apple
Earlier this week, a federal judge ordered Apple to provide the FBI with a custom version of its operating system that can bypass the encryption Apple built into iOS 9 and prevent the phone from deleting its own data after 10 failed attempts to unlock the hardware.
Earlier this week, a federal judge ordered Apple to provide the FBI with a custom version of its operating system that can bypass the encryption Apple built into iOS 9 and prevent the phone from deleting its own data after 10 failed attempts to unlock the hardware. Apple’s CEO, Tim Cook, released a strongly-worded letter in which he vowed to fightthe order in order to protect Apple customers’ right to privacy.
Now, other major voices in the tech industry are publicly backing his statements, while politicians decry Apple’s actions. Google’s CEO, Sundar Pichai, released a statement of his own, saying: “We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders,” Pichai tweeted. “But that’s wholly different than requiring companies to enable hacking of customer devices and data. Could be a troubling precedent.”
Google CEO Sundar Pichai
The Reform Government Surveillance organization, of which Microsoft is a member, released a statement that indirectly backed Apple, even if the group didn’t mention the company by name. It recognizes the need for legitimate law enforcement activities, but states: “[T]echnology companies should not be required to build in backdoors to the technologies that keep their users’ information secure. RGS companies remain committed to providing law enforcement with the help it needs while protecting the security of their customers and their customers’ information.”
Donald Trump weighs in
None of this sat well with Donald Trump. During an interview on Fox and Friends , the presidential candidate blasted Cook for his stance on encryption. “To think that Apple won’t allow us to get into her cell phone, who do they think they are? No, we have to open it up.” (The phone in question actually belonged to Farook, the man involved in the San Bernardino shooting, not his wife, Tashfeen Malik.)
“I agree 100% with the courts,” Trump said. “In that case, we should open it up. I think security overall — we have to open it up.”
I suspect Trump’s statements will resonate with many people, if only because the San Bernardino shootings, which killed 14 people, were the worst terrorist attack within the United States since 9/11. The FBI wants Apple to unlock a terrorist’s property so it can conduct counter-terrorism operations. Why would Apple stand in the way of that?
Why Apple won’t back down
It’s important to understand the precedent the government is attempting to create with this case. Apple has been ordered to create a modified iPhone software file that does three things:
1). Bypass or disable the auto-erase feature that deletes all phone data after 10 incorrect login attempts.
2). Enable the FBI to automatically submit mass codes in an attempt to crack the device without being required to type them on-screen.
3). The software must not introduce a delay between entering passcodes other than that required by the underlying hardware.
The court order mandates Apple must customize this software in a way that only allows it to run on the target device. This is clearly meant to assuage concerns that the software might be deployed indiscriminately — but it’s not clear that Apple can actually implement that restriction in a way that absolutely guarantees the file couldn’t be modified to run on other devices.
Apple, in other words, is being ordered to create software that deliberately compromises its own product’s security. While the judge clearly believes that the software can be kept from leaking to the Internet, history tends to suggest otherwise.
Magic backdoors that only open for the right key one day of the year belong in stories about elves and dragons
Once this precedent is set, it will be used. Again, history is an effective guide. Law enforcement officials in the United States have justified extensive surveillance programs and data sweeps because the 1979 case Smith v. Maryland allowed investigators to install and use pen registers. A pen register is a device, typically installed at a telephone company’s central offices, that records the outgoing phone numbers dialed by a single user (but not the conversations).
Nothing in the text of the Smith v. Maryland decision suggests that the justices envisioned a future in which their ruling would be used to justify mass surveillance of the entire Internet. Yet here we are.
Apple isn’t fighting this order because it wants to shield terrorists or prevent the FBI from investigating this specific case. It’s fighting the order because it knows that if the order stands, it will be flooded with demands for device unlocks both in the United States and abroad. The software will eventually leak, it will be abused by law enforcement, and the end result will fatally compromise iDevice security. Google, Microsoft, and every other smartphone vendor will be roped in, in very short order. The government would doubtlessly order Intel, ARM, and every other security vendor to implement similar procedures in their own products (think TPM on Intel systems and ARM’s TrustZone).
Device security is challenging enough already. Forcing companies to compromise their own encryption standards in the name of safety will not improve the situation.
Comments
Post a Comment