Apple, the FBI, and dangerous encryption backdoors
Our own Laura Tribe takes on the recent U.S. court order that could override iPhone security protections, Apple's response and why you should care.
Yesterday evening, Apple was ordered to develop a piece of software to override iPhone security protections. The phone in question, an iPhone 5C, was used by one of the San Bernardino attackers, and the FBI obtained a court order calling on Apple to create a way to override the device’s security and encryption settings, currently protecting the device’s contents, as the police do not have the password.
The obvious argument that police should be provided the information they need in a criminal investigation is understandable, but deeply misleading in this case. The real problem here is that the feds are trying to force Apple to undermine encryption in a way that would render ALL similar devices eternally vulnerable.
In an open letter published on Apple’s website, CEO Tim Cook’s responded:
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
This is a serious concern. Dangerous backdoors would undercut digital security in all facets of our lives.
Why should you care?
Do you have a smartphone? Work or communicate with anyone who does? This affects you.
This is not just about one phone. If Apple is required to create a backdoor to its own encrypted devices, this tool could apply to every device using that operating system – not just the one authorities are currently trying to break.
What would stop the FBI or other authorities from using this on other devices? What if this backdoor falls into criminal hands?
As Tim Cook said,
“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”
Worse yet, this decision could set a dangerous precedent forcing other companies to also create systems to undercut their own security technologies, leaving our sensitive information incredibly vulnerable across the board. And if this dangerous backdoor gets into the wrong hands, it could be used to compromise every similar device.
Be assured, this will not stop at Apple. The iPhone happens to be the technology up for debate in this current case; but if one company can be forced to do this, the rules could be used to apply to others.
The decision uses an 18th century law, the All Writs Act of 1789, which has been increasingly used by authorities as a way to force companies to turn over user data. There are a lot of problems with using this outdated law but Katie Knibbs may have put it best in Gizmodo: "I know 18th century law sounds boring, but this is an 18th century law that could fuck you big time.” Our security is being put in serious jeopardy with this decision.
It’s past time and common sense for governments to recognize that our phones hold our most sensitive information. We use them for banking, for business, and for personal communications. Many people carry almost their whole lives with them on their smart phones.
We are living in a digital age, where information is currency. We need secure means to keep that information safe.
OpenMedia will continue to follow this case as it progresses.
Speak up in support of secure online communications. Add your name at securetheinternet.org.