Cracked iPhone?

Apple vs. FBI. Backdoor encryption battle rages on. Justice Department says “Apple marketing strategy”

Updated 2/24/16:

An encryption backdoor until recently was pretty much geek territory but no longer; over the last few months the issue of the government wanting  a “backdoor” into encrypted computer products has evolved from being an obscure technology issue into a public and political hot potato. It’s even entered the Presidential race with a number of candidates espousing their opinions on the subject, even Donald Trump saying we should all boycott Apple, ironically tweeted from his iPhone.

In November, I wrote an article (“Encryption? We don’t need no encryption!”) about the absurdity of the idea of a government backdoor in computer products and what our lives would be like without reliable and secure encryption. One of the article’s key points was that, in reality, there’s really not much the government can do to prevent the use of unbreakable encryption because the encryption horse has already left the proverbial barn; there are already so many encryption libraries available that even a novice programmer can make a private, secure communication system that would be completely inaccessible to the government. Since I wrote that, it’s been reported that ISIS already developed their own secure, encrypted communication app for Android (perhaps this is more a case of the encryption camel having left the proverbial tent).

My second article, published in December (“Government backdoors. Really. Are you serious?”), was a look at the consequences of putting a backdoor into computer products and pointed out how ridiculous the idea of being able to keep a backdoor only usable by the government when the bad guys find out about them; the reality is once it’s known that a backdoor exists, every hacker in the world will be looking for it and, in short order, they’ll find and exploit it.

Justice Deparment fires on Apple

I thought I was done with the subject for a while but, boy, was I wrong! Last Wednesday the Department of Justice rolled out the big guns, trained them on Apple, and fired. A Federal judge ordered Apple to unlock one of the San Bernardino’s shooters’ iPhones. Of course the DoJ quickly denied that they were trying to force Apple to build a backdoor into their products, arguing that they just want to crack this one iPhone. And it’s true, the order is narrowly defined, however Apple has responded with a letter which indicates the company has already been helping the FBI, as any company would do given the horrific event, but it now appears the FBI is, in reality, asking for far more.What the FBI is really asking for is a version of the iPhone’s operating system, iOS, with a backdoor.

Adding further intrigue to the case, ABC News reported that government agents changed the password on the iPhone soon after the attack but had they not done so, Apple could have retrieved the iPhone’s data from the device’s automatic backup to Apple’s iCloud. The Hacker News is also  reporting that Apple has already suggested to the FBI how they might recover from their incompetence without Apple having to develop a backdoored version of iOS.

Pretty much every security expert in the world is in agreement; a backdoor, particularly in operating systems, are a really, really bad idea. The risks of a government-mandated backdoor have been discussed in papers such as Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications as well as by Whitfield Diffie, one of the rock star cryptographers of our time, who has also argued why a backdoor is a bad idea.

The horrific attacks in San Bernardino and Paris shocked, appalled, and saddened us all but every well-informed member of the computer technology community agrees with Tim Cook and Apple that in this case, the government is seriously overstepping its authority and its understanding of the issues involved are limited at best. This week you’ll see a tsunami of law enforcement “experts” in print and on TV news shows telling us all how hard it is for them to do their job without a backdoor to encrypted devices and the flow of misinformation already started today, the US Justice Department started spinning Apple’s position as a “marketing strategy”. A marketing strategy! Really?! The sheer manipulativeness and disingenuousness of the DoJ’s assertion is breathtaking.

Update 2/24/16:

[The Wall Street Journal is reporting that the Justice Department is seeking to force Apple to extract data from 12 other iPhones, using the same law in the San Bernardino case. This adds credibility to the Apple’s contention that the San Bernardino case would establish legal precedent and it would then have to act as a gatekeeper between its customers, good or bad, and law enforcement.  “The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor,” Apple CEO Tim Cook wrote in a letter to customers. This further supports our position at Azstec that the motives of the Justice Department are suspect in this case.]

The risk here should not be underestimated; if the Department of Justice prevails and manages to force Apple to create a backdoor and thereby fatally weaken the security of iPhone encryption, the ramifications will dog us for years to come. If a backdoor is mandated in products such as the iPhone, what we’ll be doing is making it much, much easier for hackers to compromise our identities, our finances, and our privacy all for the fiction of making us safer by making life easier for law enforcement.

In 1755 Benjamin Franklin wrote “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” With a government mandated backdoor we’ll be giving liberty to the bad guys and sacrificing our safety based not on Apple’s “marketing strategy” but on the government’s.

When not standing on a soapbox, David Griffith is the CEO of Azstec LLC, the creators of docNCRYPT, the incredibly simple document security solution for everyone.  (without a backdoor)  If you have any comments or questions, email David at dgriffith [at] azstec.com and follow the Azstec Blog or on Twitter or LinkedIn.

Update 2/24/16 – We have also added a poll to gather your opinions on this case.

Tell us what you think by completing our very short survey.  Should Apple help the FBI?        Your opinion matters to us. Thank you!