By now, you’ve probably heard something about the ongoing legal battle between Apple and the Department of Justice. “DoJ v. Apple” coverage has been abundant, on blogs and TV news shows alike, but in case you haven’t here’s a quick recap. The FBI obtained the work iPhone of Syed Rizwan Farook, who, along with his wife Tashfeen Malik, murdered 14 people in a shooting rampage at a holiday party in San Bernardino, California. The government suspects that iPhone may hold critical information about the couple’s contacts in the weeks leading up to the attacks – contacts that may uncover future plots. They have a warrant, but they can’t access the data on the phone because it is using the strong encryption that comes with iOS 9 and up. Not even Apple can bypass the encryption, at least directly.
Such modified software would provide access to the iPhone within minutes.
The DoJ contends that the software could be allowed to remain on Apple’s campus, and would only be used for this one phone in this case. However, there are many, many more cases where an encrypted iPhone is suspected to contain information relevant to a violent crime, including 175 devices in NYC alone. If the order were allowed to stand, Apple would surely receive similar orders from law enforcement agencies around the country and beyond, including countries with dismal human rights records. It would set a precedent that would allow courts to compel companies to do anything. As a result, Apple and others would need to keep a weakened copy of their software on hand at all times to be able to comply with such orders, greatly increasing the risk of the software being stolen by an insider, or outside attacker.
Apple appealed the order on grounds that the order:
Judge Orenstein granted the appeal on the grounds that:
High profile cases, such as the San Bernardino massacre have prompted uninformed calls from politicians for the tech community to come up with a solution that would allow law enforcement to access to encrypted devices and communications.
“I would hope that, given the extraordinary capacities that the tech community has and the legitimate needs and questions from law enforcement, that there could be a Manhattan-like project, something that would bring the government and the tech communities together…”
– Hillary Clinton, ABC News Democratic Debate – December 19th, 2015
Does a former Secretary of State really not know how quickly Manhattan Project secrets were leaked?
“In extremis, it has been possible to read someone’s letter, to listen to someone’s call, to mobile communications. The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not.”
– David Cameron
Strong encryption cannot be outlawed, because math cannot be outlawed. The algorithms have been known around the world for decades.
According to A Worldwide Survey of Encryption Products, Feb 2016, v 1.0 by Schneider et al., encryption projects can be found all over the world:
|Country||Open Source||Proprietary||Unknown||Grand Total|
|Grand Total||270||500||3|| |
The following are high-quality, open source end-to-end encryption tools. Many of these have global teams.
|Files at rest||GnuPG/Gpg4win/GPGTools|
|Email frontend for GPG||Thunderbird/Enigmail|
|Instant message (IM)||OTR on Jitsi|
|A/V conferencing||ZRTP on Jitsi|
President Obama has a more detailed proposal that may seem reasonable at first, but it has the same flaws.
“I suspect the answer is going to come down to how do we create a system where the encryption is as strong as possible, the key is as secure as possible, it is accessible by the smallest number of people possible for a subset of issues that we agree are important.”
– President Obama at SXSW 2016
That’s not going to work. Why?
“[Apple CEO] Tim Cook is living in a world of the make believe. I would come down so hard on him—you have no idea—his head would be spinning all of the way back to Silicon Valley.”
– Donald Trump
It can be tempting to try and simplify a complex issue to “You’re either with us or against us”. Encryption is not that simple. It’s true that recent advancements in consumer technology have made it easy for anyone, including criminals, to use unbreakable encryption. However, the underlying technology has been around the world for decades. Trying to force everyone to use weak encryption will make everyone who uses it extremely vulnerable, disrupting trust in the internet and global commerce. It will criminalize anyone who values their privacy and security, and make little difference in the ability to read the communications of real criminals. If a criminal knows (like everyone would, given the press) that the lawful encryption is weak, but that unbreakable encryption can be had with a bit more effort and knowledge, the choice is obvious.
Some are living in a world of make believe, but not Tim Cook. It would be nice if more politicians actually learned about a topic before making broad statements about it.
This post was last modified on August 6, 2016 8:28 pm