The encryption dilemma

The FBI wants the data on a terrorist’s iPhone, but does it really need Apple’s help?
Jeffrey Pawlick | Mar 15 2016 | comment  



“My job is to protect the personal data of over 1.6 billion people,” exclaimed Alex Stamos, Chief Security Officer of Facebook, last Monday. “I need a lot of tools to do that, and one of the most powerful tools we have is encryption.” Stamos’ comment came after Facebook said it would send a letter to the court in support of Apple position its case against the FBI.

Microsoft has also filed a legal brief backing Apple’s appeal, and the brief has been signed by Amazon, Box, Cisco, Dropbox, Evernote, Facebook, Google, Mozilla, Nest Labs, Pinterest, Slack, Snapchat, WhatsApp and Yahoo.

If the decision from a San Bernardino court is upheld, it would force Apple to write software that would undercut the encryption on an iPhone which belonged to one of the deceased San Bernardino shooters. As it stands, both the FBI and Apple lack the encryption key needed to read the data. The FBI wants Apple to find another way into the phone.

Certainly, the killings in San Bernardino provide a dramatic backdrop for this showdown. But make no mistake: the issue at hand is not a question of a single iPhone. More likely, the FBI wants Apple to write technology that would give the bureau easy access to iPhones in general. Moreover, the access would set an important legal and cultural precedent by which governments could mandate back doors that circumvent privacy-enhancing technologies. Mandates such as these upon companies like Apple and Facebook would have a huge impact - not some time in the future - but now.

A Short Slippery Slope

Flash back to Moscow, December 2011. Russians are taking to the streets to protest against a corrupt election process. The protesters organize via Twitter using the hashtag #Triumfalnaya. Twitter users following the hashtag tune into the latest updates and organizational efforts.

Suddenly, a network of thousands of computer bots begins tweeting random or pro-government messages with the same hashtag. Protester’s tweets are lost among the wash of automatically generated content. The massive social network attack succeeds in spades.

While this scenario sounds like a paperback bestseller, the story is real. If it is easy to imagine a United States government abusing the privileges that the FBI wants to elicit from Apple, it is a foregone conclusion to think of other governments wielding them. Consider the ongoing war between Google and the Chinese censorship. On anniversaries of the Tiananmen Square massacre, users have been prohibited from searching for “Tiananmen,” “democracy,” or even “tank man.” In Europe, France is considering a law that would force companies to pay a huge fine for refusing to implement backdoors around encryption on cell phones.

Facebook’s Stamos also suggested on Monday that prosecutors have talked about “hundreds of phones” that they would unlock if the ruling regarding the San Bernardino shooter’s phone were to be upheld. Two weeks ago in New York, a judge ruled in favor of Apple in a case quite similar to the California case - except that the iPhone in question is an older model which Apple actually has the power to unlock.

A better metaphor

In the New York case, investigators are asking Apple to do something within its power. But the San Bernardino case concerns an iPhone which Apple intentionally designed with better security. They built the phone so that no one except its deceased owner could open it. Now Apple is being asked to design proprietary software to break its own security.

This requirement is incongruous with the notion of a search warrant. It seems more parallel to a requirement to quarter soldiers fighting for a cause that one does not support. Apple - and countless other tech companies - have taken a stand on a moral issue that is at least debatable. The FBI wants to force these tech companies to actively oppose their original stand. Who would have thought that we would be defending Apple’s freedom of conscience? Apple’s motives may be largely pragmatic. But it is worth defending the autonomy that at least US companies currently enjoy to shape society ways that are not always aligned with the views of the government.

Why has the NSA not come out in support of the FBI?

Representatives of the intelligence community often denounce the phenomenon of a means of communication “going dark” - that is, becoming difficult for the government to access or surveil. Last September, the directors of the CIA, NSA, and FBI all testified before a House of Representatives committee to discuss the challenges that new technology such as encryption poses to national security. Indeed, John Brennan, the director of the CIA, has sympathized with the position of the FBI against Apple.

Yet Reuters recently reported that several key officials in the Department of Homeland Security and the NSA oppose the FBI’s case. Circumventing encryption on devices made in the US could have the twin penalties of making American communications more vulnerable in general and driving sophisticated consumers, terrorists included, to foreign manufacturers.

Chiming in via video link from Moscow, Edward Snowden himself ridiculed the FBI’s position, claiming that the company already ways of accessing the phone. If so, it follows that in the San Bernardino case, the FBI is trying to expedite access to not one iPhone, but all iPhones. The NSA and CIA probably have also made inroads on the data, and do not really need the device to be cracked.

Moreover, even if these agencies cannot break the encryption on the phone, there are countless other ways to get pieces of the data. Text messages, some emails, and even browser searches are obtainable from communications companies and search engines by warrant. Other information is often available by looking the “physical layer” of the communications; routers that transmit data and servers that store it can reveal evidence of information going in and out, even if the exact content is encrypted. And then there is the “social engineering” course: obtaining information from people who received the suspect’s messages or could simply reveal equivalent information pertinent to the investigation. The NSA and CIA simply may not need the code to be broken.

Finally, it is hard not to consider the political motivation. Do the CIA and FBI want to publicize their positions? True, Americans are almost 50-50 on how the case should be resolved, but privacy advocates have here a captive audience. Perhaps no other showdown has brought privacy and corporate autonomy into the limelight so starkly as this one.

Jeffrey Pawlick is a PhD Candidate in Electrical Engineering at the Tandon School of Engineering, New York University.



This article is published by Jeffrey Pawlick and MercatorNet.com under a Creative Commons licence. You may republish it or translate it free of charge with attribution for non-commercial purposes following these guidelines. If you teach at a university we ask that your department make a donation. Commercial media must contact us for permission and fees. Some articles on this site are published under different terms.

comments powered by Disqus
Follow MercatorNet
Facebook
Twitter
MercatorNet RSS feed
subscribe to newsletter
Sections and Blogs
Harambee
PopCorn
Conjugality
Careful!
Family Edge
Sheila Reports
Reading Matters
Demography Is Destiny
Bioedge
Conniptions
Connecting
Above
Vent
From the Editor
Information
contact us
our ideals
our People
our contributors
Mercator who?
partner sites
audited accounts
donate
advice for writers
privacy policy
New Media Foundation
L1 488 Botany Rd
Alexandria NSW 2015
Australia

editor@mercatornet.com
+61 2 8005 8605
skype: mercatornet

© New Media Foundation