As the
FBI continues to
investigate Tashfeen Malik and Syed Farook, the shooters behind the San Bernardino shootings
last year, they’ve run up against a bit of a wall. A firewall.
The next battle in the “crypto wars” is here—and it’s a
doozy. Farook’s iPhone 5C is locked by the standard numerical pin lock on most
phones, but that model also has a feature that would delete all the data on
them after 10 failed passcode attempts, meaning the government doesn’t know if
it’s safe to brute force their way in.
Now they’re attempting to
legally compel Apple to help them open it, dusting off an old law and
kicking up a lot of dust in the debate over encryption.
The Law
The All Writs Act, to be
precise, included in the Judiciary Act of 1789 (that’s right; enacted in the first
ever session of the United States Congress). The Act itself is only
applicable if there’s no statute, law, or rule that deals with the specific
issue, and that issue must be “extraordinary circumstances.” The business in
question (Apple, here) has to have a connection to the case, and must comply so
long as that compliance is not a burden.
In this case, the government has
qualified it as an extraordinary circumstance, and argue that it’s feasible
that Apple engineers could build a specialized program to help the FBI gain
access.
A federal magistrate
judge agreed, ordering Apple to assist in unlocking the phone. But
for Apple, the picture is wider than unlocking just one iPhone, as Kathleen Porter writes for the Data Privacy &
Security Insider:
The court’s order
gave Apple five days to object if Apple believed that complying with the order
would be “unreasonably burdensome.” Almost immediately, Apple issued an open
letter on its website, arguing that complying with this order would weaken
encryption for all iPhone users. Apple’s argument is that once a backdoor
method or key to unlock the data is known, the government will want to use this
method or key to access the encrypted data on other cellphones. Additionally,
Apple argued that hackers would find a way to exploit this back door key to
steal data. The White House responded to Apple’s argument by confirming that
the Department of Justice is seeking access to the data on Farook’s iPhone, it
is not asking Apple to jeopardize the security of cellphone products generally
by creating or providing a backdoor to encrypted data.
Whichever way this case goes,
it’s certainly an unprecedented application of the All Writs Act. Usually when
used it’s to compel companies to cough up information they already have access
to. Apple, by design, has no access to the information on the phone, so the FBI
is essentially conscripting Apple engineers to build forensic software for the
agency.
There are already legal
avenues that deal with how far companies need to go to help
police spy on messages, but so far there’s no mention of cracking encryption.
Which is where the crypto wars come in.
The Fight
The problem, as it has always
been in the crypto wars, is that the tech community has a much broader idea of
what entails a “backdoor” than the government does. Throughout the
past few years, the law enforcement community has been arguing that modern
encryption—where not even the companies making the products have access to the
information—make it too hard for even search warrants to do their job.
But technologists have
maintained that encryption is only as strong as its
weakest link. If anyone other than the user can get in then it’s
not secure—and in a time when there’s a new hack for every
day of the week, that’s an important protection to have.
It may seem like a bit of an
inflation for this fight to fall in with an on-going war over encryption; the
government is, after all, not attempting to compel them to build a backdoor for
them (as they have in the
past), it’s asking them to help the FBI to unlock this one
dead terrorist’s phone. It’s not the first time a tech company, let alone Apple,
has been ordered to effectively decrypt its product.
But in other ways, this is the
sort of fight that the battle over encryption has always been leading to:
Apple’s profile is so high; the case, so seemingly singular; the law, such a
unique application; it’s really where all the roads of this
have been headed. Apple sees compromising as bad precedent. The FBI
sees a bite sized chunk of access they can win—and, detractors argue, abuse.
And so it’s no wonder that
Apple is putting its foot down. The encryption of its customers information has
become one of their most
important crusades, and compromising in this case could, they argue, do
more than just set a wishy-washy
precedent. It could potentially open a backdoor for the FBI
(and thus, all interested hacking parties) to all encrypted Apple products by
reverse engineering the firmware.
“The government suggests this
tool could only be used once, on one phone. But that’s simply not true. Once
created, the technique could be used over and over again, on any number of
devices. In the physical world, it would be the equivalent of a master key,
capable of opening hundreds of millions of locks,” said Apple CEO Tim Cook in his public response.
The Ugly, and On-Going Battle
And so, given its limited
choices, Apple has taken a stand against the FBI, stating Wednesday that they would be challenging
the California magistrate judge’s order. And will likely be in for a
long, divisive battle. In Apple’s corner they have the EFF, the ACLU, Edward Snowden, and (after a
period of notable silence) fellow Silicon Valley
powerhouses. Meanwhile the government’s case has found the rare
bipartisan support, meaning this case could be a catalyst
for legislation. San Bernardino residents, meanwhile, are mixed with their
support.
Whether this case will set a
precedent or just be supremely high profile remains to be seen. Even now, it’s
not the only case a company, or even Apple, is fighting about unlocking one of
their phones. But as The New York Times notes, this
argument could already be having an effect on encryption policies around the world:
China is watching
the dispute closely. Analysts say that the Chinese government does take cues
from the United States when it comes to encryption regulations, and that it
would most likely demand that multinational companies provide accommodations
similar to those in the United States.
Last year, Beijing
backed off several proposals that would have mandated that foreign firms
provide encryption keys for devices sold in China after heavy pressure from
foreign trade groups. Nonetheless, a Chinese antiterrorism law passed in
December required foreign firms to hand over technical information and to aid
with decryption when the police demand it in terrorism-related cases.
No comments:
Post a Comment