Where will it end? Why Apple vs the FBI affects all of us

Apple versus the FBI: which side are you on? Few technology stories, and even fewer cyber security issues, have broken into the mainstream media quite like this one. But the outcome of this epic tussle has hugely important implications for all of us – businesses and consumers alike. Apple and the Silicon Valley giants who broadly support its position argue that acceding to the FBI’s request to intentionally weaken iOS protections could set in motion a chain of events which undermine cyber security for hundreds of millions around the globe.

Cracking the code

We all know the background to this story by now. The FBI want to get into an iPhone belonging to San Bernardino gunman Syed Rizwan Farook. There’s just one problem: it’s locked with passcode-enabled strong encryption which means Apple can’t simply extract the data, as it could prior to iOS8. Why can’t the FBI put to work its technical boffins on brute-forcing the device, thereby cracking its passcode? Because Apple’s in-built security mechanisms prevent it. These protections include a requirement for manual entry of the passcode; an auto-erase for all data after 10 attempts; and an in-built milliseconds-delay between passcode guesses, which would ensure any brute force attack takes years to carry out.

So the FBI is instead asking Apple to create a new OS version which bypasses these protections. The tech giant calls it a ‘backdoor’, while the FBI has understandably refrained from using such pejorative language.

The debate over strong encryption on mobile devices and used in messaging services has been brewing for over a year now, with the authorities claiming Silicon Valley should give it backdoor access to use on special occasions to monitor terrorist suspects and the like. In response, technology firms repeatedly argue that this would be a disaster for security and commercial suicide. Governments including France and the Netherlands agree.

But this debate is different because it’s not theoretical: Farook and his wife gunned down 14 civilians in cold blood in what was soon after defined as an act of home-grown terrorism. The cynical among you could argue that the FBI has deliberately chosen this case to challenge Apple on, hoping public opinion will be in its favour.

A lose-lose for Apple

Tim Cook has described the creation of this ‘backdoor’ as the "software equivalent of cancer" because the firm feels it will undermine the security of its products. Customers could vote with their feet if it does, as they did when it was reported that RSA Security put a deliberate backdoor into its crypto to let the NSA in. On the other hand, it could look as if it is deliberately obstructing law enforcement in its investigation into a horrific terror attack.

FBI boss James Comey used an emotive open letter to argue that all the Feds want to do is conduct their investigation and access “this one phone”. And that this isn’t about setting a precedent for future cases. But that’s already been found to be not strictly true. Court documents released recently reveal that the Bureau is already pursuing Apple in 12 other investigations where it wants access to iPhones – four of which relate to iOS8 and later devices. So any backdoor Apple designed would presumably be used in these cases, for starters.

But there are more troubling precedents it might set. What would stop the FBI going to Microsoft, or Amazon Web Services, or any other major tech firm, and asking for similar? And if Apple agrees to help the FBI then surely Beijing will ask it to do the same, and it will be very difficult for Tim Cook to say “no”. In fact, governments around the world – many with debatable human rights records – will be able to demand the same.

Precedent can be a dangerous thing when the stakes are so high. One thing almost every security and crypto expert in the world agrees is that once you create a backdoor, then sooner or later it will fall into the wrong hands. To paraphrase Electric Frontier Foundation staff attorney Nate Cardozo: it’s impossible to create a backdoor that only the FBI can walk through. Apart from the risk of the backdoor being subsequently leaked – accidentally or otherwise – by a government employee, it will open the floodgates for hackers to go after Apple in search of it.

In the end it is hoped that legislation will decide the issue. At least then we won’t have the ridiculous situation of the FBI trying to invoke the All Writs Act of 1789 to force Apple’s hand. Californian Congressman Ted Lieu – himself a Stanford computer science graduate – has already written to Comey, criticising the FBI for trying to use a lawsuit to circumvent policy discussions.

Let’s leave the final word to him:

"Let Congress, stakeholders, and the American people debate and resolve these difficult issues, not unelected judges based on conflicting interpretations of a law passed 87 years before Alexander Graham Bell invented the telephone.”

Bharat Mistry, Cyber Security Consultant at Trend Micro

Image Credit: Shutterstock/ymgerman