The FBI may have backed off from its demand that Apple build a backdoor, but experts say that a lasting legacy will remain
The FBI may have backed off from its demand that Apple build a backdoor to an iPhone security mechanism, for now at least, but experts say that a lasting legacy will remain in terms of the educational impact of the battle.
John Oliver’s 18-minute segment on strong encryption for HBO’s Last Week Tonight has been watched nearly 5 million times on YouTube since it first aired on March 13.
Apple CEO Tim Cook was on the cover of the March 28 issue of Time magazine, pledging not to back down.
“Through most of last year, I was surprised that there were Europeans worrying about privacy and Americans didn’t care about it,” said Yorgen Edholm, CEO at Accellion. “And now this has come out. Now it’s a standard conversation when I go out and talk to people, and people really care.”
This is one of the defining issues of the times, he added.
“I’m very happy that we have this discussion now,” said Ebba Blitz, CEO at Alertsec. “It’s in everyone’s best interest to find a good solution. We all need to be protected.”
It’s a multi-layered issue, she added, since the encryption that can protect criminals from authorities also protects law-abiding citizens from those criminals.
“Never before have I seen encryption being in the public eye so much,” said Rod Schultz, vice president of product at Rubicon Labs. “Time magazine, John Oliver — if you told me this would happen a year ago, I would think it was impossible.”
The case has become an opportunity to educate the public about encryption and privacy, he said.
“I think customers and the public are becoming very very savvy,” he added. “For me, that’s the best outcome right now.”
When combined with the recent memory of the Snowden leaks, he added, it makes for a strong argument against giving governments backdoors around encryption and weakening security.
And the battle over unlocking Rizwan Farook’s phone was just the tip of the iceberg, said Harvey Anderson, chief legal officer at AVG Technologies
“We already have the attorney general in Manhattan stating that he’s got 175 iPhones waiting for be unlocked,” he said. “And the FBI has made this request from Apple a number of times before.”
Local district attorneys and sheriffs have already said that they have other phones in other kinds of cases that they want to force Apple to unlock, added Sophia Cope, staff attorney at Electronic Frontier Foundation.
It’s not just about Apple
One of the lessons learned, according to security experts, is that the FBI’s attempt to pressure Apple into creating a backdoor has far-reaching implications, beyond just Apple itself.
Rubicon, for example, has a hardware-based key storage solution that secures the key inside a protected environment, so that neither Rubicon itself nor the enterprise ever sees the keys.
If the FBI had won its case against Apple, companies like Rubicon may have faced similar requests to build back doors to their technology.
“We’re hardware-based protection,” said Rubicon’s Schultz. “We would physically have to change our hardware to do that. It could take months, if not years to do.”
And the company would lose customers as a result, he added.
“Any time you intentionally destroy the integrity of technology, it is basically asking for trouble,” he said.
Other experts agree, including Ben Johnson, chief security strategist at Carbon Black, a former cyberengineer for the NSA.
“If Apple is forced to open this up, it sets a dangerous precedent for being able to force manufacturers and tech companies to break their own trust with users and consumers,” he said. “I love the intelligence community, I worked there, I got my start there, but weakening our security is a very dangerous approach.”
Weakening security puts everyone at greater risk, said security expert Bruce Schneier, CTO at Resilient Systems.
“Security is too important to throw it away for this kind of silly warrant,” he said.
In a survey conducted at the recent RSA conference by AlienVault, the majority of the IT security community, or 63 percent, said they support Apple in its dispute with the FBI, and just more than half, or 51 percent, said the FBI was looking to set a new legal precedent to be able to unlock all devices made by Apple and other tech companies.
It’s not just about the U.S.
If the U.S. authorities had succeeded in forcing Apple to build a backdoor — or are able to do so at some point in the future — then it would set an example for other countries, said Anderson.
“If it happened here, it’s very easy for regulators to follow the same position elsewhere,” he said. “Not that they blindly follow what we do, but it sets a reference point.”
“Compelling Apple to build a backdoor for its own product actually undermines the security and personal safety of millions of Americans and others around the world, especially those living under authoritarian regimes,” said EFF’s Cope.
Even if the government were able to mandate encryption backdoors, this would have little impact on actually being able to deter criminals or terrorists, since the encryption technology is free and publicly available.
“Cryptography exists,” said Yehuda Lindell, co-founder and chief scientist at Dyadic Security and author of the widely-used textbook “Introduction of Modern Cryptography.” “You can open my textbook and read it and now you will know how to write your own code and protect yourself.”
Smart criminals can write their own code, and then sell it to others, he said.
“The innocent citizens are still vulnerable, but the bad guys are protected,” he said.
Or the criminals and terrorists can simply use some of the many freely-available tools and apps already on the market, he added.
The fight’s not over
According to the Electronic Frontier Foundation, the FBI could come back to court in a few weeks and try again, or look for another test case with which to set a legal precedent.
“Overall, it seems a shame to not get some clarity in the courts over what the government can and can’t request when it comes to privacy and security, and if this case does not reach a conclusion you can bet we’ll be back in this same spot soon,” said Carbon Black’s Johnson.
“We still need to come together to answer the question, ‘where and why can the US government access private devices,'” said Brian Stafford, CEO at Diligent.
We could be facing a much larger war still to come, added Zulfikar Ramzan, CTO at RSA Security.
“Apple may eventually bolster the encryption capabilities on the iPhone so that even they themselves can’t decrypt data,” he said. “At that point, the stakes will only go up and rather than fight a single test case in the courts, the next resort could then be to pass legislation that permits the government deep access into the iPhone and similar devices.”
That could take us back 20 years to the Clipper chip, he added.
“Clipper proved to be an ill conceived idea back then, and nothing much has changed to suggest that a reincarnation of it would fare any better,” he said.