On December 2nd of last year, a horrible terrorist attack occurred in San Bernardino, California. 14 people lost their lives, and the full motivations of the attackers and the extent of their premeditation are still partly shrouded in mystery. The answer might very well lie locked up in the iPhone of one of the culprits, giving the FBI an understandable urge to get their hands on its contents. Their unprecedented legal action to make this happen has sparked a heated online debate. In this debate privacy, patriotism and public relations are just some of the factors influencing a public discourse that has shifted to reflect new and often clashing attitudes towards encryption.
A Bit of Encryption History
The history of using codes to protect sensitive information is almost as old as civilization, with clay tablets being found in ancient Mesopotamia indicating attempts by craftsmen to encode trade secrets. The main function of encryption all the way until the mid-20th century though was to make sure military secrets didn’t fall into the wrong hands. The ancient Roman Caesar Cipher and the Enigma Machine being some of the most known examples.
The turning point for encryption which has lead us to where we are today occurred in the early seventies, with industrial espionage being the initial driver behind development of digital encryption. Early computing giant IBM formed an internal “Crypto group”, and their ominously punnish “Lucipher” cipher was eventually accepted as a national standard with the more technical name of DES. So initially, the U.S government was happy to enact encryption standards to protect business interests – now they are battling in court to wrestle back control of them from the companies that build them.
The Case of Apple Vs. FBI Explained
This curious legal case involves U.S government trying to set a legal precedent to whether companies are allowed to build a foolproof mechanism to keep anyone, including law enforcement from accessing devices. Globally, western governments with the largest intelligence-gathering machines have engaged in a passive-aggressive battle with Silicon Valley for a few years on this already. To draw a more analogue example of the issue, F-Secure researcher Sean Sullivan says:
“Say I live in an apartment building. Apple owns the building, but has designed the lock so even they can’t open it. Nobody can. Except me. And crucially, if they try to force it open, a booby trap will go off destroying whatever of value there is inside. The FBI is asking a court to require Apple to create a special version of this lock which they can then attempt to pick.”
In this case, Apple has built their system so it doesn’t have a copy of the key. It’s a secret, contained in the hardware of their devices. The FBI is asking Apple to create an altered version of iOS using Apple’s signing certificates, so they can better attempt to pick the lock without the booby trap going off. Apple is refusing, on the grounds that it would set a dangerous precedent where such requests would start coming in regularly. But their defiant stance is also a savvy business decision, since they can afford the army of lawyers to battle the courts, and taking this stance is giving them a tremendous PR boost.
Security or Privacy?
Governments claim having access to encrypted data is important in the name of national security, but it is completely unprecedented to force companies to write new software to weaken the security of their devices. This is compounded by the fact that FBI is using the All Writs act of 1789 as the basis of their legal case. This obscure federal law was created to give courts the power to issue “necessary and appropriate” orders, aimed at making court powers flexible but not tyrannical. The irony is not exactly subtle: using a law from 1789 to set a legal precedent in software encryption is like using the 1896 Locomotives act as basis to regulate commercial space travel.
This ideological boxing match between security and individual liberties is at the heart of the problem, and individual liberties are seemingly fighting a losing battle. Security is a much more tangible concept and a crowd-favorite among politicians, tilting the balance in its favor over a more idealistic and somewhat counter-intuitively less populist personal freedom. There is also a very sound question to be asked: if Apple caves in, where will this stop? Will all encryption eventually be forced to have legal circumvention tools, which can and probably will fall in the wrong hands? This will irreparably chip away at a vital cornerstone of digital freedom, which I can say with pride is the mission of companies like ours.
The underlying difference between stances of Apple and the FBI are the implications which the creation of such software would have on the future of encryption. Apple has its reputation and consumer trust to protect, while the FBI is understandably frustrated at not being able to delve deeper into a case involving domestic terrorism. Or as a cynic would say, Apple is in it for the money while the feds are in it for power.
The point is that everyone involved has their own agendas and intentions, which fall somewhere between shortsighted zeal, desire for power, clever PR-chess and well-founded idealism. We can’t say where privacy legislation is headed, but the burden of protecting one’s sensitive information and traffic from criminals, corporations as well as governments falls under the responsibilities of consumers. Thankfully though, the options to do so exist and are accessible to anyone with an internet connection.
This is a guest post by F-Secure trainee Mari Mäkinen. The cyber security market is…
July 19, 2017
On a recent trip to the Finnish Archipelago, F-Secure security advisor Sean Sullivan scanned the…
July 13, 2017