In recent years, there has been a growing outcry from federal and local law enforcement agencies to require that private companies create a digital backdoor so that they can easily access private information on our personal devices, such as tablets and smartphones. This is almost always presented under the guise of increased security and is usually accompanied by dramatic examples of how such a requirement will save lives. Before delving into the absurdity of these claims and the potential ramifications of a digital backdoor, let us quickly cover how encryption works.
Consider an iPhone or iPad. These devices contain a large amount of your personal data across a multitude of categories, including financial, health, identification, communication, location, and more. Those are things that you most certainly would not appreciate being accessed by criminals. Apple understands this, which is why they include encryption on each of their devices. How does this work? At a very high level, Apple applies an encryption algorithm that converts your data into a seemingly unusable set of random characters. As a result, a person who obtains your device would not be able to simply read its contents. For this to work, the algorithm needs a key to lock and unlock the data. This is usually in the form of a passphrase in combination with a device id. That is why using complex, or at the very least long, passwords is important. If you use a simple password, then a criminal can easily use brute force to guess your passphrase. In more recent devices, Apple incorporates a finger-print reader that makes your data even more secure. Since these keys are located on the device, Apple does not have the ability to decrypt your data. That means that law enforcement agencies also lack this ability. Read here for a simple overview of what Apple offers, or here for a more detailed explanation.
As part of the Edward Snowden revelations, it was found that government agencies (e.g., NSA) were privately working with companies to develop digital backdoors to help access information from devices. Apple steadfastly denies that they were involved in any such efforts. As we will cover below, there is ample reason to believe them. Though we are always told that these measures employed by government agencies are used to track terrorists and criminals, the NSA were found to have a rather extensive domestic spying program. The perceived authority for this behavior likely stemmed from a complete breakdown in the assumption of liberty following the 9/11 attacks. As news of the NSA program spread, people began to understandably demand that the government walk back its intrusion into the citizenry.
Faced with this backlash, the government predictably resorted to absurd worst-case scenarios in order to convince citizens that they needed access to our data. These scare tactics almost always include the use of children or bombs to make people fearful, although they can never provide real examples of where they were hampered by the lack of a digital backdoor. Undeterred, the government demanded companies provide backdoors to help break the encryption on devices. Think of the backdoor as a master key that would allow the government to bypass your device’s security measures in an effort to obtain personal data. The problem with this approach is that you cannot leave the house key on the back porch and guarantee that only the good guys will use it.
The efforts to ban encryption largely fell flat until recently. The Paris attacks were politicized by law enforcement agencies as a concrete example of how access to encrypted data might have prevented a disaster. In fact, there is no evidence to support such claims. The argument was again revived following the attacks in San Bernardino. Despite a plethora of information gleaned from the assailants belongings, they FBI now contends that they need access to a work phone - an iPhone. To this end, a federal magistrate ordered that Apple create software to allow the FBI to unlock the phone.
Apple refused this order and announced today in a letter to customers that the company will fight such efforts. In the letter, CEO Tim Cook details the situation:
But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
Cook explains why Apple is challenging the court order:
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
It is understandable to ask why giving the government access to a single device is a bad idea if it can help prevent a future attack. Realize, however, that the FBI would not be going to such lengths over a single device. This is about developing the technology to access any device they deem necessary. Also realize that, despite the scare tactics which are routinely used against citizens since 9/11, there is actually no proof that such affronts to liberty prevented anything. Even if the government operates with the best of intentions, they have proven to be an unreliable steward of sensitive data. The actions by Apple are not meant to make the job of law enforcement more difficult, rather they are meant to prevent another government overstep.
I applaud Tim Cook and Apple. Their consistent approach to encryption is one reason why I use Apple products. But Apple does not represent a majority of smartphone users, which is why it is vitally important for other technology companies to stand up with Apple. I fear their continued silence is evidence of complicity. In an age when more and more of our personal data are stored on phones, and when we are expected to store that data in the cloud, we must demand that the companies entrusted with our information do not betray the basic assumption of privacy.
This is one of the most important privacy issues of our time. We are now in a situation where the world’s most valuable company, and not the people’s government, is the loudest advocate for personal freedom. That is a damning indictment of our country’s leadership, and I for one hope that Apple prevails. Everyone was swept up with fear and anger in 2001 and our decisions were made in haste. We know better now. There is no excuse. If you agree, make your voice heard. Put pressure on your elected officials. They work for you after all. Make sure they know that.