Don't Trust the FBI's Ability to Keep an iPhone Back Door to Itself
Federal officials can't keep their own secrets. Would you really trust them with the ability to access yours?
Representing Apple in its ongoing battle with the FBI, former George W. Bush administration Solicitor General Ted Olson warned that if the tech company was forced to write a new operating system to ease law enforcement's efforts to break into an iPhone, it "would lead to a police state."
Too late, some of us would respond. The components of a police state have arguably been in place at least since the aftermath of 9/11. Cheerleaders in both major political parties thinks that's just a swell development—and would like to see more of the same.
And truthfully, Apple's battle isn't against a one-off court order to crack an encrypted phone; it's the latest skirmish in the government's ongoing war against privacy protections—as well as an act of resistance against federal efforts to conscript the private sector into its crusade.
But Apple's public battle against the FBI is a holding action against not just government malevolence, but incompetence. The tech giant's public resistance is a block to officials' proven inability to keep secrets of any sort, and the emptiness of its promises to fulfill assurances of confidentiality.
To be clear, the FBI's position that correspondence should always be within its grasp is a bit new and novel. People have always had the ability to hide their private papers and then either produce them under court order or face the consequences. Undoubtedly, it's tantalizing to possess a phone belonging to a dead criminal and be unable to peruse its contents, but Syed Farook isn't the first suspect to take secrets to the grave.
The FBI's efforts are better understood within the context of a long-term campaign that includes the Clipper chip, the federal government's stillborn effort to mandate an encryption standard for voice communications that would have left a back door open for "authorized" officials—and anybody else who gained access. Amidst public resistance, the chip faded away by 1996.
Amidst those high-profile arguments over the chip, the Communications Assistance for Law Enforcement Act (CALEA) passed in 1994. The law "forced telephone companies to redesign their network architectures to make it easier for law enforcement to wiretap digital telephone calls," in the words of the Electronic Frontier Foundation. The law made traditional telephone communications transparent to law enforcement—and many companies reportedly cooperated with spy agencies that wanted similar access to phone calls.
But technology moved on in the form of Internet communications and mobile devices that were increasingly secure, leaving the FBI and its friends with the keys to the last generation of communications technology.
So the feds responded with the well-funded "Going Dark" initiative to convince people that the modern world was slipping beyond snoops' grasp. "[T]he challenge to law enforcement and national security officials is markedly worse, with recent default encryption settings and encrypted devices and networks—all designed to increase security and privacy," complained FBI Director James Comey in 2014.
The FBI's efforts to force Apple "to make a new version of the iPhone operating system, circumventing several important security features," as the company puts it, to make it easier for the feds to break into the phone used by San Bernardino shooter Farook is part of that effort. The company would be forced to weaken its own product's security, and "[o]nce created, the technique could be used over and over again, on any number of devices."
For its part, the FBI denies any larger significance for its efforts. "We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it," insists Comey.
It's almost certainly true that the FBI doesn't intend to share the weakened operating system far and wide. But the very public battle between law enforcement and a tech industry giant escalated even as federal officials scrambled to clean up the mess left by hackers' release of personal information on 20,000 FBI employees and 9,000 Department of Homeland Security officers.
The hacker was 16 years old.
Note that this intrusion into sensitive federal records was independent of the 2014 breach of Office of Personnel Management records belonging to thousands of federal employees who applied for top-security clearance.
And it had nothing to do with the 2015 data theft of information from the same office on roughly 21.5 million people.
Which stands apart from intrusions into the private email of CIA Director John Brennan and Homeland Security Secretary Jeh Johnson.
This past Friday's announcement that last year's intrusion into taxpayer accounts was about twice as big as previously announced by the IRS, involving as many as 720,000 people, was yet another matter entirely.
The weakened operating system sought by the FBI, easing access to iPhones, would logically be a very desirable target for hackers both freelance and state-sponsored. And while FBI Director Comey promises "We don't want to break anyone's encryption or set a master key loose on the land," restraint in its use would depend not only on FBI intentions, but on the integrity of government security procedures that have proven to be insufficient to the task, time and again.
The only saving grace is that the FBI continues to pursue a moving target. Even as officials lean on Apple to create a back door into secure mobile devices, privacy-seekers seekers flock to third-party apps, such as the well-regarded Signal, that add yet another layer of encrypted security to communications. The FBI could ultimately win the current battle, only to discover that the data it seeks is increasingly cloaked by open source and overseas developers resistant to courtroom strong-arm tactics.
Politicians and law enforcement may push for a police state, but it's one managed by the Keystone Kops, and forever a step behind privacy-minded innovators who refuse to place their trust in snoops who can't keep their own secrets, let alone anybody else's.
Show Comments (35)