Encryption

Don’t Trust the FBI’s Ability to Keep an iPhone Back Door to Itself

Federal officials can't keep their own secrets. Would you really trust them with the ability to access yours?

|

Credit: Robert Scoble / photo on flickr

Representing Apple in its ongoing battle with the FBI, former George W. Bush administration Solicitor General Ted Olson warned that if the tech company was forced to write a new operating system to ease law enforcement's efforts to break into an iPhone, it "would lead to a police state."

Too late, some of us would respond. The components of a police state have arguably been in place at least since the aftermath of 9/11. Cheerleaders in both major political parties thinks that's just a swell development—and would like to see more of the same.

And truthfully, Apple's battle isn't against a one-off court order to crack an encrypted phone; it's the latest skirmish in the government's ongoing war against privacy protections—as well as an act of resistance against federal efforts to conscript the private sector into its crusade.

But Apple's public battle against the FBI is a holding action against not just government malevolence, but incompetence. The tech giant's public resistance is a block to officials' proven inability to keep secrets of any sort, and the emptiness of its promises to fulfill assurances of confidentiality.

To be clear, the FBI's position that correspondence should always be within its grasp is a bit new and novel. People have always had the ability to hide their private papers and then either produce them under court order or face the consequences. Undoubtedly, it's tantalizing to possess a phone belonging to a dead criminal and be unable to peruse its contents, but Syed Farook isn't the first suspect to take secrets to the grave.

The FBI's efforts are better understood within the context of a long-term campaign that includes the Clipper chip, the federal government's stillborn effort to mandate an encryption standard for voice communications that would have left a back door open for "authorized" officials—and anybody else who gained access. Amidst public resistance, the chip faded away by 1996.

Amidst those high-profile arguments over the chip, the Communications Assistance for Law Enforcement Act (CALEA) passed in 1994. The law "forced telephone companies to redesign their network architectures to make it easier for law enforcement to wiretap digital telephone calls," in the words of the Electronic Frontier Foundation. The law made traditional telephone communications transparent to law enforcement—and many companies reportedly cooperated with spy agencies that wanted similar access to phone calls.

But technology moved on in the form of Internet communications and mobile devices that were increasingly secure, leaving the FBI and its friends with the keys to the last generation of communications technology.

So the feds responded with the well-funded "Going Dark" initiative to convince people that the modern world was slipping beyond snoops' grasp. "[T]he challenge to law enforcement and national security officials is markedly worse, with recent default encryption settings and encrypted devices and networks—all designed to increase security and privacy," complained FBI Director James Comey in 2014.

The FBI's efforts to force Apple "to make a new version of the iPhone operating system, circumventing several important security features," as the company puts it, to make it easier for the feds to break into the phone used by San Bernardino shooter Farook is part of that effort. The company would be forced to weaken its own product's security, and "[o]nce created, the technique could be used over and over again, on any number of devices."

For its part, the FBI denies any larger significance for its efforts. "We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it," insists Comey.

It's almost certainly true that the FBI doesn't intend to share the weakened operating system far and wide. But the very public battle between law enforcement and a tech industry giant escalated even as federal officials scrambled to clean up the mess left by hackers' release of personal information on 20,000 FBI employees and 9,000 Department of Homeland Security officers.

The hacker was 16 years old.

Note that this intrusion into sensitive federal records was independent of the 2014 breach of Office of Personnel Management records belonging to thousands of federal employees who applied for top-security clearance.

And it had nothing to do with the 2015 data theft of information from the same office on roughly 21.5 million people.

Which stands apart from intrusions into the private email of CIA Director John Brennan and Homeland Security Secretary Jeh Johnson.

This past Friday's announcement that last year's intrusion into taxpayer accounts was about twice as big as previously announced by the IRS, involving as many as 720,000 people, was yet another matter entirely.

The weakened operating system sought by the FBI, easing access to iPhones, would logically be a very desirable target for hackers both freelance and state-sponsored. And while FBI Director Comey promises "We don't want to break anyone's encryption or set a master key loose on the land," restraint in its use would depend not only on FBI intentions, but on the integrity of government security procedures that have proven to be insufficient to the task, time and again.

The only saving grace is that the FBI continues to pursue a moving target. Even as officials lean on Apple to create a back door into secure mobile devices, privacy-seekers seekers flock to third-party apps, such as the well-regarded Signal, that add yet another layer of encrypted security to communications. The FBI could ultimately win the current battle, only to discover that the data it seeks is increasingly cloaked by open source and overseas developers resistant to courtroom strong-arm tactics.

Politicians and law enforcement may push for a police state, but it's one managed by the Keystone Kops, and forever a step behind privacy-minded innovators who refuse to place their trust in snoops who can't keep their own secrets, let alone anybody else's.

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

38 responses to “Don’t Trust the FBI’s Ability to Keep an iPhone Back Door to Itself

  1. The FBI allowed a top government official maintain a private email server in her bathroom for almost a decade. This server contained some of the most sensitive material under the sun, and obligation under oath and there was also a blackberry involved. Furthermore the perp delegated reading to her subordinates (allegedly) and authenticated access permitted by software passkey only maintained on premises. The FBI simply cannot be trusted with top secret information.

    1. The FBI simply cannot be trusted with top secret information.

      Or the State Department. Or Hillary. Or the Office of Personnel Management.

      Should we count the Obama administration as Manchurian Administration, or the most incompetent boobs of all time?

  2. And truthfully, Apple’s battle isn’t against a one-off court order to crack an encrypted phone

    Bill Burr did a bit about how a girlfriend is like a robot, “Chika, Chika, Chika”. They just keep nagging until they meet resistance and then bounce back a few steps only to do it again. The govt is never about one-offs. They just go about it another way.

    1. And they have armed men.

  3. Want to earn over internet from your couch at home by working easy jobs with your desktop or laptop for 3-5 h a day, get 55 dollars hourly and get a paycheck at the end of each week and choose yourself the time when you work and for how long. its original site…..Visit that………

    ——- http://www.workprospects.com

  4. “We don’t want to break anyone’s encryption or set a master key loose on the land,”

    “but, as you and we both know well, shit happens.”

    1. We don’t want to = But we will anyway, what are you going to do about it?

  5. “We don’t want to break anyone’s encryption or set a master key loose on the land”

    The first part is a lie, because that’s exactly what they are trying to do. And the second part is only a half-truth in that I’m sure the FBI would be fine keeping the key for itself so it can exclusively do what they said they didn’t want to do in the first part of the sentence.

    1. Yep. How these clowns can utter stuff like this with a straight face is amazing.

      “But Syed Farook wasn’t just ‘anyone’ — he was a fucking *terrorist*!”

    2. The first part is a lie, because that’s exactly what they are trying to do.

      Technically, they are not trying to break the encryption itself, they are trying to break into an encrypted phone by brute forcing the pin.

      I’m sure the FBI would be fine keeping the key for itself

      As I read the court order, the FBI wouldn’t even be getting the key.

      The real question you should ask yourself is: even if the key actually made the data secure (it does not), do you seriously believe that Apple can keep a digital signature from leaking out in the first place? And do you want the privacy of all Apple phones depend on that? I certainly don’t: that’s not the right way to design phone encryption.

      1. And that has absolutely nothing to do with the legal issues in play here.

        1. Be that as it may, SugarFree’s statements were false and misleading, and I corrected them.

          Furthermore, what I’m trying to tell you is that the legal issues are largely irrelevant: no legal system is going to protect your data reliably.

    3. It is against federal law to use this information for unauthorized purposes. If anyone hack into your phone, the FBI will go after them. See? No worries.

  6. The government can’t be trusted?

    But the progs say it can and only wants to help you buy some Obamacare or pay a tax.

  7. And while FBI Director Comey promises “We don’t want to break anyone’s encryption or set a master key loose on the land,” restraint in its use would depend not only on FBI intentions, but on the integrity of government security procedures that have proven to be insufficient to the task, time and again.

    But the integrity of government security procedures isn’t the FBI’s problem. That’s the DHS/OMB/DoD/CIO/ISIMC/PMC/NSC/CSIP’s problem and they’re even now hammering out a framework for the drafting of proposals to evaluate the feasibility of conducting a review to determine the best practices method of selecting a committeee to consider methods of procuring jelly donuts for the conference room snack table. The FBI just want to be able to legally hack into your electronic data, the fact that others might then illegally hack into it as well doesn’t concern them – well, until they do hack into it, it is illegal after all.

    1. hammering out a framework…

      A masterpiece in distancing from anything productive.

  8. Damn, nobody has yet asked the question? You know who else couldn’t be trusted with back door access?

    1. Jim Morrison?

    2. AC\DC?

    3. Anyone serving time in a maximum security prison?

      Sterling Archer?

    4. Robert Plant

  9. You don’t trust the FBI to keep a backdoor to itself, but you do trust Apple? Do you seriously believe that Apple’s iOS source code and code signing keys haven’t already been leaked by their employees, if not actually officially handed over to foreign intelligence agencies (as has happened with Windows)? There are excellent reverse engineering tools and hardware debuggers; do you seriously believe that dedicated hackers and intelligence agencies haven’t reverse engineered the cryptographic libraries already?

    Anybody who believes that this charade going on between the FBI and Apple is going to protect our privacy in any meaningful way is a bloody fool.

    The only way to protect our privacy is through cryptography that nobody can break, not even the phone manufacturer. It’s easy to build such technology, lots of phones have it already. Demand that your phone manufacturer use such technology to protect your phone.

    1. You don’t trust the FBI to keep a backdoor to itself, but you do trust Apple?

      Neither should be trusted. But let’s not spread the backdoor even further, or set back legal precedent.

    2. Anybody who believes that this charade going on between the FBI and Apple is going to protect our privacy in any meaningful way is a bloody fool.

      I’ve maintained that the best way to make sense of the matter is to conclude the the FBI can already crack Apple, and wants to publicly *lose* to Apple in court to convince people otherwise.

  10. Don’t Trust the FBI’s Ability to Keep an iPhone Back Door to Itself

    FTFY

  11. What the FBI really wants here is the ability to backdoor everybody’s phone, so that instead of what J. Edgar Closet-Case had to do, prancing around in his pinafore and sending threats to MLK demanding that he kill himself, a future FBI thug will be able to load up a future dissident’s phone with kiddie porn and then send him a message saying “hey, look what’s on your phone: you’d better kill yourself”.

    The FBI is a criminal organization. This country needs them disbanded.

    -jcr

  12. It’s almost certainly true that the FBI doesn’t intend to share the weakened operating system far and wide.

    What could possibly cause a rational human to believe this?

    The only saving grace is that the FBI continues to pursue a moving target.

    Apple has really smart people working for it. I have little doubt iOS 10 or iOS 11 is going to be instantiated such that what the government is requesting today will be impossible tomorrow.

  13. Politicians and law enforcement may push for a police state, but it’s one managed by the Keystone Kops

    That’s our only saving grace. I shudder to think about what things would be like if these assholes were actually competent.

  14. I’m making over ?5k a month working part time. I kept hearing other people tell me how much money they can make online so I decided to look into it. Well, it was all true and has totally changed my life. For further details

    Check this link http://www.workprospects.com

  15. I’m making over ?5k a month working part time. I kept hearing other people tell me how much money they can make online so I decided to look into it. AP Well, it was all true and has totally changed my life. For further details

    Check this link http://www.workprospects.com

  16. the media and the government keeps telling us these home grown terrorist were acting on their own however Rep Peter King told Fox news that getting in that phone can save thousands of lives. If it can save thousands of lives then they know those two terrorist were not acting alone or King lied about the importance of whats in the phone. either way he has lied and therefore can not be trusted with the key to any phone. My conspiracy is I still think they were working on behalf of the government otherwise they would have killed everyone there and were under the impression they could get away. Since when do terrorist stop killing and flee? it was either that or a hit.

  17. Don’t Trust the FBI’s Ability to Keep an iPhone Back Door to Itself
    Federal officials can’t keep their own secrets. Would you really trust them with the ability to access yours?

    This citizen would not trust government agencies with keeping their bras properly fastened, nor with keeping their trousers zipped, sad to note.

  18. My last pay check was $9500 working 12 hours a week online. My sisters friend has been averaging 15k for months now and she works about 20 hours a week. I can’t believe how easy it was once I tried it out. This is what I do..
    Clik This Link inYour Browser….

    ? ? ? ? http://www.WorkPost30.com

  19. My last pay check was $9500 working 12 hours a week online. My sisters friend has been averaging 15k for months now and she works about 20 hours a week. I can’t believe how easy it was once I tried it out. This is what I do..
    Clik This Link inYour Browser….

    ? ? ? ? http://www.WorkPost30.com

  20. Do you want to earn from home by working basic work using your desktop or laptop for 4 to 6 h on daily basis, get paid 75 bucks an hour qk and get a paycheck every week and choose yourself your working time?

    ——– http://www.workprospects.com

Please to post comments

Comments are closed.