Do you remember in Spice World when the evil newspaper owner, Kevin McMaxford, was obsessed with destroying the Spice Girls’ reputation? Neither do I! I read the Wikipedia summary of that plotless, meandering, chaotic movie (that I saw twice in the theaters) to refresh my memory. McMaxford enlisted an underling to film, photograph and spy on the Girls. It would be much easier for him to hack the Spices’ phones, but luckily the Girls only use encrypted devices! Encryption frustrates efforts by law enforcement and nefarious actors to access data on one’s devices. The government continually asks tech companies, like Apple, to provide decryption keys. If Apple creates backdoor access for the government, what will prevent Kevin McMaxford from exploiting the same vulnerability?
Following the San Bernardino terrorist attack in December 2015, the FBI asked Apple Inc. for assistance to bypass security features of a locked iPhone that belonged to one perpetrator. Apple declined to cooperate. Eventually, the FBI found a third-party to unlock the phone. Apple challenged the federal government’s authority to compel assistance under the All Writs Act, which allows federal courts to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”[1] On February 29, 2016, the U.S. District Court for the Eastern District of New York held that the law did not give the government the legal authority to force Apple to decrypt devices to aid law enforcement.[2] Some argue the ruling creates insurmountable obstacles for law enforcement in light of technological advances, but the government should not have unconditional authority to degrade commercial security. The result will be government overreach by providing law enforcement access to millions of innocent users’ data in the name of national security.
The government claims narrow use of decryption to access user data, but information released by Snowden exposed an expansive government surveillance operation that is presently curbed by improved encryption. The government “highlights the need for targeted surveillance– something that most people desire in at least some circumstances– to justify massive surveillance capabilities– where that consensus markedly breaks down.” [7] Law enforcement will not only use eased encryption to solve or prevent crime, but to bolster its intelligence gathering apparatus that already indiscriminately gathers user information. Private companies should not be required to participate in government surveillance activities, which can damage their product and decrease user trust.
Devices the government previously opened with ease are now extremely difficult to unlock due to Apple’s new encryption methods. The company does not store users’ passcodes. If the government wants access to a locked phone, it must guess the passcode with the understanding that too many incorrect entries will delete all stored data.[3] If Apple was forced to design a mechanism for law enforcement to decrypt user data, it would pose several security risks to Apple’s iOS. Apple requires all software be signed to run on an iOS device, which protects its customers from viruses and malware that infects many desktop users’ computers. A backdoor created for the government risks exposing iOS users to viruses and leaves their data vulnerable to actors who may steal it.[4] “If Apple writes the code and gives it to the FBI to use, some or all of the code may fall into malicious hands. Whereas, if the code is executed within Apple’s secure facilities, the connection between the FBI and Apple could become a target for attack.” [5] Compromised encryption may help the federal government catch some criminals, but it will facilitate other attacks.[6]
In early 2020, it was revealed that Apple’s plans for end-to-end encryption of iCloud backups would not proceed. iCloud backups are one of the most effective method for law enforcement to retrieve evidence. The termination of the end-to-end iCloud encryption plan advantages the FBI. Ordinarily, when the government utilizes software to exploit vulnerabilities, it must physically possess the phone. iCloud backups; however, can be remotely searched.
One reason Apple may have ended this program was fear the government would retaliate with restrictive anti-encryption legislation.[8] In June 2020, the Lawful Access to Encrypted Data Act was introduced by Senators Lindsey Graham (R), Marsha Blackburn (R) and Tom Cotton (R), which requires all manufacturers of encrypted devices and operating systems to create a backdoor to decrypt data upon request.[9] There has been no movement with this bill in over a year.
If tech companies terminate end-to-end encryption, data for most users will be less secure and criminals will likely find alternate methods to encrypt data on the black market.[10] It is difficult to gauge how big a challenge encryption poses for the government because it will not disclose how many investigations have been hindered due to encryption, and misled the public about the number of phones it was unable to open by several thousand. [11] If the government’s request for decryption was proportionate to its need, it would be forthright. The government of J. Edgar Hoover wants its citizens’ trust, but it has to earn it.
Trust it,
Use it,
Prove it,
Groove it,
Show me how good you are!
BS
[1] 28 U.S.C. § 1651.
[2] John L. Potapchuck, A Second Bite at the Apple: Federal Courts’ Authority to Compel Technical Assistance to Government Agents in Accessing Encrypted Smartphone Data Under the All Writs Act, 57 B.C. L. R 1433 (2016).
[3] iPhone security and applied cryptography experts including Dino Dai Zovi, Dan Boneh (Stanford), Charlie Miller, Dr. Hovav Shacham (UC San Diego), Bruce Schneier (Harvard), Dan Wallach (Rice) and Jonathan Zdziarski, p. 7.
[4] Amicus Curiae Brief of Law Professors in Support of Apple, Inc., p. 9.
[5] Id at 18.
[6] Jennifer Granick, American Spies: Modern Surveillance, Why You Should Care, And What to Do About It (Forthcoming Winter 2016, Cambridge University Press), p.279.
[7] Id at 278.
[8] https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT
[9] https://www.judiciary.senate.gov/
press/rep/releases/graham-cotton
-blackburn-introduce-balanced-solution
-to-bolster-national
-security-end-use-of-warrant-proof-encryption-
that-shields-criminal-activity
[10] https://www.zdnet.com/article/the-encryption-war-is-on-again-and-this-time-government-has-a-new-strategy/
[11] https://www.washingtonpost.com/
world/national-security/fbi-repeatedly
-overstated-encryption-threat-figures-to-
congress-public/2018/05/22/5b68ae90-5dce-
11e8-a4a4-c070ef53f315_story.html?noredirect=on
Do you suspect you are without a heart? Watch the 2006 Jane Eyre miniseries and…
You will not receive more Instagram followers, a podcast, sponsored trips, or passes to b-level…
Is VP Harris scared of tough questions? I don't know, her people have not gotten…
To celebrate the 17 year and 11 month anniversary of the Phantom Planet LP, I…
Captain America: Civil War has a 90% fresh rating on Rotten Tomatoes despite the outrageous…
The expression “it is better to give than to receive” is often true because people…
