I am an IT consultant. My job is to advise and inform organizations on how best to manage their IT infrastructure. In doing that job, I often talk about security and encryption. In lite of the current news about the “FBI vs Apple”, I’d like to talk about security and encryption here.
I’m not an encryption expert
First thing I feel I should say is that I am by no means and encryption expert. I started by IT career in the United States Marine Corps where my job duties did include working with Top Secret material, and holding the corresponding security clearance. I do have training and experience in the field of encryption and security, but honestly I can’t claim to have more than a rudimentary understanding of the math involved in making the most basic encryption work.
In writing this I will do my best to both stay away from the deep technical details. Where I do need to refer to technical details, I’ll do my best to reference people much smarter than I am.
I’ll try to avoid politics
This post (or series if it turns out that way) is by necessity going to be at least somewhat about politics. The issue at hand is the US government mandating a private company to modify their product so to facilitate access to information stored on that device.
I will say that I do not consider myself either a Democrat or a Republican. I dislike the idea of “teams” in politics. I hold some views that would be considered liberal, and some that would be consider conservative.
Whatever my political views on anything else, I am very much against the US government mandating companies give it access to technology for reasons I will explain below.
The inciting event
The event currently at the heart of the matter is the case of the FBI vs Apple. Earlier this week a US Federal Magistrate Judge Sheri Pym ruled that Apple must cooperate with the FBI in their attempts to gain access to an iPhone that was owned by the San Bernardino murders (I choose not to use the word “terrorists” because it seems to me that the it has been abused to the point of being nearly useless).
Besides this event, there have been other recent cases I find equally troublesome. The case of the US Government vs Microsoft over data stored in an Irish data center is one.
The heart of the matter
The basic heart of the matter is pretty simple to discern. Law enforcement feels that they need the ability to access our communications to be able to do their job. If citizens can encrypt our communications beyond law enforcements ability to access them, then law enforcement will feel that they are being “handcuffed” from being able to perform their duties.
On the other hand, privacy and security are absolutely essential for our internet based economy to function. If people cannot conduct business and share ideas on the internet secure in the knowledge that those actives will be private, then the internet will loose much of its value as the most important tool man-kind has even created.
The internet is used for commerce. If we cannot encrypt the data we send over the internet, commerce is not possible
The internet is used to share ideas. If people cannot share ideas without the fear of government spying, free speech is not possible.
Why should technology have different rules?
One argument I hear a lot of from those in support of the law enforcement position is “Why should technology have different rules?”
If law enforcement has good reason to believe I am doing illegal activities in my home, they can go to a judge and get a search warrant giving them legal authority to enter and search my home. If they believe I am using my bank account for illegal activity, they can a warrant to compel the bank to give them access to my bank records, often without my knowledge.
My response to this is because technology is different. If law enforcement gets a warrant to search my neighbor’s house, that does not give them the ability to search my house (potentially without my knowledge). If law enforcement can compel a bank to give them your banking records, that does not give law enforcement access to my banking records. If, however, the government has the ability to circumvent encryption on one iPhone, then they (potentially) have the ability to circumvent encryption on every iPhone, potentially without the knowledge of iPhone owners.
More importantly, if there is a way for the FBI to get into my iPhone, then there is a way for Russian hackers to get into my iPhone.
Let’s say, for the sake of argument, that the FBI gets Apple to develop a way for them to access this one iPhone. Let’s say this access method requires physical access to the phone, so we know it is 100% true that this solution does not allow the FBI to remotely hack into my iPhone. Let’s say we 100% know the FBI will never abuse this power.
How long do you think it will be until the Chinese government demands this solution be provided to them? Do you think Apple would like to sell iPhones in the Chinese market? Do you think the Chinese government could demand this solution be provided to them as a condition of selling iPhones in China? Do you think the same government that is OK with driving tanks over its citizens would only use such power for “good”?
It’s completely possible that the FBI already has access to the San Bernardino murder’s iPhone.
The iPhone in question is an iPhone 5C. This is an older model that does not include “Touch ID”. Here is one of those parts where the technology and math is beyond me, but suffice to say that the iPhone 6 and 6S include some pretty nifty hardware called “Secure Enclave” to make Touch ID possible. This hardware makes those versions of the iPhone much more secure than the 5C.
Personally, I think it is completely possible that the FBI already has access to the iPhone in question, but they want this precedent established to give them access to newer and better encrypted iPhones. This is, in my opinion, one of the major problems with government and law enforcement. They are trained from “birth” to believe that breaches of truth, and even the law, are perfectly acceptable for them.
Many people will think that my last statement is over the line, and maybe even indefensible. Let me give you an example… how often do you think members of law enforcement get speeding tickets? They call it “professional courtesy”, but I believe that every time a police officer flashing his or her badge to get out of a speeding ticket they are training themselves to believe they are above the law. I believe this practice is incredibly dangerous, and if I had my way it would be severely punishable offence. If marijuana is a "gateway drug" then way isn't flashing a badge to get out of a speeding ticket a "gateway abuse of power"?
One of the most celebrated “victories” of the FBI is the imprisonment of Al Capone. In my opinion that story should be told as a cautionary tale of the tyranny of government in general, and the FBI specifically.
The FBI was unable to charge Al Capone with any crime for a very long time. Most of the reasons for this have to do with corruption of other government officials. The FBI eventually charged him with tax evasion.
Have you ever read the US tax code? Do you think you are 100% in compliance with tax code for the last seven years? I guarantee that if they so desired, the US government could charge any citizen they want with “tax evasion” and get a conviction. That, my friends, is why I think any argument that revolves around trusting the FBI or any government is unjustified.
Everyone (I do not exclude myself from that statement) is going to spin this topic to fit their beliefs. That is why free speech is so important. For you to make any informed decisions possible, you should be able to gather the facts and opinions without the fear of government censorship. One of the tools we as citizens have to ensure we can exercise that freedom of speech is encryption. I think many “slippery slope” arguments are total B.S., but in this case I would say it is justified.
Before I publish this article, I am going to send it to several law enforcement officials for their comments. These people may want to comment anonymously, as public comment could affect their jobs. I will offer to keep any communications about this topic encrypted so they do not need to worry about any reprisals from their employers. Alanis Morissette would call that ironic.
In my somewhat less than humble opinion, encryption is a vital tool in the internet age. Any government abridgement of the citizenry’s free use of this tool should not be tolerated.
If Apple ends up complying with this order the ramifications will spread well beyond compromising a single devices security.
“Experience hath shewn, that even under the best forms of government those entrusted with power have, in time, and by slow operations, perverted it into tyranny.” –Thomas Jefferson