Keeping the Back Door Locked
The battle over an encrypted iPhone raging between Apple and the FBI is both complicated and simple. It goes beyond unlocking the phones for suspected terrorists. It comes on the heels of increased debate about forcing companies to provide a back door to encrypted data.
This is no ordinary order, and this is no ordinary case. When it comes to law enforcement, companies are required to comply with court orders to provide information or data to assist in the investigation of a crime.
So why is Apple fighting this order? In this case, the demand placed on Apple goes beyond what could be considered reasonable access. The judge is ordering Apple to create a tool or software that doesn’t already exist.
The attention on this case was already high because it involves national security and the threat of terrorism. The FBI is unable to access information on the phone that belonged to one of the two San Bernardino attackers who killed 14 and injured 22 people during their December 2 rampage.
Like many smartphones, an iPhone is programmed to wipe all the information on a phone after ten failed password attempts. The judge is ordering Apple to circumvent this feature and allow FBI agents to freely access all the information on the phone.
The agency isn’t requesting access to information stored in Apple’s databases or the cloud. It’s not the same as asking for phone records or even the legal interception of communication. If you compare this request to a search warrant for a property, it’s like asking property manager to hand over the keys to all the residences in a housing complex versus access to a single home. It’s a demand for a tool that will break encryption.
While this request centers on a specific case, it is not far removed from the ongoing demands for companies to provide a back door to encrypted information. Governments around the world want companies that build encrypted devices to provide a way to circumvent the encryption.
Circumventing encryption is not a new demand. For the last 20 years, governments have been trying to force companies to make sure law agencies can access all information at any time. While that quieted down over the years, the increase in encryption combined with a growing fear of terrorism, has meant the debate has renewed again.
While everyone supports eradicating terrorism, breaking encryption is not the answer. Asking companies that stake their reputation on security to keep a back door open completely defeats the principles of encryption and security. Without those principles in place, what can we trust?
About Dr. Nevine Ebeid
Dr. Nevine Ebeid is a Sr. Embedded Security Systems Engineer at TrustPoint. She has a solid experience in cryptography and embedded systems programming.
Nevine received her Ph.D. in Electrical and Computer Engineering from the University of Waterloo, where her research was focused on countermeasures to side-channel attacks on cryptographic alogrithms, especially those pertaining to Elliptic Curve Cryptography (ECC).
Read more posts by Dr. Nevine Ebeid.