The ongoing legal battle between Apple and the FBI has dominated security news for a few weeks now. There are always presentations and discussions related to privacy and encryption at the annual RSA Conference, but current events made it a dominant focus this year. The nation as a whole is divided on whether Apple is right to resist the court order to assist the FBI, or the FBI is right to go to such extremes in the interest of national security.
Regardless of how this issue plays out, it will have significant and long-term consequences for privacy, and may impact the ability of US companies—particularly US tech companies—to do business in other countries. The security industry is also somewhat divided, but leans more heavily toward supporting Apple and privacy.
Breaking consumer trust
“I’m concerned that since Apple has attempted to deny the FBI request citing the use of “backdoors,” warns Gunter Ollmann, CSO of Vectra Networks. “Should Apple lose this legal argument; the repercussions could be extensive for the entire security industry. The installation of a backdoor would mean rolling back the clock to the way technology providers used to operate (and the products they deploy) – which is likely a big problem for Apple and many others in technology today.”
Ollmann points out that there are technological reasons why it has taken so long for smartphone-enabled payment systems to gain traction, but the biggest obstacle to mainstream adoption is trust. Consumers have gained trust in Apple Pay, Android Pay, and other mobile payment systems based on trust in the embedded encryption technologies and the understanding that the providers are not retaining keys, passphrases or other encrypted data from the transactions.
“The prospect of creating an encryption backdoor will kill this transformation in securely managing data—like smartphone payments—before it has truly begun,” stresses Ollmann. “Governments that choose to go down this path will likely find that their tech industry will suffer as competitors in less restrictive countries will have a growing advantage.”
It’s not about encryption backdoors
Ollmann has a good point about the potential ramifications of Apple’s argument against the FBI request. The current battle between Apple and the FBI isn’t actually about an encryption backdoor, but Apple seems to be conflating the issues. In his interview on World News Tonight, Apple CEO Tim Cook muddied the waters by talking about the issue as if we are talking about a backdoor to all iOS devices.
I made a short video trying to clarify that issue. Actually, it was way shorter in my head, but once I got started it ended up being almost 20 minutes long. You should check it out, though, so you understand the difference between the encryption backdoor debate and the current privacy / national security controversy between Apple and the FBI.
Ajay Arora, CEO of Vera Security, compares the FBI request to opening Pandora’s Box. “If Apple did build this special version of iOS, it would nearly impossible to contain. Once it exists, there’s no going back and if that code got into the wrong hands, things would quickly get very, very messy.”
Arora also refers to the repercussions beyond US borders for companies trying to business around the world. “Our global economy operates on a backbone of trust, and the knowledge that an agency or an independent actor somewhere could gain access to private information would undermine that trust, compromise security, and damage everyone’s ability to transact business.”
Cook has stated that he and Apple are willing to fight this all the way to the Supreme Court of the United States. It will likely take years of lower court decisions and appeals to get there, but ultimately this debate sort of needs to be decided by the Supreme Court. Until or unless it is, we will continue to see intelligence agencies and law enforcement tying up tech companies in court trying to gain access to information in ways that—in my opinion—overstep their authority and violate the Constitution.
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022
- Maggie MacAlpine Chats about Collaborative Threat Intel Initiative - October 14, 2022
- Intel Outlines Focus on Innovative Security Technologies - October 8, 2022