Why not just decrypt this Apple for the FBI?
*Due to the sensitive nature of this blog post, this was excluded from my internal mailings and was only placed on my blog site. Enjoy some thoughts.
Today myself and another researcher had a lot of fun talking about how to define a backdoor. It was an interesting debate as the author (Jonathan Ździarski) was trying to define backdoor.
“A backdoor is a mechanism that has been placed by the creator of the system to enable access to the system through an alternative means.”
Now why are we talking about backdoors? Apple has somewhat brought this argument back into the spotlight. A few months ago, there was talk about this in the media, It was quite clear that a few senators and a few others in the media (https://www.moses.io/2015/11/23-nov-2015-week-ind-security/). This very topic reminded of the clipper chip arguments when I was much younger and not in this business. While I did enjoy the computers I had access to, it was more of a hobby than a profession so I did not fully comprehend the argument back then. The clipper chip provided the government the concept of key escrow to be able to decrypt any item that had been encrypted with a specific cipher or legal encryption protocols. Of course we can already see the fallacy of this argument. Why would someone with mal-intent use only Legal Encryption? The clipper chip argument did fail but only to have emerged with the same drum beat today. You can argue that we can compel all citizens to use some type of U.S. Government sanctioned encryption, but what happens in other parts of the world? We already know how the Indian Government felt about the amount of US dominance in operating systems (http://www.storypick.com/boss-indian-os/)
Bringing it back to Apple. There are two fantastic write-ups on the subject:
https://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/ If you take the time to read here through the arguments, you can see what is being asked of Apple. The question of course is not whether Apple has the technical capabilities to do this, they may. But here are two questions to ponder.
- If they do this for this one phone, where does Pandora’s box end?
- If they do this and the person in question (The San Bernardino Terrorist) used a third-party service that encrypted the chats and this data is longer available, what happens next?
Here are my thoughts on the subject, while I do think the idea of escrow was technically interesting, backdoors are not a good idea. They are dormant until someone else discovers them and could be used against you. I do think Apple could potentially create the keys or work around for this one phone. The precedent however needs to be tested and made clear. This is important because in a digital age, the laws must be made defined and not subject to arbitrary untested measures. Kudos for Apple for bringing this up, even if at the end this decision does not go their way, they have done the right thing.