Mar 052016

Lots of people, including Albert Einstein, have said variations on the theme of “the state exists for the benefit of its individuals. Individuals do not exist for the benefit of the state”

iPhone with Back DoorHas that view ever been more appropriate than in the current debate about whether Apple should be forced to build a “backdoor” to defeat its iPhone encryption in order to allow the US authorities to read the contents of a (dead) bomber’s iPhone? To put this “backdoor” business into simple terms, it means creating a “master key” so that the “keyholder” (in this case, the US authorities) can bypass any enryption without needing to know the password.

It seems to be the FBI who are currently shouting loudest for the need to force Apple to create the means to read the contents of encrypted phones. They are warning that strong encryption (ie encryption that they can’t break) will take us to a “dark place” where criminals and terrorists will be beyond the law. They are seeming to suggest that the only way of catching these people is by reading the content of their phones. Apart from anything else, they are ignoring the fact that if the authorities were known to have a key to the contents of the phone then the criminals would be more careful in using the phone (Gee, Ollie, I never thought of that).

There are plenty of reasons why all of this does not seem to me to be a good idea:

Tim Cook - CEO of Apple

Tim Cook, CEO of Apple

  • You can not create a backdoor that just breaks open criminals’ phones. If the security services have their way in this then every single smartphone in the US (and, by extension, the world) would be an open book to the authorities. Why not take this just one step further and require every single person to wear a bodycam all of their waking lives, and to send all of the data off to the authorities? Why not? And while we’re at it, why not require everyone to register their fingerprints and DNA with the authorities?
  • You would be trusting that the backdoor (the master key) only ever remains in the hands of the right, trusted person(s). How could anyone ever guarantee that that would work? Forever. Never ever slipping up once. The key only has to escape once and that’s it. Everyone’s security and privacy has been compromised as no-one knows where that lost/stolen/copied key is going to get to.
  • Even before the genie gets out of the bottle (ie while the key remains in the right hands), how do you know that the key is only being used for legal and legitimate purposes?
  • Strong encryption already exists and criminals/terrorists are hardly likely to eschew its use just because some new law mandates that they must use smartphones that include a backdoor.
  • Just suppose that a backdoor is created and a terrorist is put on trial as a result of the evidence revealed using it. The defence may ask the prosecution to prove that the evidence is genuine and valid. This might involve giving away information regarding the backdoor (highly undesirable in terms of the security of everyone else’s iPhone), or of being so technical and difficult to understand that a jury wouldn’t be able to judge the validity of the “evidence” revealed by it (thereby defeating the object).
  • And I’m not listening to the argument that says that you could create a backdoor just for this one purpose (ie to crack the San Bernadino bomber’s iPhone). Having done it once, then the ability exists: the key can be copied – either by the authorities or by others. The principle will also have been established. You might just as well say “Give us permission to torture a particular terrorist. We’ll only do it once (we promise), but it’s necessary because we’re pretty sure we’ll get some information that we couldn’t get by other means. We really won’t ever ask to do it to anyone else. Honestly. We just need to torture this one person”.

Throwing the Baby out with the BathwaterBut why bother with what I think? For a far more informed view, see what Tim Cook, CEO of Apple, has said about the encryption debate in an open letter published online to its customers.

No right-minded person wants to see terrorists flourish, but let’s just be careful that we don’t throw the baby out with the bathwater. Let’s not create a society in which the interests of the state are paramount and to hell with individual rights and privacy.

© 2011-2018 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha