A federal judge ordered Apple to comply with the FBI’s request for technical assistance in the data recovery from the San Bernardino gunmen’s iPhone 5C.
In an open-letter published on Apple’s website, Tim Cook publicly challenged the US government and the FBI, saying what it is asking of the company fundamentally violates the privacy, security, and trust of its customers.
The White House spokesman Josh Earnest said the FBI request for access did not mean they were asking for a “back door” or unauthorized access into the company’s device or for it to be redesigned. “They are simply asking for something that would have an impact on this one device”.
But based on my Security Developer expertise, any tool as the requested is like “The Lord of the Rings: One Ring to rule them all, One Ring to find them, One Ring to bring them all…”, because after created a way to circumvent the security protocols, it can be used in anyone that use the same system and can’t be restricted to only one device, creating a back door in the product.
The FBI request is simple, they want to recover the keys stored in the iPhone, and this is the point, as developer focuses on security, when you create a secure system YOU CAN’T HOLD ANYTHING IN IT, every key or password need to be created or introduced at run time by the user and be safe deleted when the system is going shutdown.
This concept is known as User Controlled Encryption (UCE) and it is implemented in CuaimaCrypt, CCLI or any other system developed by Valhala Networks or BolivarTech, because this the developer can’t be forced by anyone, including a judge order, to reveal or recover it because is unknown by him and also it is technically impossible.
In the other point of view as human being, we want to enforce the law and solve and prevent crimes and terrorist acts, and I know that encryption can be an insurmountable barrier that can cool a case, but also we need to weight this with The Universal Declaration of Human Rights (Article 12): “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks”; and this is just the point one tool like the requested by the FBI to Apple, it is impossible to confine to a single device and would be opening Pandora’s box against iPhone users’ privacy.
To this situation we need to keep the perspective how anti-cryptography laws are being imposed from the terrorist attack at Paris.
For example, at California, the State Representative Jim Cooper is touting a bill, AB1681, that would force mobile devices to come with encryption off by default starting January 1, 2017. Any phone sold after that date would also have to be “capable of being decrypted and unlocked by its manufacturer or its operating system provider”, and any smartphone not meeting these requirements would result in the manufacturers being fined $2,500 per offending device.
A New York assemblyman TITONE has reintroduced a new bill, A8093, that aims to essentially disable strong encryption on all smartphones sold in the Empire State, because “Terrorists will use these encrypted devices” to plan attacks.
Among other restrictions, the proposed law states that “any smartphone that is manufactured on or after January 1, 2016 and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider.” and any smartphone not meeting these requirements would result in the manufacturers being fined $2,500 per offending device.
Yes, both laws are practically identical, only changed the date when it will begin to be effective.
The French Parliament is considering a legislative provision, The Digital Republic bill, that would ban strong encryption by requiring tech companies to configure their systems so that police and intelligence agencies could always access their data.
This French anti-encryption amendment is a response to the two deadly Paris terrorist attacks in 2015, despite the fact that the attackers repeatedly used unencrypted communications by text messages and phone calls with senior operatives elsewhere at Europe in the leadup to the killings.
At UK the Investigatory Powers Bill will place in law a requirement to tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant.
And also that Bill say “… if it is shown that that person was in possession of a key to any protected information … that person shall be taken for the purposes of those proceedings to have continued to be in possession of that key at all subsequent times, unless it is shown that the key was not in his possession after the giving of the notice and before the time by which he was required to disclose it.”, that mean you will be sent to jail for refusing to give up encryption keys, regardless of whether you have them or not.
About this law, Apple says that while the new law might help British authorities fight terrorism, it will weaken the security of “hundreds of millions” of people who use Apple’s platform.
The real problem with this topic about security and encryption is because it falls in the fine line between national security and personal privacy and as Spock says, “The needs of the many outweigh the needs of the few”, but the problem is, who are the many and the few in this case.
Julian Bolivar-Galeno is an Information and Communications Technologies (ICT) Architect whose expertise is in telecommunications, security and embedded systems. He works in BolivarTech focused on decision making, leadership, management and execution of projects oriented to develop strong security algorithms, artificial intelligence (AI) research and its applicability to smart solutions at mobile and embedded technologies, always producing resilient and innovative applications.