By now I’m sure you’ve heard about the FBI’s battle with Apple. In a nutshell, the government is asking Apple to create software that will allow law enforcement to crack the encryption on the phone of the San Bernardino shooter. As eWeek stated:https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iUnfortunately, the claims and counter-claims surrounding the order are shaping up as an all-or-nothing battle in which the government seems to be asking for the keys to Apple's kingdom, while Apple is refusing to give an inch, a position that seems certain to result in a protracted legal battle.
It’s going to be interesting to see how this plays out. It’s a question of where the intersection of personal security and national security is, and I tend to agree with those who have said that this issue will eventually land at the Supreme Court.
I noticed that many within the tech community are standing in support of Apple, but I wondered what the security stance is on this issue. Based on the comments that have been flooding my inbox, security experts are mixed. For instance, Michael Harris, CMO with Guidance Software, told me via email:
We support Apple CEO Tim Cook’s position to oppose the FBI order demanding that Apple create a backdoor for iPhones in order to assist with the investigation of the San Bernardino shooter case. We fully support the need for the FBI and other law enforcement agencies to discover digital evidence in criminal investigations, but we believe this problem should be solved by and between the agency of investigation and forensic security experts.
On the other hand, Veracode’s VP of Research Chris Eng thinks the FBI’s request is reasonable, stating:
The issue here is not one of creating a backdoor; nor is the FBI asking for Apple to decrypt the data on the phone. They’re asking for a software update (which could be designed to work only on that one particular phone) which would then allow the FBI to attempt to crack the passcode and decrypt the data. Such a solution would be useless if applied to any other phone.
Eve Maler, VP Innovation & Emerging Technology with ForgeRock, told me in an email comment that while the request was reasonable since Farook was clearly guilty, Apple has a business model to uphold and a backdoor iOS is beyond the pale.
While I personally agree with Harris when he said that as long as the use of encryption technology is a legal way of protecting user data privacy, the burden of cracking encryption codes should fall on the shoulders of forensic security experts, I think national security also sometimes trumps personal security. I know a lot of people have said that an iOS backdoor will create a slippery slope by giving hackers a new entry point. I say that hackers are already getting access to our phones and devices anyway, and Apple hasn’t exactly stepped up in other areas of security in the past. My own opinion leans more in the way of the comment Lance James, chief scientist at Flashpoint, shared with me in an email:
Forensically speaking and legally speaking, the Judge asked for reasonable assistance on unlocking this specific phone. Even if that requires them to modify the firmware with a key they have they don’t have to give that software to the FBI.
All companies have a way to modify their own devices and software - it’s like car companies having spare keys for individual cars… they exist. They don’t have to provide a back door to the FBI - they can provide a subkey, individual key, or Apple can take the device and unlock it and give them the data they requested.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba