What has the stand-off between the US tech giant and the FBI revealed about the future of encryption, personal data security and criminal investigations?
The battle between Apple and the FBI may seem like it’s over (at least for the moment) and both sides are claiming a victory, says Michael Hack of Ipswitch. However, the high profile war of words between one of America’s biggest tech giants and the world’s most advanced government intelligence agency has brought the debate about state access to personal data and the protection of civil liberties to the fore once again. It’s also forced us all think more about the mechanics of strong and effective data encryption.
Throughout the case, Apple has argued that the best way to keep the hackers out and keep people’s iPhone data safe is to refrain from building the kind of back door into its mobile OS that the FBI wanted. Even now, the company’s stance is that, when it comes to encryption, it’s a case of all or nothing; you can’t ‘partially encrypt’ data and hope for 100% data security.
In fact, Tim Cook, Apple’s CEO is on record as saying, “…there is no such thing as a back door for good guys only.” And, according to Reuters, White House cybersecurity coordinator Michael Daniel, has also acknowledged he knows of no one in the security community who thinks that a back door wouldn’t compromise encryption.
Debates such as this over IT encryption, protection of personal data and defence of national security are not new. There was a similar conversation in the Clinton-era over what was known as the ‘Clipper chip’. The Clipper Chip was a microcircuit that could encrypt data but also give the government access to the keys needed to unlock it again. The chip faced backlash from the public and was never adopted. And it set an important precedent for encrypted communications in the US.
A similar discussion is taking place back home in the UK right now too. David Cameron’s government is pushing for the Investigatory Powers Bill (dubbed The Snoopers’ Charter) to be made law by the end of 2016 after attempts to introduce a similar bill failed in 2013 under the previous Coalition.
Measures in this bill, heard in the House of Commons at the start of this month, would allow police to break in to electronic devices to investigate or prevent “serious crime” and “death or injury, or damage to a person’s physical or mental health.” So-called “equipment interference” could potentially cover remotely hacking in to phones or computers, or by-passing security on seized equipment.
It’s not overstating the point to say that this case and the wider debate could also have a significant impact on the way in which the US carries out global business. Indeed, the issue continues to raise concerns around the world about how secure corporate data is while it is being stored by US companies (either in situ in the US or by US companies operating abroad) or on devices developed by US companies.
It’s likely to continue to feed into the wider debate about data privacy which is raging between the US and the EU and make more it difficult for the EU’s Working Groups that are currently finalising the Privacy Shield Protocol to agree on exactly how much protection will be afforded to EU citizens’ data when it’s transferred in and out of the US.
We’ll have to wait to see the long term impact that the spat between Apple and the FBI has on the security of individual iPhones as well as the ability of government agencies to access personal data. If Apple is forced one day to finally create the back door that the FBI wants, then one chilling consequence is that criminals will most likely switch to other, more secure methods to talk to each other — and use apps created by countries outside the US that offer encryption mechanisms even more secure than Apple’s.
Perhaps, in this light, the FBI was right to pursue an alternative policy and find a different way to beat Apple’s encryption technology itself (and in secret) so that the personal data of law abiding citizens can remain secure while the FBI works diligently to track down those who would commit serious crimes and do harm on a large scale. www.ipswitch.com
The author of this blog is Michael Hack, senior vice president EMEA operations, Ipswitch.
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow