For those of you who aren’t familiar, the FBI and Apple have been at odds for some time. It started back in 2016 when the FBI used the tragedy in San Bernardino to try to convince Apple to make it so that the FBI can break into Apple devices if such an incident were to arise again. This debate was renewed recently with the shooting that occurred at NAS Pensacola in Florida. On one side of the argument, the FBI is arguing they need to be able to break into these phones to uncover evidence that may be vital for them to prevent a similar attack. However, Apple is refusing to install a backdoor or make it so the FBI can break the encryption because they believe in privacy, and because they claim that making a backdoor for one organization will create a backdoor that others can use. In this blog, we will talk through a few of the intricacies of this argument and give our take.
Right up front, most of the security community, including Triaxiom, side with Apple on this one. The simple fact is, creating a backdoor that can only be used by the FBI is dangerous. The only way to create a backdoor would be to purposely build-in a flaw in the system. With the right motivation, it is likely an attacker would be able to uncover this flaw, and if so, would likely publish that vulnerability to the world. At that point, because everyone’s iPhone has this flaw, everyone’s privacy would be impacted.
Second, there is no way for Apple to give the FBI access to just terrorists’ phones. If they are building in this backdoor and disclosing it to the FBI, they would be giving the FBI the keys to everyone who uses an iPhone. Further, if this was created and publicly known, it would not be long before other countries started demanding the same thing. Apple relies heavily on other markets, such as China. If they give into the FBI’s demand just because they are headquartered in the US, they would come under tremendous pressure from China and others to do the same for their governments. China could even go so far as to say no iPhones can be sold unless this happens, potentially putting Apple out of a large market for their business. Plus, even if it is just the US government there remains concerns that this power would be abused.
Finally, this likely will have little to no impact on stopping terrorism, domestic or otherwise. By design, the industry-recognized encryption algorithms that Apple is using to keep the FBI out of these phones are open source. What makes an encryption algorithm strong is the fact that it is published to the community and experts across the world have tried to find flaws in it. This means that everyone in the world would have access to this encryption. So even if Apple stopped using this encryption or installed a backdoor for the FBI to bypass this encryption, anyone who was trying to hide information could just encrypt it themselves, ultimately achieving the same level of protection. The result for this is that privacy would be more inconvenient because you would have to use another app or program to encrypt your messages (of which there are hundreds of free applications to do so), but still easily achievable. The end result is that Apple providing a backdoor for the FBI would reduce the privacy of an average iPhone user, but anyone who was doing something nefarious would likely still be able to encrypt their data in such a way that it couldn’t be broken.