Editor   26 Mar 2016   Internet Governance

Printer Friendly and PDF

Diplo’s webinar on the Apple-FBI case, on 17 March (watch the recording), evolved into a Socratic dialogue on the core concepts and underlying assumptions of the case. The lively debate inspired us to create a series of posts that argue the main dilemmas, played out by three fictitious characters, Privarius, Securium, and Commercias. While the first post summarised the main facts, and the second tackled security-related arguments, the third conversation tackles privacy and encryption. Join us in the debate with your comments and questions.

Commercias: ...A win for Apple - among other issues - is also a win for privacy...

Privarius: The question is, can Apple damage privacy by claiming to protect it? In making extreme claims, they could be pushing the pendulum too far, and risk provoking a counter-reaction by endangering privacy protection. As President Obama recently said at a South by Southwest (SXSW) conference, ‘after something really bad happens, the politics of this will swing and it will become sloppy and rushed and it will go through Congress in ways that are dangerous and not thought through.’

Commercias: On the other hand, we may say that it was the FBI who was, in fact, pushing too much. Apple and similar companies have cooperated by giving investigators all the data they have about the suspects; yet the FBI is asking them to go an extra step, and in the process, weaken the products’ encryption. The fact is that the FBI has already acquired large amounts of evidence about this case thanks to digital forensics and the support of the Internet industry (including Apple). Today, a user’s digital communications is not only saved on his/her phone, but is stored in the cloud by service providers such as Facebook or Google, which readily cooperate with the FBI to provide the data its investigators need.

Privarius: This also raises several questions: Was there really such a need to break into the phone? Does this justify setting a precedent? Is the benefit of this request proportional to its consequences?

Commercias: Furthermore, security experts such as the former US anti-terror chief claim that the FBI could have turned to the NSA for help, since this case may be related to terrorism; it is likely that the NSA has advanced techniques that can break the code. This can lead us to conclude that there might not have been a real need for the FBI to push Apple; yet the FBI chose a case linked to terrorism to push its limits and try to set a precedent.

Privarius: One positive aspect, if you may, is that as a result, encryption technology is flourishing. There are dozens of unbreakable encryption applications online, readily available mostly for free. There are complete solutions, integrating hardware, OS, and software. More importantly, hardware development has led to the creation of motherboard chips, such as Intel’s SGX, that incorporates encryption within a silicon wafer; this chip will soon become a common feature in products, with little possibility (if any) for anyone to unlock it with the use of any software or hardware patch. The outcome will affect how users choose their products, and may lead them to switch to other products with tighter encryption, or to install their own encryption software. This will leave law enforcement with even less control.

Commercias: But even with less control, law enforcement agencies may still be able to carry out their investigations without breaking encrypted communications - such as by using metadata, digital forensics, offline means, etc - right?

Privarius: Yes, they can. While there is little evidence on the usefulness of meta-data (zero success according to NSA) or access to encryption materials in preventing terrorist attacks (prior to the Paris attack, terrorists used unencrypted SMS), most criminal cases now require digital forensics as a critical part of the investigations. I would however distinguish between surveillance for national security purposes and to combat terrorism, from digital forensics for combatting crime (and not only cybercrime).

Commercias: True. Law enforcement has many digital forensics tools available at their disposal. I would add geolocation, data from telecom companies, and access to service providers’ cloud storage through court orders and other legal means. Besides, recent research (such as that by the Berkman Center) foresees that cyberspace is unlikely to ‘go dark’, for many reasons, and there will still be many sources for digital evidence without the need to break into encrypted spaces. Which would mean that Apple can retain its strong stand over privacy…

The next post, published on Monday, 28th March, will discuss privacy and the economic model. Stay tuned.

Comments

  • Profile picture for user Ginger Paque
    Ginger Paque, 09/27/2020 - 12:51

    With the update that the FBI has decrypted Syed Farook's iPhone, (https://www.justice.gov/usao-cdca/pr/statement-united-states-attorney-e…) more than ever, I wonder if the lawsuit was suspended because there was a backroom agreement between Apple and the FBI to cooperate on the decryption. What is the possibility that Apple 'informally' assisted in order to defuse the situation and avoid a more serious confrontation?

  • Profile picture for user Vladimir Radunovic
    Vladimir Radunovic, 09/27/2020 - 12:51

    According to some news, it was an Israeli company that was hired by the FBI to break the phone. Some experts believe also that the FBI turned to the NSA to break it (NSA does have advanced hardware-based methods to break into the chip). Others believe that Apple helped FBI, but off-the-records, so that they withdraw the order. Finally, there are those that think FBI has not managed to get into the phone but are only bluffing, in order to get out of this messy situation.
    Some recent opinions raise an issue of responsibility of FBI, according to the US legislation, to disclose the vulnerability of the Apple system if they found one. So it may happen that Apple now insist that FBI discloses how they managed to break into the phone, and even sue them!

Leave a Reply

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
  • You may use [view:name=display=args] tags to display views.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.