Skip to main content

Opinion: Apple is right to stand firm on encryption however much terrorist attacks ramp up the pressure

Nobody who watched the news coverage of the terrorist attacks in Paris could fail to be moved by the scenes and the stories emerging from it. It was undeniably a horrific series of events, and it’s only human nature to want action to be taken to reduce the likelihood of future such atrocities.

But there is always a danger at such times that emotion, rather than rational thought, will drive government policy-making. I won’t get into the broader theme there, as there are more appropriate forums for that, but there is one aspect that is very much on-topic for us: the battle between Apple and governments over encryption.

There have already been unattributed reports that the terrorists in Paris used encrypted communication. I have no idea whether there is any specific evidence for that, but it would hardly be damning were such evidence to emerge: it would be frankly astonishing if they hadn’t.

There are three reasons why Apple is right to maintain that it will continue to offer end-to-end encrypted communication no matter how much governments in the USA, UK and elsewhere may protest … 

But let’s begin with a reminder of Apple’s position. Apple uses end-to-end encryption for both iMessages and FaceTime. As Tim Cook told Charlie Rose last year, this means that it would be impossible for it to decrypt the messages even if a government insisted.

We’re not reading your email, we’re not reading your iMessages. If the government laid a subpoena on us to get your iMessages, we can’t provide it. It’s encrypted and we don’t have the key.

The company also introduced strong encryption for iPhones and iPads in iOS 8 so that it would again be impossible for the company to break into the device locked with a passcode.

So Apple is going further here than most companies. It is not just saying it would push back against government pressure to reveal user data, it is saying that it has deliberately arranged things so that it is completely unable to do so.

That’s a strong position, and there’s some pretty heavy-duty opposition to it – including the United States Attorney General, the FBI, the DOJ and other law-enforcement agencies. Among the claims you’ll find in those links are that Apple is putting people beyond the law, risking the life of a child and that the iPhone would be the terrorists’ “communication device of choice.” Since the Paris attacks, the Homeland Security Committee and CIA have joined in.

So what are the three reasons that I still think Apple’s position is right?

First, there is nothing new about having to balance out the conflicting demands of freedom and security. Or, to use Benjamin Franklin’s terms, liberty and safety.

Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.

We live in a world where it would be technologically feasible to ensure that virtually no crime could go undetected. We could fit CCTV cameras on every street, in every home, in every building. We could all have trackers embedded beneath our skin. We could force everyone to provide both fingerprints and DNA samples to hold in a global database. We could make it illegal to fit curtains or blinds to windows. And so on.

We don’t do any of these things because we value freedom and privacy, and we consider that the risks involved are a price worth paying for the ability to live our lives free from tyranny and surveillance.

The Snowden revelations woke the world to the extent to which we’d already headed down this slippery slope, and the general view of the population has been that indiscriminate mass surveillance is a step too far. We take the view that wiretaps and other forms of electronic surveillance will of course be necessary to facilitate investigations by police and security services, but that such surveillance should be both targeted and subject to judicial oversight.

Second, Apple is absolutely right to say that the moment you build in a backdoor for use by governments, it will only be a matter of time before hackers figure it out.

You cannot have an encryption system which is only a little bit insecure any more than you can be a little bit pregnant. Encryption systems are either secure or they’re not – and if they’re not then it’s a question of when, rather than if, others are able to exploit the vulnerability.

Couple a deliberately weakened form of encryption to laws requiring Internet service providers and telecoms companies to stockpile large volumes of user data and you’d create the biggest goldmine the world has ever seen for criminals to commit identity theft and other forms of fraud. Not just private enterprise criminals, either, but rogue nations too.

Think how cautious we have to be today. We’ve all received convincing-looking phishing emails in amongst the laughable ones. Most of us these days, when we receive a phone call claiming to be from a bank, take their name, hang up and then call them back on the main switchboard number. Just imagine how much more paranoid we’d have to be if a fraudster could ‘prove’ that they are the claimed bank or other company by providing some transaction data.

A world in which all of our data is ‘protected’ by encryption systems with loopholes would be a nightmare.

Third, it won’t work. It’s technological illiteracy to imagine that breaking encrypted messages is any kind of solution.

Do governments seriously imagine that if we pass laws banning fully-encrypted communications that terrorists would suddenly abandon them and use the new, deliberately weakened versions? Or if doing so drew too much attention to them that they wouldn’t find other ways to hide their communications?

Steganography, for example. It’s technically trivial to embed hidden messages inside what appears to be a perfectly ordinary family photo in such a way that it’s almost impossible to detect. There are literally scores of apps to do that, and that’s just a single method. There are almost endless numbers of ways to disguise messages.

As Tim Cook has said:

We shouldn’t give in to scare-mongering or to people who fundamentally don’t understand the details.

So weakening encryption would mean sacrificing core principles of civilized societies in the name of security. It would provide not just our own government but foreign governments and criminals with access to our data. And it would do absolutely nothing to prevent terrorists from communicating in secret.

There is not one single reason for Apple to give in to government pressure to abandon its stance on customer privacy, and three very good reasons for it not to.

Do you agree? Or do you think that governments are right to insist that security must take precedence over privacy? Take our poll, and share your thoughts in the comments.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. The terrorist will just use a program to do full disk encryption of the government forces Apple to open back doors.

    So then normal people will have their privacy violated while the terrorist still roam free.

  2. chrisl84 - 8 years ago

    Zac Hall must been that one “No” vote….he does love him some Big Government.

  3. Doug Aalseth - 8 years ago

    I’m not optimistic though. The panicked, ignorent masses will support any simple clear “fix” that someone in power puts forwasrd. Even if a particular bill id defeted, the bits and pieces will slip in through riders on other bills, through executive mandarte. This has happened over and over before and since 9/11 and I don’t see any groundswell to stop it.

    Where’s a good place to get a TOR client?

  4. Jonathan Brusco - 8 years ago

    We cannot let the government exploit these situations for attempted power grabs. I get it, having access to all of our data will make it easier to find terrorist, but it also violates a number of my freedoms in the process. I believe it is a slippery slope and if what I wind up with as a result is a society that is slightly safer, but infringes upon my freedoms, then I’ll choose an increased risk of danger and to keep my freedoms, I feel that its a worthy tradeoff.

  5. RP - 8 years ago

    THE TERRORISTS! THE TERRORISTS! RUN! RUN!

    Lets remember that the technology they used on 9/11 were box cutters. And the technology that could have prevented this were locks. on. the. cockpit. doors. box cutter and locks.

    But RUN! RUN! TERRRRORRRISTTTS!

    • Totally agree. And that strategy worked only for the first three planes. By the time they attempted to hijack the fourth, passengers stopped them from flying it into a building, sacrificing their own lives to save the lives of others.

      • RP - 8 years ago

        In a few years they will not want us to even encrypt our own thoughts because ..terrorist! They will just have to know every thing we say and think for our own safety.

  6. PhilBoogie - 8 years ago

    3 years ago Ars wrote that iCloud wasn’t encrypted. Or it was, but Apple had access. I wonder if that was true, and what has changed, if any.

    http://arstechnica.com/apple/2012/04/apple-holds-the-master-key-when-it-comes-to-icloud-security-privacy/

    • Ben Lovejoy - 8 years ago

      Yes, that has to be true for anything which can be viewed on iCloud.com. As far as I know, it’s only iMessages and FaceTime which provide full end-to-end encryption.

    • Rupert (@rupertbe) - 8 years ago

      Of course apple have access. They just don’t want to “waste” money helping police unlock phones.

    • taoprophet420 - 8 years ago

      Apple can and has in a few circumstances in ruined iMessages and FaceTime

  7. Rupert (@rupertbe) - 8 years ago

    The moment that ISIS strikes the US then they will be ordered to give out this info so why won’t apple do it before innocent lives are lost??

    • PhilBoogie - 8 years ago

      Because they can’t.

    • webzpinner - 8 years ago

      It’s not theirs to give. My phone records are private information. It contains private correspondence, health records, financial records, that are none of the government’s damn business. There are millions of ways the government can take care of Isis without spying on me.the ways are clear, it’s the will that is lacking. I will gladly sacrifice my own life or others to protect what America stands for. If I wanted government intruding on every aspect of my life, I’d move to Russia or China. I applaud Apple for taking a stand.

      • André Hedegaard - 8 years ago

        “coz’ ‘Murica” is getting really old and outdated.

    • dwsolberg - 8 years ago

      The fact is that terrorists will find a way to spread terror. As someone already pointed out, the most horrible attack on U.S. soil in recent memory was committed by people with box cutters and easily hacked phones.

      However, I’m more scared of what will happen if the government does have a backdoor into data. Backdoors can and generally are hacked, so that means that evil people are more likely to get access to private information. What if the next president or his/her staff uses a iPhone or Google phone with a back door, and then the encryption is broken by a terrorist group, which then uses the information to wreak havoc on our president or government? What if third parties then break into senators’ phones and blackmail them? There are a lot of bad scenarios here.

      The truth is that there are always unintended consequences to this sort of thing, and the best thing to do is generally to stand up for freedom, liberty, and human rights, which includes privacy.

  8. dshenk - 8 years ago

    I strongly disagree, Ben. And, respectfully, I think you (and plenty of others) are framing the question unfairly. The question is not whether we should value freedom over security or vice-versa. The question is, How do we maximize both, recognizing that you simply cannot have the kind of liberty we all enjoy without a spectacular amount of security. It’s easy enough to live in our very comfortable world today and take security and stability for granted. But when someone brings down our energy grid or our electronic banking system, and then food spoils and large cities suddenly run short of supplies, I think we’d be shocked to see how quickly order can break down. At that point, freedom is just anarchy — it’s not worth very much.

    The good news is that we can have both in a democracy. We can hold our government to very high standards of respect for individual freedom while giving it the authority it needs to maintain order and to root out serious threats. Did Snowden expose some government abuse? Yes. The answer to that abuse is to strengthen democratic oversight, not remove the government’s ability to root out threats.

    Apple is wrong on this issue. No corporation or individual should have the right to shield themselves from legitimate law enforcement. Yes, it’s a serious challenge to keep government abuse in check. But a nimble, robust, checked-and-balanced government is the best hope we have of maintaining a safe and free society.

    • webzpinner - 8 years ago

      But they AREN’T rooting out threats. They are amassing data on law abiding citizens. Huge difference. The checks at the airport let olive skinned bearded men walk thru, then they strip-search an 80 year old woman with a colostomy bag. I don’t trust government with power. I KNOW they will abuse it. It’s already been proven that TSA agents keep the nude scans of pretty gals. Besides, statistically, terrorists are far more likely to have Android, the OS of the world. There are billions of ways to encrypt data. We’ve lost too many rights as it is, I don’t want to lose more. I would gladly give my life to preserve freedom than to live under constant surveillance by a “compassionate” big government.

    • iSRS - 8 years ago

      What you fail to address, and thankfully, Tim Cook hasn’t and gets it, you can’t have “restricted” backdoors. IF Apple/Google, etc create on JUST for the government, it means it is there, and there is nothing anyone can do to prevent any non government agency, or government agency without proper warrants, from accessing it.

      THAT is the point Apple, and Ben, are trying to make.

    • Ben Lovejoy - 8 years ago

      Thanks for arguing the counter position, Dshenk. The problem is that, even if we were to ignore issue one, and say it’s worth it; and issue three, and suggest it could be effective; I don’t see any way to address issue two. If we give the government a way in, others will use it too.

      • auntietroal - 8 years ago

        Not true.

        The government is not asking Apple to not patch security flaws that criminals or government snoops can use. The government is asking Apple to give them a key that they can use to decrypt communications of suspects, under judicial supervision. That is what Apple is now preventing, and is against your stated stance on wiretaps being OK.

      • Ben Lovejoy - 8 years ago

        My point is that if the key exists, and is handed to governments, others will figure it out and they will have keys too.

      • sewollef - 8 years ago

        Agree. In my view, a back door is still a door. It can still be opened with the right tools. It will not just be the ‘good guys’ that have access to the right tools.

        Further, if the ‘bad guys’ know that their cell communications are being monitored in real time [again – not technologically possible at this time], then those terrorists will use another method. Duh.

        It’s a pointless exercise that will achieve very, very little of value…. it’s a power grab.

      • dshenk - 8 years ago

        Ben, I do appreciate you keeping your wits about you and staying calm in this storm of rhetoric. It amazes me how hostile the anti-government sentiment is among people who A) quietly enjoy so many fruits of our democratic society, and B) Are clearly intelligent enough to think this stuff through. Yes, friends, democratic government is depressingly inefficient, cumbersome, bureaucratic, and, with its power, prone to abuse. It’s also very necessary to provide a vast amount of infrastructure, amazingly capable of keeping us safe from enemies and thieves (individual and corporate) and health hazards, and actually quite responsive to people who vote. In a democracy, we are the government. This isn’t Russia or China; when we went too far with the Patriot Act, we pulled back. When we gave Wall Street too much power and they crashed the system, we worked to correct that. (More work still necessary on both fronts). Actually, the main reason the federal government is so sluggish at the moment has nothing to do with abuse of power — it’s that anti-government radicals are dangerously gumming up the works.

        But to your point, Ben, which is an important one. I admit to being pretty ignorant on the technical side of this. From what I understand, yes, you’re dead right that any trapdoor or special government key also opens up vulnerabilities that the bad guys can take advantage of. But that’s the history of law-enforcement in a democracy: it’s inherently messy. The better-funded government *constantly* struggles to stay ahead of the capabilities of the bad guys. Whether we’re fighting Al Capone, Enron, or Al Qaeda, both sides are armed with data, weapons, strategies, ideas, secrets. The government (representing the people) maintains its edge as long as it maintains its superiority. Capone had men and weapons; we had more. Same with the Nazis. Same with Bin Laden. Yes, the clever bad guys win some skirmishes, but we have better tools and we win in the end.

        The latest cheap, uncrackable encryption tools shift that balance in a profoundly dangerous way. It gives bad guys a powerful new cloak to hide behind. Yes, I also get a big kick out of total privacy on iMessage. Who doesn’t? But we’re going to see that that thrill comes with a very heavy price. Tim Cook may look like a libertarian hero right now. How’s he going to look if/when we lose a city to atomic terrorism? Asking Tim Cook to be an American first isn’t some jingoistic bullshit. For America to stay strong — for American liberty to exist — the American government has to stay strong. Government snooping is necessary, people. Alan Turing helped the Allies win WWII. Thank god he wasn’t on the other side.

        Am I arguing that the FBI armed with a useful trap door will prevent every big incursion or even stop all the big ones? Of course not. There are plenty of ways for the government to screw up. 9/11 was a full-on screwup. But we do need a really strong FBI with all the best tools to give us the best possible chance to stop the next one. Good, smart, robust, responsive government keeping us safe and ensuring our freedom. That’s what the founding fathers were all about.

    • Doug Aalseth - 8 years ago

      I reject your premise. It IS a question of liberty and not a question of security. Allowing government spying on the populace will just drive the bad guys to other modes of communicatiuon. It will do nothing to stop the bad guys. Remember that Osama Bin Ladin communicated with his organization by written messages smuggled out then transmitted from ranom locations. Then we will have given up much for no increase in security. As Bryan Chaffen put it over on The Mac Observer, we would be trading our privacy, our freedom for NOTHING. http://www.macobserver.com/tmo/article/dont-trade-your-privacy-for-nothing . Worse yet once there is a back door to let law enforcement in, it will be just hours before it’;s hacked and then you can say goodbye to any sort of secure transaction, purchasing, banking, even in store and inter bank transactions. As I said yesterday a mandated back door for the government is an identity thief/internet scammer’s wet dream.

      • sewollef - 8 years ago

        I’m old enough to remember the 30 years of war we Brits fought against the Provisional IRA. No cell phones in the 60’s, 70’s and most of the 80’s.

        Both MI5 and MI6 intelligence services had very limited success at penetrating and finding out what the IRA was up to. They even admitted as much. The way the authorities found out what the IRA was up to was when they got a coded phone call to a local police station that they’d planted a bomb.

        Technology has advanced tremendously in the last 20 years, but if your enemy chooses not to go on the grid, well basically, you’re f**ked.

    • Jason Corbine - 8 years ago

      Follow your idea to it’s logical conclusion and if the police want to wonder through your home and look through your belongings just to see if you are a terrorist then that should be ok in the name of ‘security’. After all if you’re not a terrorist or not doing something wrong then you have nothing to worry about right? Your views are exactly what Franklin meant in the quote given in the article.

      I can’t imagine what government in the world you are thinking of when you used the words “nimble, robust, checked and balanced”. The government of the US is neither nimble or robust in any action. Given the Snowdon revelations and other incidents with government abuse of surveillance and calling it “checked and balanced” is simply a joke. The Patriot Act destroyed any pretense about that.

      If a terrorist wishes to communicate in secret they’ve been doing this for years. Long before end to end encryption was even a concept terrorists could communicate secretly between each other using codes and hidden messages. This is no different. If you are a tech savvy terrorist, which most of them are, it would seem to me to be very easy to write and deploy your own communications app on android to communicate securely through a server somewhere out of reach of any western government. Apple Google or any other company’s stance on encryption wouldn’t matter at all.

      Forcing the millions that use iOS or android for legal legitimate uses to sacrifice their security in the name of “terrorists” is short sighted in the extreme.

      • auntietroal - 8 years ago

        “Follow your idea to it’s logical conclusion and if the police want to wonder through your home and look through your belongings just to see if you are a terrorist then that should be ok in the name of ‘security’.”

        Oh for… That is *not* the logical conclusion of giving the government a key they can use to un-encrypt communications between suspects. This is why we can’t have an informed conversation about this topic. For every complaint about dumb politicians who scapegoat PS4s as being terrorist tools, there are people like you who overstate what the government is seeking. The ability to tap the communication of targets with a judicial warrant, something that has long been allowed to law enforcement, is being prevented by Apple’s move. Stop with the hyperbole.

      • mikhailt - 8 years ago

        Hey @auntietroal,

        You do understand that it is not technically possible for the government to have the key and is in fact not being prevented by Apple? The key is in the customer’s hand, not Apple. Encryption is a math formula, everyone can use it, Apple did not invent encryption.

        The government can file a court order to get the device, force the person to give up the passcode and if not, they can go to jail until they give up the passcode to decrypt the content.

        In addition, if Apple change the entire system to give the government the key, it will in fact give everyone else as well access to your data. There is no technical way to have an encryption system where only the good guys can have access to it.

        You are asking for your banking data, your private photos and everything else to be open to everyone on the Internet, not just the government.

        There is NO WAY to give the government what they want, that’s what you and the government does not understand.

        The only people who will be harmed with this action will be the law-abiding citizens, not the terroists. The terrorist will simply use their own encryption tools, which they already are, which will not be broken by this law that the government is trying to push.

    • auntietroal - 8 years ago

      I agree with you completely, dshenk.. This is not an either/or situation, as much as forum posters like to make it into one. The choice is not between freedom and fascism. And it is going to continue to get easier and easier for individuals or small groups to do mass damage to our society. There needs to be compromise.

      The problem is exemplified by this quote from the article:
      “We take the view that wiretaps and other forms of electronic surveillance will of course be necessary to facilitate investigations by police and security services, but that such surveillance should be both targeted and subject to judicial oversight.”
      Right. Agreed. But the whole piece is arguing to remove any ability to do such surveillance. Or is the author just suggesting that law enforcement must stick to tapping only primitive, unencrypted communication that will be increasingly irrelevant.

      The ability for law enforcement to tap is not the same as mass surveillance. I wish authors like Ben would stop equating the two.

      • mikhailt - 8 years ago

        Ben has already clarified this point in the article. There IS NO way for encryption to be done in a way the government wants. Encryption is end to end, you CANNOT tap into an encrypted communication, that is the purpose of the encryption. The law has given the government one way, force the suspect to give up the passcode to decrypt the content. If the suspect refuses, he or she can go to jail as long as he does not give it up.

        Encryption by itsself is not illegal and in fact, is a form of speech. It cannot be outlawed, the court has already clarified this in the past.

        This is the second time we’re going through and the government has lost the fight in the first crypto war back in 1990s. In fact, they pushed one of the crypto protocols that attempted to do what they want and in the end, it put the customer’s data at risk. Hackers were able to break it apart easily and get the personal data.

      • Ben Lovejoy - 8 years ago

        I’m using mass surveillance as an example of something most people consider goes too far down the ‘security over liberty’ road. I’m not equating the two. I *am* saying that if we allow a backdoor for governments to selectively decrypt communications, even if we trust them not to abuse that power, sooner or later others will discover that backdoor and they will most assuredly not use it selectively.

    • André Hedegaard - 8 years ago

      Very well put and I agree with you! Glad I’m not the only one thinking like that.

    • mikhailt - 8 years ago

      Okay, please explain to the rest of us why haven’t the US strengthen the democratic oversight over the NSA program and FISA courts 2 full years after it was exposed and for the last decade that NSA program was running? You are correct that a perfect check and balance government will be better but you can’t tell me that such a perfect system exists, it hasn’t ever existed once in US history.

      By the way, you do know that France has already tried to give its government more power over its citizen after the last attack and it didn’t do anything to stop the attacks?

      You do know that France was warned about this specific attack twice and they failed to do anything about it? The same type of warnings that US got before the Boston bombing, the 9/11 and many other related attacks?

      > Apple is wrong on this issue. No corporation or individual should have the right to shield themselves from legitimate law enforcement.

      And who will clarify the definitation of “legitimate law enforcement”? By your logic, the government can in fact do everything they want by framing everything into a law enforcement action. They’ve done it several times in the past, the most infamous one was the Patriot Act and which was extended several times. The NSA program is another one, NSA was arleady prevented by laws to spy on Americans and yet they remain doing it and the government is framing their actions as part of national security with no public/citizen monitoring the program.

      Oh, by the way, the US constitution already made this clear for 200+ years. The individual have absolute privacy rights in their house unless there is a reasonable probable cause to monitor them. Guess what, the government has not shown any reasonable cause to monitor ALL the houses in the country, they cannot even show the courts one case where their NSA program has found a terrorist. In fact, DEA has used the information from the NSA program to capture a drug dealer’s content in order to arrest him. Even worse, they refuse to give the court the information from the NSA because they could not say it exists and in fact, they’ve dropped the case afterward. This is the very definition of an inbalance check you’re trying to point out.

      Secondly, Apple is not shelding themselves from the law enforcement, they’re NOT a factor in this situation. The government can go straight to the device and the owner and get the information from there. The government does not have the right to force companies to store comms and have unrestricted access to the citizens data, the laws make this very clear. It’s the very reason this is the second time they’re trying to push this through after failing once back in early 90s. The laws are not on their side but on the individuals rights.

      Sorry but there is nothing you can say that can justify what the US is asking for.

      > But a nimble, robust, checked-and-balanced government is the best hope we have of maintaining a safe and free society.

      LOL. I love it. You do realize we already have laws in place for this. If the person will not unlock the phone for the law enforcement in a legal subpoena, they can in fact be held in jail for being in contempt of the court. The government wants the ability to bypass the courts and have unrestricted subpoena rights to every citizen in the country and outside of it. If you want the balance and check system, you are in fact against this very action that the government is asking for.

  9. Jason Hovde (@hovtweet) - 8 years ago

    I agree wholeheartedly. Apple needs to stand up to the government pressure and protect our privacy. I do not trust our current government not to abuse any information it may get access to, and I don’t trust our future leaders, whoever they may be, either. If you really want my opinion, though, read the article. This is a rare situation for me, that I agree 100%. Thanks for putting it out there.

  10. Ars Audet (@ars_audet) - 8 years ago

    This is a very well thought out piece and, in my opinion, seems to grasp the bigger picture. In no way do I want to sit up a debate, but would applying this same logical argument to the gun control debate adjust any of our thoughts on that…? I am for some form of gun control, at least more than what we have right now, but this piece made some very interesting points that challenged some of my thoughts regarding gun control… curious about others thoughts.

    • Ben Lovejoy - 8 years ago

      I think that would be rather off-topic for us, even if we ignore the way that particular debate generally goes!

  11. davidt4n - 8 years ago

    I actually agree. If you have an ‘absolute’ encryption, it has its pros and cons. Nothing is perfect in this world so I hope Apple can make the more rightful decision they think. Never eliminate possibility to change their mind later.

  12. rogifan - 8 years ago

    The issues is totally framed wrong. What we need is intelligent profiling. You would think the brightest technology minds could develop tools that would accomplish this with a high degree of accuracy.

  13. shareef777 - 8 years ago

    Perfectly stated.

  14. quiviran - 8 years ago

    It was embarrassing to see the government agents get on TV and try to use the tragedy to drum up political support for invasion of personal privacy. And the chorus of “Snowden did this”. Sad.

    The fact is ISIS has some very sophisticated individuals with full capability to become Apple developers and do private releases of any software that they care to use, including private encryption schemes. This is a smokescreen to cover the real problems and failures in the intelligence community.

    • x0epyon0x - 8 years ago

      It’s absolutely idiotic to insinuate, as those officials did and continue to do, that Snowden has “blood on his hands” because he highlighted the need for every day people to encrypt their online traffic. By that logic, Alexander Graham Bell has blood on his hands because they used phones, and the Wright Brothers have blood on their hands because planes were used in the 9/11 attacks.

  15. iSRS - 8 years ago

    Love the Franklin quote. Used to work at a place (the Liberty building was the name o f the building) and walked over that quote etched into the concrete every day.

    To put it in another silo, it would kill the economy. It would destroy any progress we have made because it would violate other laws, rules, etc. for transmission of sensitive data.

    It is a bad idea.

    Perhaps I should start a GoFundMe for running for President in 2016. We need a “geek” in charge. ;)

  16. Paul Weiss (@paulweiss) - 8 years ago

    Is this a US government tactic to give terrorists a false sense of security to use iPhones? Come on, the US government has Quantum computers that can crack any encrypted device in seconds.

  17. imthemobileguru - 8 years ago

    I work in (non-intel) Defense with LEO’s in every pocket of my immediate family including 1 In the SS and one pending clearance…The NSA did a pretty good job before smartphones were invented…in fact, (and most would probably agree) that data surveillance has become automated to the point that the HUMINT effort is reactive.

    The intelligence community can active remote monitor Android, WinMo and whatever other mOS’s allow it. Anyone who isn’t a Citizen, on a foreign visa, or undocumenteds who are iPhone owners will just have to get the eyes-on proactive plan.

    Considering the the iPhone is ~15% of the Global market…it makes sense that Apple should complete a risk analysis and base their decision on those metrics….and not the hullabaloo of FedGov bigmouths looking to keep every other Friday off.

    Apple should hold the line on E2E encryption, until they decide to go public that they aren’t anymore…and in my opinion allowing the actions of shit-bags who kill innocent people to dictate the privacy and security of people who run copacetic with the law. If border security is so porous that legitimate threats present themselves, or if the government is going to legislate the illegality of certain tools and materials, then they need to ENFORCE the law as it is written, not besmirch private tech companies into doing their jobs for them.

    It’s the DoJ’s fault for outing the intelligence gathering capabilities and limitations of Government agencies to the public in the first place. OPSEC doesn’t mean anything to the Government. If they had deployed a disinformation campaign or at the very least…..kept their mouths shut, Android would still be the go-to choice for burner handsets.

    Besides, the price-point and the requirement for 2 handsets for a complete secure COMM solution, the ID requirement for data services coupled with the fact that Maps for iOS still lags Google Maps in non metropolitan areas…the Government can monitor knuckleheads who are stuck on un-private Google data services.

  18. tonywmd23 - 8 years ago

    I totally agree with you Ben. Government wants deeper and deeper surveillance levels and they’re obviously just using terrorism as an excuse to bullshit their people. We should never let that happen and kudos Tim Cook.

  19. Jason Hovde (@hovtweet) - 8 years ago

    I wanted to add that for US citizens, our constitution, specifically the 4th Amendment in the Bill of Rights, is supposed to protect our privacy.

    “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

    The problem with the government accumulating even “metadata” is that our constitution is being violated. The Bill of Rights primarily protects us from our government. I am no legal expert by any means, but I wonder how many times the fourth amendment is violated by companies we do business with. I want to be safe from government intrusion, but I also am often concerned about how many companies are buying and selling our privacy.

    I also agree with the comments about intelligence. If law enforcement and the government could get info in the past, why is it suddenly an absolute necessity that they have access to all this data? I have to live my life in accordance with the laws, and so should our government agencies.

  20. sewollef - 8 years ago

    First of all, the DoJ, Pentagon, AG or whoever else wants a backdoor to the encrypted software out there are missing one vital part.

    Using the Paris events as the scenario, even if the terrorists cell communications could be decrypted they’d be decrypted….. AFTER THE EVENT. There is obviously no surveillance system, or enough manpower available to monitor around 50-60 million cellphones – in real time.

    So assuming the NSA or whoever decrypted their communications after the event…. what difference does it make. With one exception, THEY’RE ALL DEAD. The blew themselves up.

    The technology does not [yet] exist that can monitor – in real time – millions upon millions of cell phone conversations. Let’s be realistic, defeating acts of terrorism such as this will never – never – be prevented by snooping on phone calls. Ever.

    The DoJ, Pentagon, AG, et al, are using these horrible events as cover to push their agenda. And it’s an agenda that’s NOT in the interests of ordinary people.

    • John Smith - 8 years ago

      After the event decryption is very important. These ones are dead but, for example, the guy who made the bombs allegedly is not. The information on cellphones, computers etc repeatedly not only locates but convicts the associates of bombers before they assist with the next incident.

      You say no one has the manpower to monitor millions of phones BEFORE the incident.

      True. That’s why I call BS every time someone claims NSA/GCHQ are reading, for example, my (unencrypted) SMS. No one is reading every message. They (try) to read the messages of suspected jidahists. No one is interested in my messages.

      Doesn’t work? Can’t prevent these incidents? Not true. We have yet another prosecution starting in court to today in UK –

      http://www.bbc.co.uk/news/uk-england-london-34850647

    • John Smith - 8 years ago

      If you would like to read an example of how messaging/phone calls are used (real world) to catch bombers, this is a typical case –

      http://news.bbc.co.uk/1/hi/northern_ireland/965274.stm

      This is from 2000 and is about SMS messaging. Update it to now, and substitute ‘whatsapp’ or ‘telegram’ encrypted messaging to understand what the security services are no longer able to access.

      • Ben Lovejoy - 8 years ago

        The bombing occurred in 1998. It would be naive to imagine that today’s terrorists are unaware of the ways that such communication can be tracked. If we put backdoors into iMessage, they will use something that doesn’t have a backdoor.

  21. John Smith - 8 years ago

    Sorry Ben, disagree on this one.

    This is not just about emotions following yet another incident – some of us were saying the same thing in quiet language for a long time now.

    Let’s remember that Apple used to allow the NSA free-for-all access to our comms. They only stopped when they were outed by Snowdon.

    Apple/Google/Whatsapp etc were scared we would abandon them to use non-US providers. The deliberate and highly public obstruction of security services was/is a cynical response to prove we can trust them.

    It’s not about protecting our privacy. It’s about protecting their profits.

    • Ben Lovejoy - 8 years ago

      No need to apologise for disagreeing … I absolutely accept that there are two sides to this debate, and both arguments have merit. You are absolutely correct that there will be times when the ability to decrypt messages will be helpful to the security services. My argument is that the few times when this will be helpful are outweighed by the massive risks created by opening backdoors that can be found and used by others. You may consider that a risk worth running. As for what NSA access Apple permitted before the PRISM disclosures, we simply don’t know – nor do we know who in Apple was aware of it. I do believe that Cook is acting on principle as well as in the pursuit of profit.

      • John Smith - 8 years ago

        I gave the Omagh bombing example because it is one of the few where the security services gave all the comint information openly. Often it is not revealed, even in court, to prevent the opposition learning sources and methods. What can be picked up today – including from SMS – is very similar. Note that the first case I linked is literally today.

        I’m not aware of iMessage being implicated in jihadist cases.

        The big issue with Apple is access to phones/tablets/laptops after they are seized. If the Paris police have an iPhone from a jihadist or one of his support network then I believe they should be able to access the contacts list that populates an encrypted app. like ‘telegram’ (With an order from the examining magistrate) For ‘telegram’ it is the iPhones own contacts list.

        I don’t think Apple should be deliberately obstructing things like that in order to make a buck.

        I don’t accept the ‘backdoor is impossible’ argument. Apple feels happy to hold my credit card details without inaccessible end-to-end encryption, and claims it is safe. I have no doubt they could implement an adequately secure system – particularly if it required law enforcement/security services to hand over the device and a court order to Apple for Apple themselves to do it.

      • Ben Lovejoy - 8 years ago

        Yes, I can see that if you don’t accept the backdoor vulnerability argument, then you can easily reach the conclusion you do.

      • Td mac (@tdsmac) - 8 years ago

        @ John Smith

        Apple isn’t obstructing anything. The data on an iphone is encrypted. If the police find it they have no way of getting in without the code. Same could be said for a computer, where one encypts the hard drive using Apple software or something like truecrypt or even 1passwords Knox for secure file storage. The purpose of encrypting the device is because we as consumers are storing sensitive information like banking info, password info, and health information. Stuff that we wouldn’t want accessed if lets say stolen. If there was a key (i.e. backdoor) that Apple had to unlock any device, then that can be easily replicated. I don;t want to repeat as valid points made previously. You credit card data is a bad example. It also is encrypted on their servers. Your purchases are done via your apple ID which is an end to end encypted transmission between your device and Apple’s servers.

        Lets use a simpler example and look at a single program that uses encryption and why this is a bad idea. The 1password app is built on standard encryption. Like an iPhone, its data is unable to be accessed unless you have the passcode. How hard/long to crack depends on the length of that password. Now I would want this to be super secure if I am using this to store my passwords. But… If you now add some key to unlock the standard encryption, then my data is already less secure and at some point a hacker will crack the key, gain access to the key, etc. Did we all forget about China already and the hacking on Govt employees and all of the espionage and the corp secrets they have stolen over the years? It is precisely for these reasons as well as identity theft, etc why encryption is necessary.

    • Td mac (@tdsmac) - 8 years ago

      Uh, No. iMessage was in existence and encrypted way before Snowden leaked any info. Leaks were around May of 2013. Dea was complaining earlier in 2013 about not being able to crack the encrypted messages earlier that year. But imessage has been encrypted longer then that. I think back to either late 2011 or 2012.

    • John Smith - 8 years ago

      TD _mac …

      Yes I understand how it works, Apple are being asked to change it.

      Apple ARE obstructing law enforcement/security services. Apple are responsible for that encryption scheme and even if they claim they didn’t realise the consequences when they first did it, they have now been told repeatedly. They have been asked to change it to allow access (only with warrant I say) and they are refusing to do so.

      • Td mac (@tdsmac) - 8 years ago

        They are not obstructing anything. What they are doing is not against the law. Does this affect the ease at which law enforcement can do their job? Yes. But… in all honesty, if there was a way into the system, I’d go out on a limb and say that nothing would be gained, in terms of terrorists, which is the extreme example for justification. These people all know that the NSA and CIA has been spying and trying to intercept calls, plans, etc. So they are all careful in how they interact. Messages are coded in pictures and use couriers and other methods to communicate. They are not having imessage chats, emails, etc where they openly discuss plans.

        There is no consequence. It is perfectly legal to have encrypted things. While the govt keeps trying to throw up the same smokescreens of why this is an issue. They lost this battle years ago when the courts determined that encryption is a form of free speech. Again, you can’t have it both ways where there is a backdoor/extra key to gain access to normally encrypted/secure information and ensure that that backdoor/key can;t be used maliciously by someone else. When it comes to iCloud, Apple itself holds the Key. So in that regard they “could” access data that is stored on their servers. So a backup of your phone, if done via iCloud could be searched. They “key” difference (pun intended) is that it accesses Apple servers which Apple is in possession of and can control and ensure that this key and server access remains secure and is constantly monitored to prevent exploits. Its by no means invincible though.

        But, an iPhone is not held in Apple hands, its in yours. So, if Apple had a Key or another way in, that same path could be exploited in the wild. Apple has no control of what happens. So the only way to outright protect privacy is to pull all the control into the users hands. The key to the device is passcode and is used in the encryption process of the device. This ensures that your data stays safe. Can’t have it both ways. Sorry.

  22. pkdecville - 8 years ago

    The NSA ,with its 10M+ computers, can crack encryption any time it needs to.

  23. pecospeet - 8 years ago

    Some very thoughtful comments on both sides of the issue here.

    For me, there is nothing that I put out on the Internet that is so secret that I would object to the possibility of someone having a back door access to it – IF that meant the security services could do a much better job of protecting society. For those who are concerned about the potential for either the government or the “bad guys” breaking into encrypted data, what types of information are you sending over the Internet? Note that this question is about Facetime, iMessage and (I think) email. This is not about the data resident on your phone, tablet or laptop/desktop.

    I do understand that there are many valid reasons why people would object to a back door key into data stored and encrypted on a personal device.

    On the technological side, I am puzzled about this end-to end encryption. If it is so well encrypted that Apple do not have the key, how does the recipient decode it? Presumably there must be someway to transmit the required key to the recipient. Why would Apple not be able to intercept that?

    In the meantime, I am undecided on the question and am listening to both sides present their case.

    • Ben Lovejoy - 8 years ago

      You have a public key and a private key. Your public key is available to anyone, and tells their device how to encrypt it in a way that only your device can decrypt.

    • Ben Lovejoy - 8 years ago

      Note that the security services and law enforcement also object to Apple’s encryption of iPhones, so it’s data on your device as well as data sent in messages that they want access to.

  24. Tom@L (@_ArcTic_FiRe) - 8 years ago

    Apple still holds master key to icloud data. So while data on your phone cannot be decrypted, law officials really dont need to get access to your phone. They can easily get your pictures, call logs, messages etc all from icloud which Apple can decrypt with court order.

    • Ben Lovejoy - 8 years ago

      Indeed, but we can choose whether or not to switch on iCloud backup.

    • minieggseater - 8 years ago

      Isnt this just akin to secure communications with your bank and the bank keeping your data secure but the police can still obtain copies of those records with a court order. No one needs any back doir keys etc

      Nor am I convinced the government is asking for them

      There is a bit more information in a url than a phone number and name but not much if you have intelligence on said name as to their occupation etc

      • Td mac (@tdsmac) - 8 years ago

        Yes but only on the iCould side.

        imessage is a direct encrypted connection from party to party. So Apple does not hold the proverbial keys and the data does not stay on Apples servers.

        The data on your phone is encrypted, assuming iOS8 and above, to where your passcode is the key used to decrypt the contents. Apple does not have your passcode and/or unique device identifiers used to create your key. Thus, only you have the ability to unlock it.

  25. Don Horne (@DonHorne) - 8 years ago

    It’s a known fact that terror groups had known about government spying for years and already had long standing solutions in place. Glenn Greenwald wrote a scathing piece recently pointing out the hypocrisy and exploitation of the recent attacks from pro government voices. https://theintercept.com/2015/11/15/exploiting-emotions-about-paris-to-blame-snowden-distract-from-actual-culprits-who-empowered-isis/

  26. vkd108 - 8 years ago

    Yes they will pretend to carry the flag for “the people” but the decision has already been made. They will change the laws so they can spy on everyone (“surveillance”). Live have already been lost and will continue to be lost as that is what type of “people” they are and how much they care about anyone, really.

  27. Bruce Elliott - 8 years ago

    this is why I choose apple products ,the goverment allready know to much and I do not have anything to hide.

  28. Fleck (@Bfleck69) - 8 years ago

    Apple needs to send the Feds a password reset email for that phone and let them go at it.

  29. Gheorghe Lazu - 8 years ago

    You are all incredibly naive if you think Apple doesn’t have some kind of tool or software that breaks into any kind of security on an iPhone, Mac or any other Apple device. Even if encrypted. The whole legacy that Jobs left behind, is that Apple has full and absolute control over their hardware, Apple decides what the user wants. They (Apple) could unlock that terrorist’s iPhone anytime they want, but they don’t, because they are greedy and want their hardware to be bought by any type of person, criminal or not.

  30. apple insisting on supporting terrorism by not unlocking the mobile phone of very specific terrorist cases is an absolute outrage. My next I will not buy any apple gear until they comply with the FBI request in proven terrorist cases.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear