In a hearing set for March 22, a federal court will hear Apple’s initial arguments against the FBI’s demand that the company write software to sneak around a password and allow the government access to encrypted data inside an iPhone owned by the San Bernardino agency where deceased terrorist Syed Rizwan Farook was employed. Farook and his wife, Tashfeen Malik, killed 14 people and injured 22 in a shooting rampage on Dec. 2.
A House Judiciary Committee of 39 representatives, including two Republicans and four Democrats from California, meets on March 1 for a hearing on encryption, and invited Apple to attend.
Business leaders including Google CEO Sundar Pichai, Twitter CEO Jack Dorsey and editorial writers of the Wall Street Journal, Washington Post and The New York Times all sided with Apple CEO Tim Cook in his Feb. 16 stand for privacy and against the FBI’s efforts on encrypted iPhone data. Apple lawyers on Feb. 25 filed documents arguing that the government doesn’t have authority to force the company to help the FBI, and the demand places undue burden on Apple.
The battle pits encryption, which protects everyone’s privacy, against needs of law enforcement.
“Law enforcement is upset because terrorist 1 encrypts a message, sends it to terrorist 2,” said Sonoma State University encryption scholar George Ledin, Ph.D. “The FBI intercepts but cannot decrypt. The FBI protests against strong encryption because they cannot decrypt it themselves. Whenever they claim that they need back doors, it’s very misguided. It will make the job of the enemy easier. Hackers will find it. You have vulnerability that will be exploited. Why would they do that?”
Before tackling encrypted data inside Farook’s phone, the FBI has to get inside. The FBI worked with San Bernardino County to reset the password to Farook’s iCloud account where his phone data automatically backed up; the reset may have impeded subsequent backups. The FBI obtained from Apple backup data from the iCloud up to October 2015. Phone access, as the FBI demands of Apple, might have been unnecessary if auto-backups had continued.
“If we are going to protect privacy and make sure we are not penetrated, not just ordinary users but everybody up to the president of the United States,” Ledin said, then potent encryption must be employed with no backdoor decryption available to the FBI or hackers.
Encryption technology can keep a smartphone-guided life private, Ledin said, and shield bank and investment accounts from hackers who might steal every dime. But encryption is not yet smooth, easy or automatic.
“It requires dedication and resources. People will simply say, forget it until it is easy-to-use and automatic,” Ledin said. “Who cares if I send you an email: ‘On your way home, pick up a dozen eggs.’ You need to encrypt that?”
Some industries demand encryption. With “commercial paper, banks, warrants, there is a complicated infrastructure where liability is legally understood,” he said. “A dozen eggs is not important, but transferring $1,000 into an account is. Those systems use strong encryption.”
The potential market for encryption technology is enormous, Ledin said, especially in financial transactions; that industry is barely developed. “There will be lots of bumps,” he said. “The curious thing about smartphones,” is that their technology, driven by billions of users worldwide, has leaped forward, including encryption.
Primes, elliptic curves