Breaking iPhone encryption won't make anyone safer

Credit to Author: Jonny Evans| Date: Wed, 15 Jan 2020 05:06:00 -0800

Imagine all your tax documentation could be examined by officials from any government merely on suspicion. That’s the future some governments are pushing for when they demand Apple puts security backdoors into its products.

Think about the nature of security backdoors:

“But the keys will be kept with secure government agencies,” some say.

So what?

It only takes one disaffected government employee, one deeply inserted spy in government or a tech company, or one sophisticated criminal attack to successfully extract that key.

After that, it’s only a matter of time before such keys end up in the hands of security agencies from every government, including those who cannot be trusted.

As these keys are deliberately designed the operating system vendor will not be in position to patch them.

Those keys won’t just reach other governments, they will also reach the hands of various criminal entities who will see the huge opportunity for theft, profit and blackmail inherent in gaining access to every smartphone owner’s digital life.

Things leak.

Think back just a year ago when police-grade iPhone hacking tools suddenly appeared for sale on eBay, for example. Or ponder the fate of the GrayKey box.

That’s even before you consider how such access threatens connected systems of every kind, from enterprise relationship management software to enabling unknowns to access the log in codes for your local power station.

In fact, it seems to me that criminals and hostile governments have the most to gain from any move to make mobile devices less secure.

I imagine they are already thinking about the money they will make and chaos they can create as mobile security is deliberately broken.

That’s even before discussing how this undermines privacy.

These are just some of the many reasons Apple’s statement in response to the born again move to force it to break security in its devices should be supported.

It isn’t as if Apple is not prepared to help law enforcement – it says it has provided a huge amount of information, including iCloud backups and more. It is also true that other entities (including carriers) are also providing evidence.

In a statement on the current furore, Apple said:

“We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data.”

Apple has made similar arguments before.

In a letter to its customers following the San Bernardino case, it said:

“For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.”

There’s another problem.

After all, if one government demands such security backdoors, then every government will do the same. This may have a chilling effect on religious minorities, for example.

There is no tech company that can realistically deny some governments and not others. If Apple weakens encryption for one nation, it will be forced to do so in others. 

And mobile device security will weaken one encryption backdoor at a time.

The effect?

We will all be poorer and less secure.

Those security keys will inevitably end up in the hands of criminals and hostile actors.

Bank accounts will be robbed, data stolen, and digital terrorism (including attacks on critical infrastructure) enabled on an international scale.

The end result will not be more security, but far less.

Or, as you might put it in 130 characters or less:

“Security backdoors and broken encryption will enable more criminal and terrorist activity than they prevent.” 

Consider the consequences, rather than being seduced by the soundbite.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

http://www.computerworld.com/category/security/index.rss

Leave a Reply