Many of us in the UK watch US politics with a twisted fascination. People want a president that will build a wall to keep out Mexicans? Incredible! But sometimes US politics has far-reaching consequences and we pay attention because the aftermath can directly involve us. The Apple vs FBI encryption case is a major news story in the US concerning not just the privacy and security of US citizens but also their human and civil rights. It seems a lot of people in the UK think it doesn’t really concern us. Sure, the case itself is an American issue, but it could potentially have international consequences. We should care but before addressing why, let’s take a look at the basic facts.
What’s actually happening?
Last December, 14 people were killed during the San Bernardino shooting in California. The FBI obtained an iPhone 5C belonging to one of the attackers, Syed Farook. The FBI wants to access the data on the phone for use in the case. Apple worked with the FBI after the shooting to provide any help or data available to them within the constraints of the law. Where things escalated was when the FBI ordered Apple to give them access to the shooter’s private data on the iPhone. The reason they can’t easily access the data is because it’s encrypted. There might be a way to hack it, but the FBI is hoping Apple will give them access by writing a backdoor into iOS that will allow them to connect the phone to computers that will brute-force guess the passcode. Part of the iOS rewrite would mean that the phone wouldn’t lock up after several failed passcode entries.
Apple issued a letter to customers explaining the situation and announcing that they would not be honouring the FBI’s request. The letter explains that Apple has no sympathy for terrorists and that their refusal is because of the bigger picture. Providing a backdoor to encrypted iPhones would go against everything Apple stands for in terms of customer privacy and security. They’re worried about the backdoor becoming available to the wrong people. The FBI’s request would allow them to potentially view encrypted data on any iPhone, not just Syed Farook’s. Apple feels the US government is misusing the vague, 227-year-old All Writs Act in a dangerous way that undermines the freedom and liberty of US citizens.
Apple will now have to fight their case in the courts and they have major support from other tech companies including Google, Facebook, AOL, Twitter, LinkedIn, Evernote, Yahoo and Dropbox. Many of these services also use encryption and their developers are worried about how far the US government can stretch the All Writs Act. For example, if Apple do end up being forced to rewrite iOS for the FBI, there’s nothing stopping the government from requesting backdoors to encrypted services like Whatsapp and listening to conversations.
There are loads of reasons people in the UK might find that the case doesn’t matter to them. Perhaps you have nothing to hide, so who cares if the government can see your encrypted information? It will help the police catch criminals and terrorists, won’t it? Besides, all of this is happening in the US anyway. Or maybe you use Android or Windows phones so it’s even less relevant for you. Fair arguments but let’s address them.
Defeating the point of encryption
The idea of allowing access to encrypted information completely undermines the entire point of encryption. The issue is most obvious for iPhone users who are directly affected by the case against Apple. The goal of the FBI is to have iOS modified in such a way that they can gain backdoor access. A big problem with this is that if the FBI can use the backdoor, you can be sure that hackers will figure out how to do it too. A phone with encrypted data but a backdoor is absurd in terms of privacy and security. The FBI can claim that they won’t tell anyone how the backdoor works but hackers will find exploits. Not to mention, the FBI itself isn’t immune to hacking attempts and leaks.
Apple has asked FBI an interesting question. If all they want is to get into this individual phone, why hasn’t the FBI approached the NSA to hack into it? The government’s best hackers work for the NSA so surely if anyone could break into it then they could. Apple contests that asking them to rewrite their operating system rather than use the NSA hackers reveals ulterior motives. If you want into one phone, at least try hacking it first. If you want backdoor access to all iPhones, you’ll want a rewritten operating system. According to Edward Snowden, the US government already has the capability of hacking iPhones and has described the FBI’s claims as “bullshit”. The argument is that if they just want in, they could do it themselves. They only need Apple if they want more far-reaching powers that affect users of more than this one device.
We all use the same version of iOS, so any rewrite of the operating system that allows backdoor access will be compatible with our phones in the UK. The point isn’t that the FBI will have access to UK iPhones, but that if the backdoor exists then we’re all potential targets if the technique falls into the wrong hands. Apple hasn’t yet created a version of iOS with a backdoor that threatens the privacy and security of users, but the US government wants it to.
Android, Windows, and software developers
One of the key differences between iPhones and Androids is that Apple create the iPhone software and hardware. Android phones can be made by multiple manufacturers, some of whom agree to adding encryption chips and some who don’t. Security updates don’t roll out to all Android users at once, so the Android market is fractured in terms of security. Some people have said the phone would already be hacked if it was an Android, but that’s beside the point because the NSA can likely hack individual iPhones anyway. Edward Snowden claims iPhones can be easily hacked by the government so there’s more to the FBI’s request than obtaining a terrorist’s data and it should concern all software developers.
If the US government can use the All Writs Act to get Apple to provide backdoors to encrypted iPhones, it sets a precedent that could be of concern to any encrypted service. Whatsapp encrypts its messages and its CEO, Jan Koum, said “We must not allow this dangerous precedent to be set. Today our freedom and our liberty is at stake.” It’s not about phone hacking, it’s about having unparalleled legal access to private data. Google CEO Sundar Pichai shared similar thoughts on Twitter.
1/5 Important post by @tim_cook. Forcing companies to enable hacking could compromise users’ privacy
— Sundar Pichai (@sundarpichai) February 17, 2016
Many of the companies supporting Apple are direct competitors including Microsoft and Google. Why should they care if iPhones have backdoors? It’s because there would be literally nothing stopping the government from continuing to use the Act to gain access to their customers’ data too. Any company that uses encryption could be targeted from Google and Microsoft to Whatsapp and Dropbox, which is why they’re paying attention. If you create software that uses encryption, you too could be asked to build backdoors turning your project into covert surveillance software.
Should we care in the UK?
Right now this is an American issue. However, if the FBI succeeds then there will be an international precedent that might attract other governments. If the US can legally get Apple to let them into people’s encrypted data, all it takes is other countries to modify their laws or introduce new ones and have the same access. It’s not paranoia to imagine governments using backdoor access for surveillance of citizens; it’s already happening.
It’s worrying that some of the same people who claim the FBI’s actions are fine because they have nothing to hide are often among the same people disgusted by digital surveillance in North Korea and China. The Chinese government once had the official Skype download modified by Microsoft in order to let them listen in on calls. The world reacted with worry and disgust. “Never in the UK! It’s like 1984!” The vast majority of Chinese citizens presumably have nothing to hide either.
We’re not saying our government is similar to those found somewhere like North Korea. But our government is just as interested in manipulating tech companies for mass surveillance.
Here in the UK, Theresa May has been pushing through the Snoopers’ Charter, officially named the Investigatory Powers Bill. If it goes through, the UK government will have unprecedented access to the digital data of UK citizens. Worryingly, the bill just passed its second reading in Parliament with 281 votes for and 15 against. The bill would allow mass surveillance to be written into UK law. It’s important to point out that this surveillance won’t be new. Edward Snowden’s whistle-blowing has revealed that the UK government is already using mass digital surveillance on citizens. The Snoopers’ Charter is an attempt to legitimise the practice.
Under the new bill, UK internet service providers (ISPs) would be legally obliged to keep data on what we do for a year and they would be forced to hand these records to the police without search warrants. The police would legally be allowed to hack devices and add backdoors to services in the UK and ISPs would be obliged to go along with these backdoor interception methods if asked. Here’s where it gets a little more relevant: ISPs would be obliged to make it possible for the police to access encrypted information (that means add backdoors) and it would be illegal to make public that they had received such a request.
The UK government is already into all this. It’s not a future concern, it’s not paranoia about becoming the next North Korea, it’s something that we’re dealing with right now. The government is doing all it can to legitimise mass surveillance practices and it’s reasonable to assume they would be interested in the access that the US government may obtain from Apple. The Snoopers’ Charter is likely going to go through so it’s time to start paying attention to these stories if you weren’t already. The fight for Apple against the FBI isn’t just about the risk of backdoors being used by the wrong people; it’s that none of us have any guarantee what the government will actually use our data for. You might not be a terrorist; you might have nothing to hide; but that doesn’t mean it’s a good idea to let outsiders know your interests, who you interact with, where you go, where you might be going, and who you might vote for.
Main image © Flickr/Marc Cluet