Welcome to the blog of Andrew Tang, Security Practice Lead for MTI Technology. A Cyber Security professional in the UK, who currently holds EU GDPR Practitioner, CISSP, MCSE: Security and MCTS certifications.
When Apple recently refused to comply with a federal court order issued by the FBI to help it break into an iPhone 5c, belonging to one of the shooters in the San Bernardino incident, a US House Judiciary Committee hearing was held.
Apple’s argument is that if it is forced to write such software, it would open the floodgates to constantly writing spy tools for law enforcement. Cook gave the example of being forced to write and install a program on a suspect’s phone that would help police turn on the iPhone’s video camera. It would also seriously undermine Apple’s business, which has been partly built on the security of its proprietary software.
Inevitably, the iPhone would be weakened, leading to an operating system that could be carved open by those with the means and the will. It would open the sluice gate for other parties to break into iPhones and we’re not just talking hackers and online crime outfits, but also foreign intelligence agencies.
In a measure of just how serious the issue is, over 40 organisations are backing Apple’s case, including many tech companies. In short, Silicon Valley is on Apple’s side. There are also many tech companies who are not throwing their weight into the case but are quietly in support of Apple.
Microsoft, Facebook, Google, Dropbox and Snapchat are expected to sign on to briefs in the case, in support of Apple. Although not directly involved in the case, concerned parties can add additional weight, context, and information to an argument via a legal vehicle known as an amicus brief. Even the United Nations High Commissioner for Human Rights, Zeid Ra’ad Al Hussein has weighed in on the side of Apple.
Generally, there is a widespread feeling that if the FBI won it would be disastrous for the tech industry and the overall freedom of citizens. In the wake of the Edward Snowden revelations, there is an informed and widespread understanding that this case isn’t about a single iPhone; it’s about the future and the protection of safety and privacy.
Of course, the Apple FBI case also foreshadows what could happen in the UK, should the draft Investigatory Powers Bill be approved in its current form. This bill also wants to compel technology companies to produce products that are capable of having their encryption bypassed.
In the UK, like in the US, it’s not only civil rights groups who are concerned, it’s the tech community too. As it stands, if the bill is passed, it would mean that the UK has one of the most draconian surveillance laws of any democracy, via mass surveillance powers to monitor every citizen’s browsing history.
The government seems intent on rushing the bill through with home secretary Theresa May wanting the bill on the statute books by December 2016. Three parliamentary committees have already made many criticisms about the draft bill suggesting a large number of recommendations are required to safeguard privacy. The government responded by adding ‘privacy’ into the title of the first chapter and apparently leaving the text virtually unchanged.
Impossible data searches
There are also questions as to whether the bill in its current state is actually possible to implement. Part of the bill legally requires ISPs to archive connections a device makes to the Internet and hold that data for a minimum of a year. Nobody for certain can say how much data that is but one thing is for certain, it is an enormous amount. Just think of one single video on YouTube that gets 10 million hits in the UK. That’s just one Internet link.
How much untargeted data would be collected and how do you decide what is useful and not useful?
It seems that as dust of outrage settles post-Snowden, governments and law enforcement on both sides of the Atlantic are ramping up their ambition to collect as much data on every citizen as possible, without thinking through the implications.
It’s a dangerous situation and one that, not only potentially undermines consumer’s trust, but also the entire tech industry and the democratic freedom we are entitled to. Security agencies can still do their job without resorting to mass surveillance just as the FBI could access the data in the San Bernardino iPhone should it wish to do so.
Freedom of speech is a fundamental right in Western democracies, as well as privacy, but the desire to weaken encryption actually weakens the foundations on which our societies are built.