Tuesday 19 April 2016

Apple vs FBI: End of the battle, not the war [Link - CRN]

An article I wrote around the FBI trying to break into an Apple iPhone was published on CRN: http://www.channelweb.co.uk/crn-uk/opinion/2454969/apple-vs-fbi-end-of-the-battle-not-the-war

===================

The biggest story coming out of Silicon Valley over last few months has been Apple's battle with the FBI over a federal order to unlock the iPhone of the San Bernardino shooter. The recent news that the FBI has found a way to break into the phone without Apple's help brings no resolution to the issue of how far governments can go to examine private communications data such as messages and photos.

Apple's refusal to help the FBI has set in motion a wider debate about privacy and security in the digital age. Supporters of the government say that Apple has a duty to support crime fighting agencies and that Apple has cooperated in the past to unlock phones.

The issue, however, is about more than unlocking a phone. It's about ordering Apple to create a new software tool to eliminate the software it specifically created in 2014 to protect customer data. This has huge implications for the future of privacy.

Tech companies say they turn over the customer data they have when legally required to do so. But digital companies are determined to protect customers' privacy against unwarranted intrusion and many are increasingly using encryption and other safeguards that put customer data out of their reach.

Unanswered questions

Heightened terrorist threats have led to governments around the world looking at how they can renew their assault on digital encryption, and revive efforts to force companies to install backdoors in secure products.

However, digital companies are showing a steely resolve. This is a core issue that's incredibly important for customers who value privacy and the tech industry are determined to protect it.

In the latest move, many privacy advocates will have welcomed the news that Whatsapp has announced encryption by default on its messaging platform. The Facebook-owned company, which is used by over a billion people worldwide, added end-to-end encryption to its chat and call functionality, which means that messages can only be read by the intended recipients.

It is difficult to overstate the importance of this move for the security and privacy of ordinary users. In one swoop, there are now hundreds of millions of users communicating with each other using end-to-end encryption for the very first time.

Finding the right balance

For governments and law enforcement, the issue centers around this: what do you do when a company creates an encryption system that makes it impossible for court-authorised search warrants to be executed? And what is the reasonable level of assistance you should ask from that company?

Governments need to be careful that they are not being seen as attempting to collect as much data on every citizen as possible. At the height of the FBI dispute, Apple's Tim Cook talked about the possibility of a shocking future in which the company is forced to write and install a program on a suspect's phone that would help police turn on the iPhone's video camera.

It's a dangerous situation and one that not only potentially undermines consumers' trust, but also the entire tech industry and the democratic freedom we are entitled to.

What's next?

After finding its own way to access files on the San Bernardino iPhone, the US Justice Department said it no longer needs a court order to force Apple to remove safeguards against guessing that iPhone's passcode. It has become clear that this only serves to prolong the issue because we've lost the opportunity to have the courts resolve the issue of online privacy once and for all.

No-one has really won from this dispute. For Apple, the fact that the FBI actually hacked the iPhone doesn't sound good for its security credentials. For the FBI, it has lost credibility because no-one really bought the idea that it was only about one phone, and there's a feeling that it's been less than straightforward about its motivations for taking Apple to court.

The battle over encryption goes back decades and is sure to go on. There are concerns that authorities may now go after a smaller company, without the high profile and financial resources of Apple, to win a legal precedent that would bind the whole industry.

Whatever comes next, the tech industry must stand together to safeguard privacy and security in the digital age.