FBI vs. Apple: “It’s impossible to design a ‘backdoor’ that doesn’t compromise security”


IT Security Thing managing analyst Davey Winder has been telling anyone who will listen that the FBI is being disingenuous when it comes to demanding a backdoor from Apple. Now a former head of counter terrorism in the US has gone on record to agree.

Writing an Op-Ed piece for IT Pro back when the whole San Bernardino iPhone affair kicked off, Davey Winder asked what if it was “less to do with if it is possible to comply with the FBI request, and more to do with forcing the removal of security functionality without having to bother with that democratic process nonsense?”

The suggestion being that the FBI, and by implication the US government, were using the All Writs Act (from 1789) along with a relatively lowly magistrate judge, to bypass political and democratic processes. “Why bother with debates and votes to try and change the law when you can just haul something out of the dusty statute books,” Winder wrote, concluding “now that is where the real backdoor in this whole thing comes in…”

Richard Clarke, national security advisor and head of counter-terrorism to both US Presidents Clinton and Bush, has since gone on the record to agree with Winder and numerous other IT security experts, in suggesting that if the FBI wanted to get at the iPhone data they would have sent it to the NSA.

[perfcetpullquote align=”left” cite=”” link=”” color=”” class=”” size=””]The “NSA would have solved this problem for them.”[/perfectpullquote]

“If I were in the job now, I would have simply told the FBI to call Fort Meade, the headquarters of the National Security Agency,” Clarke said. The “NSA would have solved this problem for them. They’re not as interested in solving the problem as they are in getting a legal precedent.”

IT Security Thing recently attended the RSA conference in San Francisco, where every single security researcher we spoke to agreed that the NSA would be able to ‘vampire’ the data off the Apple chip.

At RSAC 2016, Winder sat in on a debate entitled ‘Can government encryption backdoors and privacy coexist?’ during which the former general counsel for the NSA, Richard Marshall, admitted that “10 or 12 countries have the technological know-how to be able to take advantage of encryption vulnerabilities as we do.”

This gels with what Seth Schoen, senior staff technologist with the Electronic Frontier Foundation (EFF) has been saying this week, namely: “it’s unfortunate that our government officials didn’t learn the lessons of the first crypto war — that it is technically impossible to design a ‘backdoor’ that doesn’t compromise security — and are now pushing for new forms of backdoors to enable access to encrypted data.”

The situation is more about legal precedents and less about technical backdoors…

However, here at IT Security Thing we cannot help but think that this whole situation has been rather cleverly engineered to be more about legal precedents and less about technical backdoors than it first appears.

This is, frankly, hugely worrying. Either the legal moves towards that backdooring of device encryption will succeed (and both privacy and security are weakened as a result) or it fails and is then used to leverage even more draconian hammering of the right to bear encryption technology.

It’s already looking too late in the UK, unless the House of Lords throw down the gauntlet and oppose the newly voted through Investigatory Powers Bill. The Snoopers’ Charter, as it has quite rightly become known, not only brings more storage and monitoring of Internet data with it, but it also gives police additional powers to hack into your stuff.

This is despite 200 senior lawyers signing a letter to the Home Secretary claiming that the bill would compromise a ‘fundamental right to privacy’ and could well prove to be illegal.

Whether it is too late across the pond remains to be seen. But a crunch hearing on Tuesday 22nd March will likely serve to make that much clearer. IT Security Thing will, of course, keep you informed of the outcome…