Sunday, March 06, 2016

A lot of nonsense has been written about the battle between Apple and the FBI over an iPhone that belonged to one of the San Bernardino terrorists.  First, some background: 

Apple iPhones have a feature that encrypts the user's personal data using a key that's stored in a special hardware chip on the phone.  The chip must receive a numerical PIN set by the user before it releases the key, and after a few incorrect PIN guesses, it will erase the key.  The purpose of this feature is to protect the user's data from someone stealing the phone and decrypting the data by trying all possible numerical PINs.  If the PIN is four digits long, for instance, there are only 10,000 possible PINs, and without the erasure feature, a patient attacker could simply try them all, eventually retrieve the encryption key, and decrypt the data.  But because of this feature, a would-be attacker--or even the FBI--can't simply try all possible PINs, since after a few incorrect guesses, the chip will erase the encryption key.  (The encryption key itself has so many digits that guessing it by "brute force" is simply infeasible in any reasonable amount of time, even using high-powered computers to run through the guesses.)

However, the iPhone--like just about every well-designed software-based device on the planet--also has another important feature: to address the problem that all software has bugs (including bugs that result in security holes), all iPhone software can be updated.  If Apple sends a software update to an iPhone, the phone will check a "digital signature" on the update to make sure that it really is from Apple, and if so, will use it to update its own software.  Another way of saying this is that if Apple wants to alter the behavior of an iPhone in any way, it can do so, by sending it an update that changes its software accordingly.

You can probably see where this is going:  the FBI wants Apple to send an update to the San Bernardino terrorist's phone that disables the key erasure feature, so that the FBI can try every PIN and fairly quickly decrypt the phone's contents.  Apple doesn't want to do this, and is claiming that the FBI's demand is a threat to its users' security and privacy.

----------------------------------

Just about everybody under the sun, from technical security experts to pundits to other high-tech companies to politicians, has weighed in on the issue.  Unsurprisingly, politicians have mostly sided with the FBI in this specific case, refusing to go to the mat for the privacy rights of an Islamist radical who murdered 14 people and sought to murder many more.  Pundits have been more varied in their responses, generally coming down on Apple's side or the FBI's depending on the general strength of their libertarian passion for privacy or enthusiasm for terrorism-fighting.  But it's the responses of the security experts and the high-tech companies that are the most interesting, mostly because of their disingenousness.

Security experts such as Matt Blaze, Nicholas Weaver and Bruce Schneier, for example, argue that permitting the FBI to demand that Apple produce this update weakens everyone's security, because what the FBI can do, a sophisticated hacker might also be able to do.  But of course, the FBI isn't asking to do anything--it's asking Apple to do something that it is already quite capable of doing:  create and deliver an update that disables a security feature.  That is the nature of updates:  because Apple doesn't know in advance what security holes might exist, it retains the ability to change anything anywhere in the system, if necessary--and can therefore disable security instead of repairing it, if it so chooses.  The risk that somebody--whether Apple or someone else who has compromised Apple's update system--might use the update system to disable security features in one or more iPhones has thus already long existed--the only question is whether the FBI should be allowed to take advantage of it, and if so, under what circumstances.

Why, then, do these intelligent, knowledgeable security experts make such a specious argument?  It's possible that they are simply reflexively spouting the techno-libertarianism popular in their community.  More likely, though, it's because they see on which side their bread is buttered:  the more privacy and security are governed strictly by technical feasibility, the more it is their technical expertise that matters, whereas if government, law and politics are allowed to rule, then they and their expertise have clearly subordinate roles.

And make no mistake--once it is accepted that the disposition of the FBI's request has no security impact, it is law, government and politics, not technology, that must and should rule the day.  Blaze, Weaver and Schneier are clever folks, but they have no special insight into what particular set of legal or political safeguards best balance national security against personal privacy in cases such as these.  Their influence as commentators therefore depends on their ability to persuade people that the Apple-FBI dispute is a purely technological argument over how to optimize users' data security, rather than an inherently political and legal argument over tradeoffs between personal privacy and crime-fighting.

----------------------------------

What, then, of Apple itself, and its industry peers, all of whom have come out strongly on Apple's side against the FBI?  Are they not merely looking out for the interests of their customers, by defending them against the prying eyes of the US government?  Well, one might expect so--except that when other governments are intruding on their users' privacy, such stoutness in defense of customer interests is nowhere to be found.  For example, the Chinese government makes all sorts of far more privacy-destroying demands of American tech companies doing business there, and companies such as Apple routinely accede to those demands

Indeed, that's the real motive behind tech companies' opposition to the FBI in this case:  if they are known to be required to allow the FBI access to customers' devices--whatever the due process safeguards--then governments such as China's will be very reluctant to allow their citizens to be subject to such foreign snooping.  (After all, the procedural protections enjoyed by US residents against federal government snooping don't apply to foreigners.)  They thus have a clear financial incentive to prevent the FBI from gaining the access it seeks, so as to preserve their lucrative business in countries that don't trust the US government.

Now, I'm not arguing that it's inherently disingenuous to support Apple in its dispute with the FBI.  Nor am I arguing in support of unlimited, arbitrary FBI access to Apple users' iPhones.  Rather, I claim that balancing the privacy rights of users--particularly against potential abuse by government officials--and the business interests of major exporters, on the one hand, against the national goal of effectively fighting against crime and terrorism, on the other, is a fundamentally political problem. And however much they may wish otherwise, neither security experts nor interested corporations merit a particularly privileged say in that discussion.

No comments: