Encryption is an important part of our digital lives. It shields our data so that we can perform routine tasks like checking our bank account and paying bills online, using digital wallets like Apple Pay and Android Pay, and various other tasks that we probably weren’t achievable 20 years ago.
Apple knows that encryption is a key selling point for their devices and have done a great job of marketing enhancements with device security…which, it’s good for a company to take customer security to heart with cyber attacks and personally identifiable information being exposed on the Internet.
That being said this is an election year, so a usual fight between tech companies and governments over encryption has garnered the attention of those vying to become the 46th President of the United States. Unfortunately, the term “encryption” automatically becomes taboo when used in a sentence with ISIS or al-Qaeda for a lot of presidential candidates and something that must be defeated for #LIBERTY. Or something. WindowsITPro has an article that outlines the answers from candidates concerning this matter. I’m sure some IT pros are rolling their eyes at some of the answers.
Think of encryption as money. It’s a neutral medium. Money can be used to pay bills or buy illicit drugs. Encryption can be used to ensure that car payments are made securely or can be used by hackers to encrypt a victim’s hard drive and demand ransom. The good and the bad is that encryption with good passphrases and keys take a very, *VERY* long time to break with modern computers (theoretically, quantum computing can defeat the best encryption in a mind-blowingly short amount of time, but practical quantum computers are probably decades away).
Anyway, back to Apple. I came across an article from Ars Technica that talks about how, in spite of Tim Cook’s letter to customers saying how they are standing up to the big, bad government, that the FBI isn’t wanting a backdoor into iOS:
The iPhone requires that its firmware have a digital signature that authentically demonstrates that the firmware was developed by Apple and has not been subsequently modified. The FBI does not have (and is not asking for) access to Apple’s signing key. It is instead asking for Apple to use its signing key to sign the custom firmware so that the iPhone will accept it and run it. It is this signature requirement that means the FBI cannot create the software itself. [emphasis added by me]
It’s this same requirement that also means that iPhone users would be safe even if the special firmware leaked. Changing the embedded unique identifier within the special firmware would break the signature and thus cause targeted iPhones to reject the firmware. This is why complying with the court demand would not jeopardize the security of any other phones. The cryptographic safeguards don’t allow it.
So, it comes down to that the FBI really needs Apple to sign off on firmware specifically written for the iPhone of the San Bernadino attacker. The cynical side of me wonders if a.) Apple jumped on the opportunity to use the FBI to promote the security of the iPhone and its iOS operating system for selling more product and b.) presidential candidates used this opportunity to jump on the anti-encryption bandwagon and show that they’re strong on national defense.
It seriously makes me wonder what different tune would be played by the Republican field if this were a hypothetical involving a gun manufacturer and the federal government.