Breaking iPhone encryption won't make anyone safer

Any security vulnerability will be exploited, enabling more of the bad activity backdoors intend to prevent.

Apple, FBI, iPhone, iOS, security, privacy, encryption
Warchi / Getty Images

Imagine all your tax documentation could be examined by officials from any government merely on suspicion. That’s the future some governments are pushing for when they demand that Apple put security backdoors into its products.

Making no one safe

Think about the nature of security backdoors:

  • They represent deliberate security flaws in operating systems and devices at a core level, designed to break encryption on these devices.
  • Those flaws may require some form of "key" to access.
  • Once you have a vulnerability, it’s only a matter of time before people figure out where it is – hackers are smart.
  • Once you build the lock, it’s only a matter of time until someone manages to pick it – does anyone else remember the Enigma Code?

“But the keys will be kept with secure government agencies,” some say.

So what?

It only takes one disaffected government employee, one deeply inserted spy in government or a tech company, or one sophisticated criminal attack to successfully extract that key.

Locks are easily picked

After that, it’s only a matter of time before such keys end up in the hands of security agencies from every government, including those who cannot be trusted. As these keys are deliberately designed, the operating system vendor will not be in position to patch them.

Those keys won’t just reach other governments; they will also reach the hands of various criminal entities who will see a huge opportunity for theft, profit and blackmail that comes with gaining access to every smartphone owner’s digital life.

Things leak.

Think back just a year ago when police-grade iPhone hacking tools suddenly appeared for sale on eBay, for example. Or ponder the fate of the GrayKey box. That’s even before you consider how such access threatens connected systems of every kind, from enterprise relationship management software to letting unknowns gain access to the log in codes for your local power station.

Follow the money

In fact, it seems to me that criminals and hostile governments have the most to gain from any move to make mobile devices less secure. I imagine they are already thinking about the money they will make and chaos they can create as mobile security is deliberately broken.

That’s even before discussing how this undermines privacy.

These are just some of the many reasons Apple’s statement in response to the born-again move to force it to break security in its devices should be supported. It isn’t as if Apple is not prepared to help law enforcement – it says it has provided a huge amount of information, including iCloud backups and more. It is also true that other entities (including carriers) are providing evidence.

Not just for the good guys

In a statement on the current furor, Apple said:

“We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data.”

Apple has made similar arguments before.

In a letter to its customers following the San Bernardino case, it said:

“For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.”

One ring to ruin them all

There’s another problem. After all, if one government demands such security backdoors, then every government will do the same. This may have a chilling effect on religious minorities, for example.

There is no tech company that can realistically deny some governments and not others. If Apple weakens encryption for one nation, it will be forced to do so in others.  And mobile device security will weaken one encryption backdoor at a time.

The effect?

We will all be poorer and less secure. Those security keys will inevitably end up in the hands of criminals and hostile actors. Bank accounts will be robbed, data stolen and digital terrorism (including attacks on critical infrastructure) enabled on an international scale.

The end result will not be more security, but far less. Or, as you might put it in 130 characters or less:

“Security backdoors and broken encryption will enable more criminal and terrorist activity than they prevent.” 

Consider the consequences rather than being seduced by the soundbite.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Copyright © 2020 IDG Communications, Inc.

  
Shop Tech Products at Amazon