Quote:
Originally Posted by sathish81 The technology gap in FBI vs Apple issue translates into backdoor for law enforcement to encrypted contents. This is a very bad idea. |
What FBI is asking Apple is to create a custom, device specific update and send it only to the terrorist's phone. The update will,
1) Allow unlimited passcode guesses
2) Remove all delays during passcode guesses
3) Enable an automated mechanism for entering passcode.
With these updates in place, FBI can brute force passcode guesses. They might even build a custom device which will connect to any iphone, which has this update and unlock the phone.
Apple, over the years have built robust security into their phones and it cannot be cracked. FBI know this and they are very clear in what they are asking and hence the request for update, which is practically possible for Apple.
What FBI is asking is more of weakening of frontdoor security, than a backdoor.
Also, FBI picked up this case mostly for political reasons. They are already plenty of similar requests to Apple for unlocking iPhones. FBI picked this case and made it high profile since this was a case of a terrorist involving a well known shootout. They want this update from Apple and later use it as precedence for unlocking any smart-phone.
Concerns for Apple:
1) Privacy concerned customers may move from Apple and use any of custom Android ROMs which promise fool-proof security.
2) Once FBI is able to get this custom update, every police station all over the world will have requests for similar custom updates to unlock iPhones seized by them.
This may include countries where free speech is not tolerated and might deal with even death.
(Someone in Saudi claimed on twitter that he is an atheist. He was sentenced to 10 years in prison and 2000 lashes (
Link). What if authorities, after unlocking the phone, find a private conversation between friends, which is objectionable to the state?).
3) These privacy concerns will wean customers away from iPhones, which will result in loss of revenue for Apple.
Some points to ponder:
1) US laws allow authorities to seize anything a person owns (with a court order). But they cannot force a person to reveal what is in their mind. For instance, they can seize a security vault but can't force the person to reveal the combination lock code. Similarly, they can use the finger of an arrested person to unlock the phone but can't force the person to tell the passcode. In this context, should law authorities go to the manufacturer and get a special key for unlocking? Apple can, but is every phone manufacturer capable of building a secure update targeting only for one device?
2) Law authorities already have huge metadata of all phone calls, SMS sent & received with exact date and time and an approximate location of the device. Is this enough? Or they require to know the content too?
3) Fallacy of backdoor - while a backdoor (a secret, always available access) enables authorities access information from the device, so can crackers, hackers, repressive Govts, spammers and other anti-social elements. Should any computing device have a backdoor?
4) Cryptography is well known mathematics and is all public information. Anybody who understands this math can create a secure communication, which would be unbreakable. So if a terrorist organization wants secure channel of communication, it is available right now (eg, PGP email). In this situation, more than the terrorists, will not the weakened frontdoor or backdoor be used against innocent citizens?