As the Apple vs. FBI Debate Rages, Congress Plots to Mandate Encryption Backdoors
As the Apple vs. FBI Debate Rages, Congress Plots to Mandate Encryption Backdoors
Michael Krieger | Posted Friday Feb 19, 2016 at 1:56 pm
The more I read about the very public fight between Apple and the FBI, the more I become convinced the case merely represents the Lexington and Concord moment in a massive new crypto war. The surveillance state panopticon is extremely concerned that strong end to end encryption is increasingly being used in everyday consumer devices and applications, and has been scheming for a long time to figure out the best way to manipulate the public into accepting backdoor vulnerabilities.
To prove this point, I want to turn your attention to a few excerpts from an important Bloomberg article titled, Secret Memo Details U.S.’s Broader Strategy to Crack Phones:
Silicon Valley celebrated last fall when the White House revealed it would not seek legislation forcing technology makers to install “backdoors” in their software — secret listening posts where investigators could pierce the veil of secrecy on users’ encrypted data, from text messages to video chats. But while the companies may have thought that was the final word, in fact the government was working on a Plan B.
In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.
The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement.
While not surprising, this is important information. While the Obama administration pretended publicly to be uninterested in encryption backdoors, it was scheming behind the scenes to figure out a way to achieve just that. This is how your government rolls.
On Tuesday, the public got its first glimpse of what those efforts may look like when a federal judge ordered Apple to create a special tool for the FBI to bypass security protections on an iPhone 5c belonging to one of the shooters in the Dec. 2 terrorist attack in San Bernardino, California that killed 14 people. Apple Chief Executive Officer Tim Cook has vowed to fight the order, calling it a “chilling” demand that Apple “hack our own users and undermine decades of security advancements that protect our customers.” The order was not a direct outcome of the memo but is in line with the broader government strategy.
Exactly. The San Bernardino fight didn’t come out of nowhere. The government thought it could use a terrorism case to set a precedent to get whatever it wants going forward. Fortunately, Tim Cook said enough is enough and very publicly took his case to the people.
White House spokesman Josh Earnest said Wednesday that the Federal Bureau of Investigation and Department of Justice have the Obama administration’s “full” support in the matter. The government is “not asking Apple to redesign its product or to create a new backdoor to their products,” but rather are seeking entry “to this one device,” he said.
Security specialists say the case carries enormous consequences, for privacy and the competitiveness of U.S. businesses, and that the National Security Council directive, which has not been previously reported, shows that technology companies underestimated the resolve of the U.S. government to access encrypted data.
Please let there be no doubt when it comes to government’s resolve to spy on the citizenry.
Security experts say the U.S.’s insistence on finding ways to tap into encrypted data comes in direct conflict with consumers’ growing demands for privacy.
“The government’s going to have to get over it,” said Ken Silva, former technical director of the National Security Agency and currently a vice president at Ionic Security Inc., an Atlanta-based data security company. “We had this fight 20 years ago. While I respect the job they have to do and I know how hard the job is, the privacy of that information is very important to people.”
In addition to the demands against Apple, the FBI will almost certainly seek more money and expanded legal authorization to track suspects and access encrypted data, without the involvement of companies that make the technologies, several experts say. Intelligence services already have sophisticated tools for cracking encryption, and the White House’s efforts will likely lead to broader use of those techniques across the government, even in ordinary criminal investigations that don’t involve foreign intelligence or national security.
So the Obama administration thought they could easily set a precedent in the San Bernardino case and that Apple wouldn’t dare refuse since it’s a high profile terrorism case. Fortunately, they were wrong.
As should be obvious by now, this latest battle didn’t come out of nowhere. As the New York Times notes in its article, Apple’s Line in the Sand Was Over a Year in the Making:
WASHINGTON — Time and again after the introduction of the iPhone nearly a decade ago, the Justice Department asked Apple for help opening a locked phone. And nearly without fail, the company agreed.
Then last fall, the company changed its mind. In a routine drug case in a Brooklyn federal court, prosecutors sought a court order demanding that Apple unlock a methamphetamine dealer’s iPhone 5S running old, easy-to-unlock software. The company acknowledged that it could open the phone, as it had before. But this time, it pushed back.
“We’re being forced to become an agent of law enforcement,” the company’s lawyer, Marc Zwillinger, protested in court.
That stance foreshadowed this week’s showdown between the Obama administration and Apple over the locked iPhone belonging to one of the suspects in the San Bernardino, Calif., shooting rampage. By the time of Mr. Zwillinger’s statement, Apple and the government had been at odds for more than a year, since the debut of Apple’s new encrypted operating system, iOS 8, in late 2014.
With last October’s court filing, the confrontation became all but inevitable. The company left no doubt that it would fight any effort to crack its new, encrypted phones. The only real question was what crime the government would use to press its case.
Mr. Zwillinger said the drug case would be Apple’s line in the sand. “Customer data is under siege from a variety of different directions,” he said. “Never has the privacy and security of customer data been as important as it is now.”
It was a delicate period for the Obama administration, which was focused on finding a way to break into the new encrypted iPhones. The F.B.I., in particular, was lobbying hard to win support for that idea in the face of skepticism from Silicon Valley, Congress and the public.
National security and criminal prosecutors argued that, with the introduction of the encrypted iOS 8, Apple (along with Google, which had started its own encrypted Android phone software) had made thumbing its nose at the government a business strategy. The only hope, these prosecutors argued, was a court fight or an act of Congress requiring companies to provide the government unencrypted data.
Why Apple decided to first take a stand in that Brooklyn case is unclear. Perhaps the company could foresee a major confrontation down the road due to its increased security measures, it’s tough to know for sure. What does seem clear is the U.S. government panicked at the snub and realized it needed a bulletproof case with which to confront Apple. Given the penchant of the American public to cower in a sweaty ball of panic at the mere mention of the word terrorism, it found the perfect opportunity in San Bernardino. Hence the drama of the last couple of days.
Importantly, less than 24 hours after Tim Cook released his message to customers, members of Congress was already plotting to introduce legislation to essentially criminalize encryption. As reported by the Daily Dot:
In the coming weeks, Senate Intelligence Committee Chairman Richard Burr (R-N.C.) is expected to introduce new legislation that may require “backdoors” in encryption technology, according to three people with knowledge of the bill. If included in the bill, legally mandated backdoors would give the government special access to protected user data from companies like Apple, Google, and Facebook.
The new legislation, which already has bipartisan support from Sen. Dianne Feinstein (D-Calif.), has been declared a priority by the Senate’s Republican leadership. Senate Majority Leader Mitch McConnell (R-Ky.) asked President Obama last month to “tell us what legal authorities he needs to defeat encrypted online communications, and what is needed to reestablish our capture, interrogation, and surveillance capabilities.”
Leave it up to Congress to come together in bipartisan fashion to screw over the American people. Fortunately, it appears Mr. Burr has been forced to backtrack on the idea. As Ars Technica notes:
That didn’t take long. The chairman of the Senate Intelligence Committee, Richard Burr (R-N.C.), is backing off on trial-balloon legislation he floated Thursday that would criminalize Apple’s or any other firm’s refusal to assist the government’s encryption efforts.
The change of heart comes on the heels of a whirlwind week surrounding the encryption debate—a week in which a federal judge ordered Apple to aid the authorities in unlocking an iPhone used by one of the San Bernardino shooters. Soon after came Apple chief Tim Cook’s angry response to the order alongside much public debate, and Burr’s proposal followed on Thursday.
A Burr spokeswoman said on Friday, however, that the lawmaker is “studying” whether to “tighten rules about encryption.”
While Congress appears to be backpedaling at the moment, we know their game plan. The whole FBI vs. Apple battle isn’t about getting into this one phone, it’s about setting a precedent going forward. The U.S. security state will stop at nothing to weaken digital security in order to spy on the citizenry. While the state repeatedly claims its intent is to stop terrorists and other heinous criminals, this is complete bullshit. How can I be so sure? Because as I explained in the post, Government is Lying – New Study Shows No Increase in Use of Encryption by Jihadists Since Snowden Revelations:
Making corporations provide a backdoor would not only decrease security for everyone, but it wouldn’t prevent terrorists from using strong encryption anyway. As the Daily Dot article noted, the jihadists are using their own proprietary cryptologic software. In addition, forcing Apple to create a backdoor doesn’t stop anyone from using strong encryption effectively if they are careful and know what they are doing technically.
Bottom line: banning encryption or enforcing tech companies to backdoor communications services has zero chance of being effective at stopping terrorists finding ways to communicate securely. They can and will route around such attempts to infiltrate their comms, as others have detailed at length.
Here’s a recap: terrorists can use encryption tools that are freely distributed from countries where your anti-encryption laws have no jurisdiction. Terrorists can (and do) build their own securely encrypted communication tools. Terrorists can switch to newer (or older) technologies to circumvent enforcement laws or enforced perforations. They can use plain old obfuscation to code their communications within noisy digital platforms like the Playstation 4 network, folding their chatter into general background digital noise (of which there is no shortage). And terrorists can meet in person, using a network of trusted couriers to facilitate these meetings, as Al Qaeda — the terrorist group that perpetrated the highly sophisticated 9/11 attacks at a time when smartphones were far less common, nor was there a ready supply of easy-to-use end-to-end encrypted messaging apps — is known to have done.
If you understand this, you understand that the feds aren’t focused on catching criminals or terrorists. They want access to what the general public is up to. Mind you, any terrorist worth his salt is already using their own crypto tools, and will certainly do so once backdoors are legislated into consumer devices.
The only people who will be affected are the real targets of government surveillance, average Americans.