The following is a lightly edited conversation I had with a tech-savvy friend who is not in IT. It was about the FBI trying to break the encryption on an iPhone so they could access potential information on criminal activity, but in light of the UK government seeking to add backdoors to all messaging platforms, for much the same reason, I thought it was a good time to revisit the arguments.
My friend’s comments are quoted, and the unquoted text is mine.
Imagine a technology existed that let you send things via post and to you and everyone else it looked like an envelope, but to the NSA it looked like a postcard, and they could read everything.
How does the NSA prove it’s them? How can we trust them? What if the FBI or your local police force can pretend to be the NSA? Couldn’t criminals, or your stalker ex do it too?
Maths doesn’t deal with legal balance. Either you let everyone in, or you let no one in. That’s the political choice. Is getting access to this phone more important than keeping other governments, such as China or North Korea out of phones they are interested in?
I don’t know if it’s an all or nothing situation though… are we saying that the courts shouldn’t be able to force entry into criminals data? Or are we saying that all data should be accessible to all outside existing privacy laws?
Think of the Enigma code. Once it was broken, Bletchley Park knew most of what the military was doing. If the Nazis knew it was broken, they’d have stopped using it, and all the work would have been for nought.
Enigma is a great example of why the code needed to be broken in the first place. That’s a chicken and egg scenario. But also a really interesting point! What if an iPhone is enigma, and say GCHQ cracked it. Would the evidence be allowed in court?
Is it not the case of Apple granting access to specifc phones; not being given the technique to do so?
What I’m worried about is the fact that big companies could hold justice and common law to randsom: that to me is equally as worrying as big brother, if not even more so. We can “elect” governments, and they can pass legislation to create international privacy agreements (as what Snowden’s revelations led to) We can’t elect Apple and I detest how Apple seem to be influencing justice; that is a very very bad sign of things to come.
Don’t even get me started over how data protection doesn’t exist between companies any more. Logon via Facebook anyone?
Is it not the case that Apple can access all this data anyway? So does Apple not have an ethical responsibility to disclose evidence for an individual case that has a court request attached to it? Guess not. Is that an appropriate level of power a company should have? To dictate what can and can’t be shared with courts?
Corporations already have too much power in the world. By not establishing a legal framework of when it is appropriate for a court order to be issued and have access (e.g to break and enter) we are basically letting sometimes serious criminals have a get out of jail free card. And that includes tax dodgers like Apple.
Apple can’t access the data at the moment, that’s the point. It only exists on the phone, encrypted with a key that’s password protected with a password only known to a dead guy.
Interesting. So none of his data was stored on Apples / 3rd party servers and it was all encrypted on the phone? What about all his comms traffic.
If I encrypt my (ah hem) Google Android phone, does that mean that my emails can’t be viewed by Google?A lot of this comes down to trust. I don’t trust our govt nor the govt of others, but equally I don’t trust Google or Apple.
He switched off iCloud sync so it was all on his phone. However, as it was government issue, they could have changed that via policy if the FBI hadn’t tried to change the iCloud password, and hence locked the phone out of the government domain.
So they got locked out. That’s hilarious.
What I tend to do these days is try to remove my mind from the broader political implications and think about things at a ground level then I thought…. what if a phone contained information related to the death of my loved one.. then I realised there should be a controlled process in place to retrieve data legally and transparently.
I think the broader implications are important. If they can do it here, where else would it apply?
We have to think of real world scenarios : a murder in Glasgow, a child missing, that type of thing
Look at councils using anti-terror legislation to catch petty criminals, or DSS using it to follow people on benefits.
Imagine an encrypted padlock to a cabinet containing murder weapons.
Who watches the watchmen?
That’s conspiracy speak Craig. If we don’t trust the courts… then who can we trust?
It’s recorded activity. It’s not conspiracy if it actually happened.
courts are separate from government. They have been in Scotland since 1748.
I trust the courts. The problem is that many of these powers bypass the courts.
DSS is rarely a court matter.
Yes, but they are doing so illegally and that’s why new laws are coming in
And a backdoor for one is a backdoor for all. If the FBI have a post-it note with the pin for that murder weapon safe, it only takes one photo for everyone to have access.
The FBI is not the UK. We cannot control what Israel does but what we can do is create controls for the UK. so… if my loved one is killed, and there are photos on the phone.. then of course the police should have access! It’s a no brainer
True, so why would we want a situation that increases the risk of Israel, or North Korea, having the means to access something that sensitive?
What’s sensitive exactly? They don’t care about normal users!
Even if it means Journalists at News Of The World can also gain access to those photos?
That’s illegal! As is breaking and entering.
It didn’t stop them last time.
Yes.. and look what’s happened.
They renamed it to the Sun on Sunday, and carried on as normal?
Come on…. I’m saying that only the courts can have access.
Being illegal doesn’t stop things from happening. That’s why we lock our doors and fit burglar alarms.
and besides… they cracked the iPhone anyway!
That’s not how maths works.
Life isn’t maths. Life is ethics. Ethics are not maths
Yeah, there’s an Israeli company that will break into iPhones for anyone who pays.
What Israel does is up to them.
No, but encryption is maths.
But retrieving data is an ethical issue. It’s not black and white. It’s about appropriate use of powers
Like knowing when to put someone away for life, or releasing them in 10 years
It would not be acceptable for police to hack my phone without just cause, but it would be acceptable if they suspect me of plotting a terrorist act.
I agree, but when access to the data cannot be done without compromising everyone’s security, we have to ask where to draw the line?
We draw the line through the law.
CCTV inhibits crime in those areas, but we accept that it’s creepy to allow it in bathrooms.
Exactly. …There are laws regarding the use of CCTV
And many offices do not have CCTV inside because the risk of losing sensitive data is higher than the risk of crime.
You can only film in your property. That’s the law. But.. of course there is a difference between private companies and local government. And that’s where PFI come in….
Plenty of public CCTV as well
Not here there isn’t
Depends where you are, agreed.
There’s a camera on the bus.. I think, and at the primary school, maybe one in the shop…. but I don’t think big brother is watching when they can’t find muggings taking place at the Broomielaw!
That’s about effectiveness though.
Google is the one to watch
And Facebook
Yeah… but Facebook has countless terrorist pages funnily enough. So they can’t even monitor effectively. Let alone GCHQ.
Depends who has the most effective Algorithms. We don’t know what GCHQ is capable of. Just ask Snowden.
You know fine well it’s not about monitoring – it’s about textual analysis – patterns – heuristics. GCHQ is trustworthy. I have no problem with them whatsoever.
That’s cos you’re not Harriet Herman, or a union activist.
I really don’t, maybe I am naive, but I’m not scared. If I want to disconnect all I have to do is switch off the router and remove my sim
oh and stop using my bank card
and then become a missing person…
Not GCHQ, but …the police faced hard questions about covert monitoring of Jeremy Corbyn and other MPs
Well that’s not surprising. This has nothing to do with encrypted phones.
Does that come as a surprise? They may as well just have attended a meeting.
No. But it shows trusting the courts is naive when it comes to backdoors
Attending a meeting is enough to put you on a watchlist.
This is not the same as getting access to evidence for a crime that has taken place. If you want secrecy, you can meet in the woods. It’s very simple…
Sorry, but I do trust our system of justice.. I don’t necessarily trust the government and I certainly believe that there should be water tight controls that allow for breaking and entering into criminals data. And that includes data from corrupt politicians. It works both ways.
Digital forensics is a thing… with impossible encryption the whole thing falls down
Now… I like encryption… especially for B2B, but Apple are not gods! And private companies should never be above the law. If we let private companies rise above the law, we will be in a much worse situation than we are now… it’s already bad enough with tax avoidance.
It’s not about being above the law. It’s about a clear standard, and if police don’t have evidence to hand, they have to collect it. Sometimes cameras are broken. Sometimes weapons are lost, and sometimes you can’t get access to encrypted data.
They can only legally collect evidence if they have sufficient knowledge of a criminal activity.
And they have ways to set up intercepts in those cases, without physical access to the phone
Further Reading
Bill Gates say Apple should unlock the iPhone for the FBI
Feds ordered Google’s help unlocking nine Android phones since 2012
Troy Hunt: Everything you need to know about the Apple versus FBI case
Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On
Continuing the Conversation About Encryption and Apple: A New Video From Mozilla
Encryption keeps us safe. It must not be compromised with ‘backdoors’ | Robby Mook
Open rights group: who’s checking on your chats in private online spaces?
Craig Nicol 