The FBI “cannot be trusted” with the kind of power it is asking for from Apple.
And it could “destroy the entire security industry” if it succeeds in getting the company to decrypt an iPhone used by one of the shooters involved in the San Bernardino terrorist attack.
That is according to David Kennedy, a former Marine Corps intelligence analyst and professional hacker.
In an interview with Business Insider, Kennedy conceded that enhanced encryption on private devices has made it more difficult for the FBI to get the kind of information it needs for certain cases.
But, he said, the FBI “doesn’t understand the long-term implications of its request, and its sheer inability to handle the type of power that would come with it.”
Kevin Bankston, director of the nonprofit New America’s Open Technology Institute, previously explained to Business Insider what he saw as the potential implications of the case, after a US judge ordered Apple to assist the FBI in unlocking the phone.
“What the court is essentially ordering Apple to do is custom-build malware to undermine its own product’s security features and then cryptographically sign that software so the iPhone will trust it as coming from Apple,” he said.
That has experts worried that, if the FBI ultimately prevails in the case, the government could force all companies trying to build secure devices for their customers to do the same thing it is asking of Apple.
“If a court can legally compel Apple” to comply with its demands, Bankston said, “then it likely could also legally compel any other software provider to do the same.”
Kennedy was tasked with analysing military intelligence while stationed in Iraq before he founded his own information-security company, TrustedSec. He largely echoed Bankston’s concerns.
Were Apple to comply, he said, “the company would have to introduce exposures into all future phones, and anyone trying to develop secure devices in the future would have to figure out a way to introduce a similar mechanism” to what the FBI wants now. That would essentially be a code that would override the iPhone feature that only allows you to enter a certain number of passwords before the device’s data is wiped.
In theory, such a mechanism would allow the FBI to use as many attempts as it takes to get into the San Bernardino shooter’s iPhone. It would also, Kennedy said, have “worldwide implications that threaten to destroy the entire security industry.”
“They cannot be trusted with this type of power,” Kennedy said. “The government’s stance has changed — the National Security Agency [NSA] used to be leaders at cracking cryptography. Now they’re trying to take the easy way out so that they have a guarantee that, in the future, they will be able to maintain the type of surveillance they have now.”
Current and former government officials have pushed back on this line of thinking.
Michael Hayden, the former director of both the NSA and CIA, said in an interview with USA Today that he doesn’t think Apple helping law enforcement would necessarily “lead to a universally available weakness.” And FBI Director James Comey noted in a blog post on Sunday that “the San Bernardino litigation isn’t about trying to set a precedent or send any kind of message.”
“It is about the victims and justice,” he added. “Fourteen people were slaughtered and many more had their lives and bodies ruined.”
Others have pointed out, rightly, that Apple has complied with law enforcement requests to unlock iPhones before — as many as 70 times. Fred Kaplan wrote in Slate that in doing so, Apple implicitly accepted the government’s right to get inside Apple-made phones.
“The technique is different,” Kaplan writes, referring to the new method the FBI is asking Apple to employ to get around the password limit. “But the outcome — letting the government into a phone designed by Apple — is the same.”
Kennedy, on other hand, argued that the outcome would be very different. Whereas in the past Apple worked with law enforcement to break into the iPhones, giving them “step-by-step guidance” on how to access the singular phone’s data, “Apple is now being asked to sit there and write code that weakens the security on all of its phones.”
Apple CEO Tim Cook essentially said as much in an open letter to his employees on Sunday.
“Some advocates of the government’s order want us to roll back data protections to iOS 7, which we released in September 2013,” Cook said. “Starting with iOS 8, we began encrypting data in a way that not even the iPhone itself can read without the user’s passcode, so if it is lost or stolen, our personal data, conversations, financial and health information are far more secure.”
He added: “We all know that turning back the clock on that progress would be a terrible idea.”
EXCLUSIVE FREE REPORT:
25 Big Tech Predictions by BI Intelligence. Get the Report Now »
Business Insider Emails & Alerts
Site highlights each day to your inbox.