From an excellent article on Vox.com (source link): Last week, FBI director James Comey had sharp words for Apple and its decision to enable encryption by default on iPhones. Comey argued that Apple was allowing its customers to “place themselves beyond the law,” and he worried that unbreakable encryption feature will cost lives when law enforcement isn’t able to get the information they need to thwart a kidnapping or terrorist attack.
But there are some good reasons for Apple to offer their customers the most robust privacy protections technology allows — even if that means the job of law enforcement becomes a bit more difficult.
While Comey accused Apple of helping users put themselves beyond the law, it’s notable that he didn’t say that the products themselves are illegal. That’s because they’re not: strong encryption products have been legal and widely available for years.
BYPASS THE CENSORS
Sign up to get unfiltered news delivered straight to your inbox.
You can unsubscribe any time. By subscribing you agree to our Terms of Use
Indeed, the legal status of encryption products was one of the biggest tech policy fights of the 1990s. In the early 1990s, as computers were becoming fast enough to make routine encryption feasible, intelligence and law enforcement agencies were making arguments that sounded a lot like the ones Comey is making now. They wanted backdoors in encryption products to preserve their ability to eavesdrop on people.
But the feds lost that fight, and strong cryptography without backdoors became a foundation of the internet economy. Today, every major web browser comes with strong cryptography built-in. Disk encryption products are available for every major operating system. And email encryption tools are available for free download.
Comey wants to ensure law enforcement agencies armed with warrants can get access to private samrtphone data. But any system that facilitates access by law enforcement will also make smartphones more vulnerable to hackers too.
As computer scientist Matt Blaze points out, building secure software is a hard enough challenge in its own. Creating a backdoor for the feds adds further complexity, increasing the danger of bugs that will let the bad guys in.
Blaze would know. Two decades ago, the government was pushing the Clipper chip, an encryption device with a built-in backdoor for law enforcement. Then Blaze’s research showed that the Clipper chip’s backdoor mechanism made the entire encryption scheme insecure. The Clipper chip — and proposals for mandatory backdoors more generally — were scuttled.
Another example of the danger of backdoors came a decade later. The Greek telephone network was built using American hardware that complied with a 1994 law requiring telephone equipment to come with a backdoor mechanism to facilitate spying by law enforcement. In 2004, someone — some have blamed American intelligence agencies — used this system to gain unauthorized access to the Greek telephone network and spy on more than 100 phone lines belonging to senior Greek government officials, including the prime minister.
