• Encryption-backdoors-come-in-all-guises-reacting-to-apples-customer-letter

    by  • February 18, 2016 • News, Policy

    The Internet Society has issued a statement following up on the CEO of Apple Inc, Tim Cook’s letter on FBI demand.

    Apple has millions of UK customers with the UK. With the UK Prime Minister having called for law enforcement to have no areas they cannot go and the debate and concern over the draft Investigatory Powers Bill in the UK this debate in the US has huge significance for UK citizens.

    UK expert Prof Ian Brown commented on what the FBI are really asking for on the BBC World Service

    Internet Society statement: –

     

    Have you ever lost your smartphone or had it stolen? Have you ever worried that your passcode may not be strong enough? Didn’t you have a sigh of relief when you remembered that you had enabled the feature that would erase your data after 10 failed attempts?

    The Internet Society is very concerned to learn about the recent order from the United States District Court for the Central District of California  requiring Apple to bypass or disable the auto-erase function on a seized iPhone and to enable the FBI to more effectively conduct a brute force attack on the device. Yes, the order is for only one device and sought for good intentions (i.e. law enforcement), but as Apple’s CEO points out:

    Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

    The order is, in essence, asking Apple to build a means to attack the security measures it has put in place to protect its users’ data from malicious actors.

    While not technically an “encryption backdoor”, it could have the same practical effect.

    Further, this approach is contrary to the spirit of the Secure the Internetpetition recommendations, specifically:

    • Governments should not mandate the design … or vulnerabilities into tools, technologies, or services.
    • Governments should not require that tools, technologies, or services are designed or developed to allow for third-party access to unencrypted data ….
    • Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets.

    which the Internet Society has signed to show its support for these guiding principles.

    There is no doubt that having access to information is vital for law enforcement, and we are mindful of those needs, but we believe this outcome is not the solution.

    We agree with Apple and others that there needs to be an open, transparent, public discussion about these issues. 

    On our main encryption page we provide links to resources, articles and projects that we support. We encourage you to review those materials and to share them widely.

    We do not believe backdoors – in any guise – will help bring about a more trusted Internet. Please join with us in working to find solutions!

    About