Standing Up for Security and Privacy

Yesterday Tim Cook, the CEO of Apple posted a letter to their customers on Apple.com. It details how the FBI wants to Apple to create a way to investigate an encrypted iPhone, and the dilemma Apple is facing in doing so.

If Apple is forced to comply with the order to create a backdoor through their security there will be no way to ever ensure again, that your digital security and privacy is protected.

If you’re an American and reading this you might be thinking that you don’t have anything to hide from the US government. Maybe you’re not ashamed of anything you’ve ever done, that’s fair. But if you said that, I would quickly point out that in June of 2015 all my personal identity information was hacked and stolen from the US government along with 21 million other Americans’ personal identity information (presumably by the Chinese government, though that’s not confirmed). That includes my Social Security Number, the address of every house I’ve ever lived in, my entire work history, and even my fingerprints. Yes, all my identity information that was used to grant me security clearance by the FBI (the same FBI that wants access to iPhones) was leaked from the US government into the hands of some hackers. Here is the letter that the US government sent me regarding the issue.

Dear David Mead:

As you may know, the Office of Personnel Management (OPM) was the target of a malicious cyber intrusion carried out against the U.S. Government, which resulted in the theft of background investigation records.

You are receiving this notification because we have determined that your Social Security Number and other personal information was included in the intrusion. As someone whose information was also taken, I share your concern and frustration and want you to know that we are working hard to help those impacted by this incident. The Federal government will provide you and your dependent minor children with comprehensive identity theft protection and monitoring service, at no cost to you.

Since you applied for a position or submitted a background investigation form, the information in our records may include you name, Social Security number, address, date and place of birth, residency, educational, and employment history, personal foreign travel history, information about immediate family as well as business and personal acquaintances, and other information used to conduct and adjudicate your background investigation.

Our records also indicate you fingerprints were likely compromised during the cyber intrusion. Federal experts believe the ability to misuse fingerprint data is currently limited. However, this could change over time as technology evolves. Therefore, we are working with law enforcement and national security experts to review the potential ways fingerprint data could be misused now and in the future, and will seek to prevent such misuse. If new means are identified to misuse fingerprint data, additional information and guidance will be made available.

While we are not aware of any misuse of your information, we are providing a comprehensive suite of identity theft protection and monitoring services. We are offering you, and any of your dependent children who were under the age of 18 as of July 1, 2015, credit monitoring, identity monitoring, identity theft insurance and identity restoration services for the next three years through ID Experts, a company that specializes in identity theft insurance and identity theft protection. The identity theft insurance and identity restoration service coverage has already begun. You have access to these service at any time during the next three years if your identity is compromised.

To take advantage of the additional credit and identity monitoring services, you must enroll with ID Experts using the PIN code at the top of this letter. To enroll go to https://www.opm.gov/cybersecurity. You may also call 800-750-3004 to enroll in or ask questions about these services. I hope you will take advantage of these services.

Please take not that OPM and ID Experts will not contact you to confirm any personal information. If you are contacted by anyone asking for you personal information in relation to this incident, do not provide it. For additional resources such as information you may share with people listed on your forms, sample background investigation forms, types of information which may have been taken, and tips on how to protect you personal information, visit https://www.opm.gov/cybersecuity.

Sincerely,
Beth F. Cobert
Acting Director
Office of Personnel Managment

Image of the letter.

Now I’ll ask you again, do you still want the US government to know everything you’ve ever done? Every message you’ve ever sent? Every photo you’ve ever taken? This is not paranoia, these are real threats. Breaches have already happened, and there’s no way to ensure they won’t happen again. And once that door is opened for the FBI, there won’t be much in the way of anyone else opening that same door.

If Apple loosens security, terrorists will use other forms of encryption. In most cases they probably already are, it’s not rocket science to set up. So by Apple loosening security, the FBI won’t even accomplish their goal of more transparency into acts of terror.

Yes, the attack in San Bernardino was terrible. Yes, people will continue to do horrible things and hide behind encryption. But encryption is just a tool. It helps defend us much more often than attack us. A hammer can be used as a weapon too, but they aren’t made for that purpose. Hammers are made build houses, houses to shelter us and keep us safe. Encryption was made to keep our information safe. I’ve already illustrated one example if how the US government is not reliable in that regard. I for one am glad Apple and Tim Cook have my back.


[Note]
Shortly after writing this I read Rene Richie’s article on iMore about the same subject matter. He shares a similar view as I do, but dives at it from different angles. If you’re interested in this subject matter, you should read that too, it’s great.


I have copied the entire text of Tim Cook’s letter below for posterity:

February 16, 2016
A Message to Our Customers

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

The Need for Encryption
Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

The San Bernardino Case
We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.

When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

The Threat to Data Security
Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

A Dangerous Precedent
Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Tim Cook

This entry was posted in Politics and tagged , , , , . Bookmark the permalink.

Comments are closed.