My View: Apple’s backdoor

In February, Apple refused to help the FBI access encrypted data on the iPhone that belonged to one the shooters from the December 2015 terrorist attack in San Bernadino, California. In a message to their customers posted Feb. 16, Apple stated, “The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.” Harding Magazine sat down with Assistant Professor of Computer Science Dana Steil to learn more about encryption and get his perspective on the issue.

IN THE SPECIFIC CONTEXT of the San Bernadino iPhone case, I hope the FBI is able to gain access to the data on the iPhone without the assistance of Apple. Further, I hope that any intelligence gathered will aid in our national security.

I, and many others, view the recent FBI request and court order in the broader context of government regulation of encryption rather than the narrower context of this one case.

This well-publicized court order comes in the midst of a renewed push by some in our government to regulate encryption. A recent article in Communications of the ACM expressed that 20 years ago, it was decided that the U.S. government would not regulate encryption. Law enforcement officials who favored such regulation at the time were not focused on terrorists, rather the focus was on encrypted data of drug traffickers, those involved in child pornography, and white-collar criminals. Law enforcement wanted to be able to get data of suspects’ computers after making arrests. By presidential order at the time, it was decided that the United States was not going to attempt to regulate encryption because the benefits of such encryption outweighed the harm. Ironically, many of the best encryption algorithms, without backdoors, were developed with U.S. federal grant funds.

The question is, are we going to allow legal and robust encryption or not? I contend that if you have a backdoor, as some in our government are suggesting, you no longer have robust encryption. If you have a key under the doormat, why have the lock in the first place? If we have laws to regulate encryption similar to those suggested recently, only law abiding citizens would follow them. If you are a criminal, you are likely to use an encryption algorithm without a back-

door to keep your data secret. We fool ourselves if we believe we can keep robust encryption tools from those who want to hide incriminating data.

It is my understanding that the data on the San Bernadino iPhone is encrypted, and the phone is locked with a passcode. The only way to access the data is by knowing this passcode. I hope the FBI can find video surveillance of the perpetrator entering the passcode. If the FBI tries incorrect passcodes too many times, all the data could be deleted. They cannot just plug in the phone and read the data because it is encrypted. There are many different algorithms for encryption. If Apple did the encryption well, no one should be able to access the information. There is a unique private key per device that is encrypted. Only the user who owns the device and knows the passcode is granted access to the key and thus the encrypted data. Apple should not know the passcode or the key; therefore, they should not be able to decrypt the contents. Even the owner who wrote the information can’t read the contents without the passcode. It is unclear if Apple can overcome the passcode hurdle they constructed; they have made no statement to the contrary. I will be disappointed if they can.

There are people all over the world relying on the encryption on their phone for average to noble purposes, and there also are people who are probably using the encryption for criminal purposes. If Apple bypasses the encryption, they are opening the door to making encrypted data accessible for everyone. I create law enforcement software. I use encryption algorithms to encrypt law enforcement data as it’s sent from one place to another so that other people cannot view it. I think the benefits that come from secure encryption without any backdoors far outweighs the benefit to law enforcement by having backdoors. Clearly, Apple has done a sufficient job because the FBI cannot read the data from the iPhone without help. No one should be able to decrypt the data even with help.