Following the FBI demand that Apple build backdoors to enable it to open iPhones and access encrypted data of users, CEO Tim Cook’s message to Apple’s customers around the world, on February 16, 2016, argues that such backdoors can fall in the hands of the very criminals that the government is trying to protect people from, even as it is prone to being misused by the government itself.
This is not new. Similar comments have been made since the Edward Snowden incident — which brought to light that the US National Security Agency (NSA) had worked with vendors to weaken encryption, and that it could break encryption.
Then came the iPhone with stronger encryption. Even Apple can’t access the “keys” to unlock an encrypted phone — only the user controls them. The San Bernardino case, in which 14 innocent people were killed by an Islamic terrorist couple, has validated the Apple claim because the encrypted data on their iPhones could not be accessed by the FBI. Apple could not help either. Hence, the demand for building an operating system that allows backdoors to circumvent security, under an archaic law, is a dangerous precedent according to Cook. “Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.”
This has reignited the debate on data privacy versus national security, which had moved away from the mainstream media after occupying centrestage for over a year immediately after Snowden’s revelations surfaced in May 2013. Trust in American companies, the innovators of almost all the technology — hardware devices, applications; platforms for commerce, social media, search, among others — fell to an all-time low, because of spying by the NSA through suspected backdoors in hardware and software platforms.
With the major technology companies’ revenues heading south in most geographies, after the Snowden incident, industry leaders gave strong signals against the the surveillance programme to the US government. All major technology companies announced plans for the development of strong encryption. There was a strong business imperative for this approach to regain the trust of global customers. But then the terrorist attacks on Paris and San Bernardino happened, and national security regained centrestage.
In a paper, titled “Keys under doormats”, in July 2015, some of the foremost cryptographers of the world warned the governments that cyberspace will become insecure for banking, e-commerce, and other transactions, if vendors agreed to build backdoors.
Governments in the Western world have enacted laws regulating surveillance — delicately balancing the concerns of security and privacy. For example, the USA Patriot Act and the Regulation of Investigatory Powers Act in the UK. In these democratic countries, civil society and media can force some transparency in governance. But what about a country like China that recently passed an anti-terrorism law in December 2015? The law requires technology companies to assist the authorities with encryption keys, but without any judicial review. When criticised, China accuses the US of double standards on counter-terrorism.
Interestingly, Bill Gates, the co-founder of Microsoft, has said that the FBI is justified in asking Apple to unlock the phone, and that technology companies should be forced to cooperate with LEAs in terrorism investigations.
Social media companies, such as Google, Facebook, and Twitter, which monetise personal data in return for providing free services, have a different take on this, since users don’t want to share their data with LEAs.
But the world needs cooperation of all service providers — irrespective of their business models — to share the desired data with LEAs for national security. Does it have to be backdoors, or an agreement under which any government can ask for data from any technology vendor? Such an agreement can be discussed at the United Nations. Nations can enact laws on the pattern of a model law that may be created by the UN. This can lead to a treaty that limits surveillance, but enables LEAs to access data, without compromising encryption, without violating the privacy of global citizens.