Have you ever lost your smartphone or had it stolen? Have you ever worried that your passcode may not be strong enough? Didn’t you have a sigh of relief when you remembered that you had enabled the feature that would erase your data after 10 failed attempts?
The Internet Society is very concerned to learn about the recent order from the United States District Court for the Central District of California requiring Apple to bypass or disable the auto-erase function on a seized iPhone and to enable the FBI to more effectively conduct a brute force attack on the device. Yes, the order is for only one device and sought for good intentions (i.e. law enforcement), but as Apple’s CEO points out:
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The order is, in essence, asking Apple to build a means to attack the security measures it has put in place to protect its users’ data from malicious actors.
While not technically an “encryption backdoor”, it could have the same practical effect.
Further, this approach is contrary to the spirit of the Secure the Internet petition recommendations, specifically:
- Governments should not mandate the design … or vulnerabilities into tools, technologies, or services.
- Governments should not require that tools, technologies, or services are designed or developed to allow for third-party access to unencrypted data ….
- Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets.
which the Internet Society has signed to show its support for these guiding principles.
There is no doubt that having access to information is vital for law enforcement, and we are mindful of those needs, but we believe this outcome is not the solution.
We agree with Apple and others that there needs to be an open, transparent, public discussion about these issues.
On our main encryption page we provide links to resources, articles and projects that we support. We encourage you to review those materials and to share them widely.
We do not believe backdoors – in any guise – will help bring about a more trusted Internet. Please join with us in working to find solutions!
P.S. If you are an Internet Society member (or want to join – it’s free), you can discuss this in our Connect forums.
Image credit: Erich Ferdinand on Flickr. CC BY