How FBI vs. Apple could cripple corporate and government security

The implications go way beyond whether law enforcement can unlock an alleged criminal's phone.

1 2 Page 2
Page 2 of 2

If these tools remain legal for enterprise, the odds are they will be used by nefarious groups to avoid government monitoring of consumer tech. If businesses are required to add back doors and golden keys too, we once again undermine the foundation for digital security.

The decision is binary, not absolutist

The President and the director of the FBI have portrayed this conflict as one between privacy absolutists and government compromise. The issue is that the technology itself forces us to make a binary decision. There are no known techniques for providing lawful access to encrypted communications and storage at scale. The only way to allow government access is to reduce the security of foundational technologies used by business and government agencies, not merely individual citizens. That is math, not politics.

Further complicating the situation is that security constantly evolves, and we continue to adopt ever stronger technologies in more situations simply to stop the criminals, including hostile governments. These aren’t outlandish movie scenarios; they are the painful, expensive reality for every business in the world. The only difference between consumer, corporate, and government technologies are the price tags. Restrictions on these improvements could be catastrophic.

Last July a group of extremely well respected cryptographers published an excellent overview of the feasibility and security impact of government access. They concluded:

Even as citizens need law enforcement to protect themselves in the digital world, all policy-makers, companies, researchers, individuals, and law enforcement have an obligation to work to make our global information infrastructure more secure, trustworthy, and resilient. This report’s analysis of law enforcement demands for exceptional access to private communications and data shows that such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend. The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict.

Everything in my experience supports their findings. I can’t think of any way to allow government access for criminal and national security situations that wouldn’t undermine the foundations of digital security across the board. Even ignoring the massive complexities if these requirements were instituted globally, unless the government required access to every possible encryption technology, it would be trivial for criminals and terrorists to hide, while dramatically increasing the risks to nearly all businesses and government agencies.

This story, "How FBI vs. Apple could cripple corporate and government security" was originally published by Macworld.

Copyright © 2016 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 secrets of successful remote IT teams