FBI, Apple battle may leave lasting legacy

The FBI may have backed off from its demand that Apple build a backdoor, but experts say that a lasting legacy will remain

The FBI may have backed off from its demand that Apple build a backdoor to an iPhone security mechanism, for now at least, but experts say that a lasting legacy will remain in terms of the educational impact of the battle.

John Oliver's 18-minute segment on strong encryption for HBO's Last Week Tonight has been watched nearly 5 million times on YouTube since it first aired on March 13.

Apple CEO Tim Cook was on the cover of the March 28 issue of Time magazine, pledging not to back down.

[ MORE ON THE SITUATION: The economics of back doors ]

"Through most of last year, I was surprised that there were Europeans worrying about privacy and Americans didn't care about it," said Yorgen Edholm, CEO at Accellion. "And now this has come out. Now it's a standard conversation when I go out and talk to people, and people really care."

This is one of the defining issues of the times, he added.

Rod Schultz, vice president of product at Rubicon Labs

"I'm very happy that we have this discussion now," said Ebba Blitz, CEO at Alertsec. "It's in everyone's best interest to find a good solution. We all need to be protected."

It's a multi-layered issue, she added, since the encryption that can protect criminals from authorities also protects law-abiding citizens from those criminals.

"Never before have I seen encryption being in the public eye so much," said Rod Schultz, vice president of product at Rubicon Labs. "Time magazine, John Oliver -- if you told me this would happen a year ago, I would think it was impossible."

The case has become an opportunity to educate the public about encryption and privacy, he said.

"I think customers and the public are becoming very very savvy," he added. "For me, that's the best outcome right now."

When combined with the recent memory of the Snowden leaks, he added, it makes for a strong argument against giving governments backdoors around encryption and weakening security.

And the battle over unlocking Rizwan Farook's phone was just the tip of the iceberg, said Harvey Anderson, chief learning officer at AVG Technologies

"We already have the attorney general in Manhattan stating that he's got 175 iPhones waiting for be unlocked," he said. "And the FBI has made this request from Apple a number of times before."

Local district attorneys and sheriffs have already said that they have other phones in other kinds of cases that they want to force Apple to unlock, added Sophia Cope, staff attorney at Electronic Frontier Foundation.

It's not just about Apple

One of the lessons learned, according to security experts, is that the FBI's attempt to pressure Apple into creating a backdoor has far-reaching implications, beyond just Apple itself.

Rubicon, for example, has a hardware-based key storage solution that secures the key inside a protected environment, so that neither Rubicon itself nor the enterprise ever sees the keys.

If the FBI had won its case against Apple, companies like Rubicon may have faced similar requests to build back doors to their technology.

"We're hardware-based protection," said Rubicon's Schultz. "We would physically have to change our hardware to do that. It could take months, if not years to do."

And the company would lose customers as a result, he added.

"Any time you intentionally destroy the integrity of technology, it is basically asking for trouble," he said.

Other experts agree, including Ben Johnson, chief security strategist at Carbon Black, a former cyberengineer for the NSA.

"If Apple is forced to open this up, it sets a dangerous precedent for being able to force manufacturers and tech companies to break their own trust with users and consumers," he said. "I love the intelligence community, I worked there, I got my start there, but weakening our security is a very dangerous approach."

Weakening security puts everyone at greater risk, said security expert Bruce Schneier, CTO at Resilient Systems.

"Security is too important to throw it away for this kind of silly warrant," he said.

In a survey conducted at the recent RSA conference by AlienVault, the majority of the IT security community, or 63 percent, said they support Apple in its dispute with the FBI, and just more than half, or 51 percent, said the FBI was looking to set a new legal precedent to be able to unlock all devices made by Apple and other tech companies.

It's not just about the U.S.

If the U.S. authorities had succeeded in forcing Apple to build a backdoor -- or are able to do so at some point in the future -- then it would set an example for other countries, said Anderson.

"If it happened here, it's very easy for regulators to follow the same position elsewhere," he said. "Not that they blindly follow what we do, but it sets a reference point."

"Compelling Apple to build a backdoor for its own product actually undermines the security and personal safety of millions of Americans and others around the world, especially those living under authoritarian regimes," said EFF's Cope.

Even if the government were able to mandate encryption backdoors, this would have little impact on actually being able to deter criminals or terrorists, since the encryption technology is free and publicly available.

"Cryptography exists," said Yehuda Lindell, co-founder and chief scientist at Dyadic Security and author of the widely-used textbook "Introduction of Modern Cryptography." "You can open my textbook and read it and now you will know how to write your own code and protect yourself."

Smart criminals can write their own code, and then sell it to others, he said.

"The innocent citizens are still vulnerable, but the bad guys are protected," he said.

Or the criminals and terrorists can simply use some of the many freely-available tools and apps already on the market, he added.

The fight's not over

According to the Electronic Frontier Foundation, the FBI could come back to court in a few weeks and try again, or look for another test case with which to set a legal precedent.

"Overall, it seems a shame to not get some clarity in the courts over what the government can and can't request when it comes to privacy and security, and if this case does not reach a conclusion you can bet we'll be back in this same spot soon," said Carbon Black's Johnson.

"We still need to come together to answer the question, 'where and why can the US government access private devices,'" said Brian Stafford, CEO at Diligent.

We could be facing a much larger war still to come, added Zulfikar Ramzan, CTO at RSA Security.

"Apple may eventually bolster the encryption capabilities on the iPhone so that even they themselves can’t decrypt data," he said. "At that point, the stakes will only go up and rather than fight a single test case in the courts, the next resort could then be to pass legislation that permits the government deep access into the iPhone and similar devices."

That could take us back 20 years to the Clipper chip, he added.

"Clipper proved to be an ill conceived idea back then, and nothing much has changed to suggest that a reincarnation of it would fare any better," he said.

Join the CSO newsletter!

Error: Please check your email address.

Tags Apple

More about AccellionAlienVaultAppleCarbon BlackClipperEFFElectronic Frontier FoundationFBIManhattanModernNSARSASmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts