PINDROP BLOG

FBI Victory in Apple Case Could Backfire

The FBI has been pushing hard, both publicly and privately, for Apple to help it unlock an alleged terrorist’s iPhone by creating a compromised version of iOS, and it may well end up winning that battle. And while that may set a precedent for future law enforcement operations in the United States, it may wind up being a pyrrhic victory.

As a U.S. company, Apple is subject to the authority of the FBI and the Department of Justice, and those institutions are exerting as much pressure as they can on Apple. They very much want to win this fight for a couple of reasons. One, to get access to the phone used by Syed Farook and determine whether there’s any useful intelligence on there. And two, to set a precedent that will allow law enforcement agencies to employ this strategy in the future, going to technology providers for extraordinary technical assistance. Like backdoors.

The second reason is the one that most security experts believe is the most important driver in this case. Getting access to a phone used by a dead suspect that may contain no data of any actual value is a Trojan horse for the precedent-setting portion of the program. The government has acknowledged this tacitly in its court filings, and Apple officials have said it explicitly.

“It’s not about one phone,” Apple CEO Tim Cook said in an interview with Time. “It’s very much about the future.”

But there’s a third factor in play here that could turn out to have the longest-lasting repercussions. Even if the FBI succeeds in this case in forcing Apple to compromise its own security, it won’t make a bit of difference to the criminals and terrorists the bureau is tasked with apprehending. The vast majority of the encryption products in use today are manufactured by foreign companies, firms that sit safely outside the FBI’s jurisdiction.

Bruce Schneier recently published a detailed survey of the encryption market and found that most of the companies that sell hardware or software encryption products aren’t in the U.S.

“The findings of this survey identified 619 entities that sell encryption products. Of those 412, or two-thirds, are outside the U.S.-calling into question the efficacy of any US mandates forcing backdoors for law-enforcement access. It also showed that anyone who wants to avoid US surveillance has over 567 competing products to choose from,” Schneier said of the survey.

The U.S. clearly has no monopoly on encryption products, nor does it have one on crime or questionable legal policies. And, as Schneier’s survey makes clear, if users have reason to think that one particular platform or product is compromised, either intentionally or unintentionally, they have plenty of other options to choose from.

“Proposed mandatory backdoors have always been about modifying the encryption products used by everyone to eavesdrop on the few bad guys. That is, the FBI wants Apple—for example—to ensure that everyone’s iPhone can be decrypted on demand so the FBI can decrypt the phones of the very few users under FBI investigation,” the survey document says.

“For this to be effective, those people using encryption to evade law enforcement must use Apple products. If they are able to use alternative encryption products, especially products created and distributed in countries that are not subject to US law, they will naturally switch to those products if Apple’s security weaknesses become known.”

But that is not the government’s concern, at least not yet. Right now, the FBI is interested in winning the fight that’s right in front of it. It’s a fight that the bureau itself made public through the original court order, and it’s one that the government wants very much to win. If that happens, it may well be a victory of the most bittersweet kind.

Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS