Recent events and developments tend to prove right the decision of Apple not to grant backdoor access to the FBI so as to enable them access the privacy of users.
At the US house judiciary hearing committee earlier this year, which involved the refusal of Apple to unlock the San Benardino suspect’s iPhone on behalf of FBI, several reasons were given by Apple to defend their stand even as the FBI also argued from their own security point of view why they should have access.
Several months down the road, Microsoft seems to have inadvertently demonstrated what could be an intrinsic security problem of including a universal backdoor in its software after it accidentally leaked its so-called “golden key”, which allows users to unlock any device that’s supposedly protected by Secure Boot, such as phones and tablets.
The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled.
Considering this development, Cointelegraph asks whether Apple’s original stand in denying the FBI access to the privacy of its users is in order.
The stake of trust and legality
Hando Rand, CEO of ProofofYou, says that the massive scale of the Apple user base has incorporated trust into Apple products. Therefore, the severe threats that follow the capabilities of centralised authorities to have easy access into personal user data of Apple users would damage the trust and the actual security of the users not only in the United States, but around the world.
Additionally, Rand explains that there is a legal aspect to the situation. He says that Apple is as popular in Europe as it is in the U.S., and The European Union considers the distribution of any personal data to any third-party as illegal, unless there is a court order. If Apple gives access to the FBI for unlimited and deliberate access to people’s personal data, which also includes European citizens, then Apple will fall under major legal threats in the EU.
Rand says to Cointelegraph:
“I would see no other option for Apple but to reject the FBI’s request.”
The inherent risk involved
Rand continues by pointing out the risks involved in allowing third-party access, as requested by the FBI.
He says:
“First of all, as it is widely argued that a backdoor significantly reduces the purpose of encryption, there are several practical and political arguments which do not really touch the technological side. History has proven how centralised supreme access to personal data has proven catastrophic. Current agent technologies can phish and organise an enormous amount of data in really quick succession. Big Data learning systems can generate an even larger amount of intelligence. That makes it easy to categorise people and acquire their location and contact data.”
Another example which Rand mentioned is how Edward Snowden showed that high-end info can leak:
“Now imagine, when the wrong person can get access to place digital agents to phish behind digital product users. The results could be atrocious.”
Benefits vs. risk
Moreover, considering the current tendencies towards right radical movements, Rand says that there is a possibility of a rightist initiative gaining power through totally democratic means, as happened in the 30’s in Germany, and after that history repeats itself. He also points out that there are many other possibilities such as exploitation of the backdoor by a corrupt official or an accidental leak.
He explains to Cointelegraph:
“Now comparing those risks to the benefits in fighting terrorism, they are really vague and not really credible. Terror organisations have their own techies and can create endless amounts of anonymous cryptographic software to communicate with each other, being totally separate from the big players like Apple, Google or Facebook. The FBI or whatever organisation will not be able to stop such software from emerging. This makes demanding the backdoor useless.”
Therefore, according to Rand, the benefits of creating a backdoor towards fighting terrorism are minuscule compared to the severe risks it creates as the cryptography might be secure but the backdoor is administrated by the most unexpected system of all - the human.