Just ahead of one of the most anticipated legal showdowns in recent memory, Magistrate Judge Sheri Pym on Monday evening granted the FBI’s request to delay a hearing on the agency’s demand that Apple help it crack the iPhone used by one of the San Bernardino shooters.
Despite previous statements in which it claimed Apple was the only one who could provide access to the contents of the device, the FBI told Pym on Monday it found a third party that might be able to help.
The FBI said it needed time to test the viability of the new method. Pym allowed it and told the government to report back by April 5. The battle, it seems, is over.
But by all accounts, Apple has hesitated to call the delay a win, and for good reason.
Let’s say the FBI’s unnamed outside source successfully cracks the iPhone in question. Apple is no longer needed, everyone goes home. Great, except (the damage caused by the agency’s potential perjury aside) none of the larger issues raised by the case have been solved.
Encryption is still here. Law enforcement agencies still want in. People are seemingly left to choose between privacy and “justice.”
Downhill from here
The problem will only get worse as technology improves and backdoors, such as the one the FBI’s third party claims to have discovered, become more elusive.
According to Nikias Bassen, Principal Mobile Security Researcher at Zimperium, the iPhone 5c device in question in this high-profile case is an older model, meaning it has weaker security than newer models.
Already, the Wall Street Journal reported nearly 95 percent of iPhone devices currently run on a version of Apple’s operating system that requires encryption. And while most Android devices are far less likely to use encryption, Google’s newest version of the operating system – Marshmallow – mandates device makers encrypt high-powered phones using the system. Going forward, that means more devices than ever will use encryption.
But it’s not just smartphones that are causing law enforcement officials to grit their teeth.
The New York Times recently reported the government is also in a standoff with Facebook’s messaging app, WhatsApp, over access to user conversations. Thanks to encryption, the app is reportedly impossible for government officials to tap into, even with a judge’s order.
And WhatsApp is far from one of a kind. Countless other secure messaging apps – like Threema – also offer encryption.
Moving forward
Even if the Magistrate dismisses the case in light of the FBI’s newfound phone cracking abilities, legal experts have suggested her say won’t be the last.
Throughout the case, tech companies including U.S. wireless carriers AT&T and Verizon have called on Congress to step in and take action to update privacy and technology laws.
But experts said where those laws take us will be just important as their passage. And it might not be as sunny a road as many tech companies hope.
While some lawmakers are seeking to create a commission to explore the intersection of law enforcement and privacy issues, others are going straight for the jugular with legislation that would impose civil penalties on technology companies who refuse to comply with orders to give investigators access to encrypted data.
Those kinds of laws, Bassen said, could have a much greater negative impact that lawmakers might imagine.
“Once the public discovers a backdoor, a vendor complying with such requests would lose credibility,” Bassen said. “In other cases, vendors could relocate from one country to another just to avoid complying with such orders. In that particular case, the country generating such laws would suffer economic losses (jobs, taxes paid by the vendor, etc).”
And Bassen isn’t the only one concerned about the economic implications of encryption legislation.
Graphite Software CEO Alec Main also painted a picture in which weakened encryption or encryption access laws backfire in the market.
“Certainly, having full access to mobile device information would help (law enforcement), but at what cost?” Main said. “The right to privacy of all citizens will be compromised, the mobile industry and potentially all digital companies will be facing a precedent that could render their business non-competitive as consumers choose to stop buying their products, and the risk of information leakage by those collecting the data is very real as is evidenced by numerous data breaches in the past.”
But according to Main, new policies are necessary to bolster the protection encryption seeks to offer consumers and we can only hope legislators get it right.
“Encryption exists to protect data against involuntary disclosure,” Main said. “Policies and behaviors are need to properly leverage encryption technology in order to deliver information privacy. That is, encryption alone cannot protect privacy.”
Filed Under: Industry regulations