In Response to FBI Director James Comey
Before we begin, we should start calling this thing what it really is. This isn’t a master key, or a backdoor. The FBI wants a workaround.
FBI Director James Comey just shared his thoughts regarding the San Bernardino situation, where he elaborates on the intentions of the FBI and calls for a national discussion on the future of privacy and security. To be honest, I feel bad for the guy. He and the FBI are trying so hard to just do their job, which is commendable. Let’s go through his letter step-by-step.
The San Bernardino litigation isn’t about trying to set a precedent or send any kind of message.
Yes, it is. Unfortunately, there is no way that the FBI will ever get access to the contents of Syed Farook’s work phone. Apple can’t help them with this one, so we have to assume that the rest of Comey’s thoughts are built on the notion of a future attack.
So…what happens when another attack like this occurs? What if the attackers use another channel of communication—encrypted, yes, but not even within the grasp of Apple? What if they use Android phones? By the logic of the FBI, they could have this same conversation about encryption with Google. If Apple and Google cooperate, those seriously intending on committing crime will turn to more secure, internationally-available alternatives. It’s already happening.
The rest of his first paragraph was largely an emotional appeal, citing the 14 lives which were tragically taken in the San Bernardino attacks. While this is certainly valid — and the horror of the situation undeniable—I would have preferred more elaboration on notion of a precedent. The FBI needs to explain what comes after the San Bernardino investigation, and more importantly, inform the general public of how we can help.
We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it.
This is where it gets tricky. This goes back to the fact that the FBI wants to enter the phone passcode electronically, so rather than having to guess roughly 2²⁵⁵ encryption keys, they only have to test 4¹⁰ (or 6¹⁰ with newer iPhones) different possible passcodes. Obviously this would make the FBI’s job so much easier. The problem is that Apple cannot produce this functionality without running the risk of making it available to malicious attackers. In trying to ensure the safety of Americans, it can be argued that the FBI is jeopardizing it as well. If an attacker (which could very well be an Apple employee) gets hold of a user’s iPhone, they can force their way in, just like the FBI.
We don’t want to break anyone’s encryption or set a master key loose on the land.
We know you don’t! Obviously, the FBI must understand the risks associated with power like this in the wrong hands. They are asking to do this in a controlled manner…but that’s not really how security works. There’s no way the FBI can guarantee a perfectly secure solution to this problem, simply because a perfectly secure system can never exist without compromise. Right now, that compromise works in favor of the people — their information is quite thoroughly protected from prying eyes, both good and bad. San Bernardino is an unfortunate consequence of that fact.
Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t. But we can’t look the survivors in the eye, or ourselves in the mirror, if we don’t follow this lead.
This is where I began to empathize with Comey. He, as well as the employees of the FBI, are really truly dedicated to protecting the American people from these kinds of attacks. It is my belief that they aren’t trying to set the cornerstone of a 1984-esque dystopia, and the people who think that are really too paranoid.
The problem is that the FBI is really only considering attacks in the vein of the San Bernardino attack — loud, violent acts of terror. I would encourage the FBI to also consider attacks that could be carried out as a result of this ‘workaround’ being created. People use their phones now for so many intimate activities, including payments and health management. What happens when cyber criminals get access to this information? Because we cannot prove that this Apple-FBI workaround is perfectly secure (largely due to human failings), we have to assume that it will be exposed eventually.
Although this case is about the innocents attacked in San Bernardino, it does highlight that we have awesome new technology that creates a serious tension between two values we all treasure — privacy and safety.
This is good.
That tension should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living.
So is this. Although some are criticizing Tim Cook because he wasn’t elected to spearhead this campaign for privacy, he is simply voicing his own political ideology. His letter was nothing more than an American bringing his voice to the table.
It should be resolved by the American people deciding how we want to govern ourselves in a world we have never seen before. We shouldn’t drift to a place — or be pushed to a place by the loudest voices — because finding the right place, the right balance, will matter to every American for a very long time.
Close, but no cigar. Cryptography is not just an issue for America, but for the entire world. Every person on this planet should be invited to the discussion table.
The Internet does not restrict itself to any specific group of people, though some governments do on its behalf. A terrorist living in San Bernardino, California has access to the same amount of information pertaining to encryption as any other American. The same may not be said for those living in China, but is that the direction the FBI would prefer us to go?
So I hope folks will remember what terrorists did to innocent Americans at a San Bernardino office gathering and why the FBI simply must do all we can under the law to investigate that.
More emotional appeal. However, the last part sits well with me, because it reiterates that they really just want to help. Is it possible that Syed Farook talked to other terrorists on his work phone? Probably not…but can you blame the FBI for wanting to at least rule it out?
I also hope all Americans will participate in the long conversation we must have about how to both embrace the technology we love and get the safety we need.
Good idea, but again: let’s invite everyone to the table.
Ultimately, Comey’s thoughts seem to convey that the FBI is just trying to acquire intel, and that they aren’t really thinking of a long-term strategy to handle encryption. I would call on the FBI to put forward a more thorough plan to address the issue of encryption in the future. Not only do American tech companies need to be involved, but international human rights groups should be as well.