Our take on the Apple vs FBI debate

As people who deal professionally with the technical side of web security, we are always asked for our thoughts on the Apple vs FBI debate on access to device data. Whose side are we on, our friends keep asking, and should they be worried about one of the sides winning? The debates are still heated (even Barack Obama couldn’t resist getting involved) and the questions keep coming. So we have decided to lay out our answer, which is not so simple, in a brief text.

The answer is not simple primarily because the issue itself is philosophical or even political rather than technical, as McAfee has summed up quite well in his appeal to the FBI, promising to decrypt the San Bernardino phone for free if Apple are left alone. Besides, the question itself is phrased in a polarizing manner, making a working solution impossible from the outset.

And so we suggest that you consider a different question: “Are you willing to give Apple voluntary permission to relinquish your data by court order?”

Indeed, if you are willing to do that then your device, at least, does not present a problem. It is also logical to presume that anyone convinced that Apple should grant the FBI access to the data from the San Bernardino shooter’s phone, would also agree to have their own phone subjected to the same treatment. Suppose you are Donald Trump. Instead of putting your iPhone away, you could sign a waiver, allowing Apple, Google et al. to manage your data this way, and therefore releasing Apple from responsibility for such a decision regarding you. They would design a limited-edition update for you with a backdoor key.

As for those not prepared to give such a voluntary permission, they obviously have serious reasons for this, understanding which may direct us to the true issue at hand.

So, if you think that some judges may reach a corrupt decision regarding your data, perhaps you should simply be allowed to choose your judge? It is quite likely that one or more judges you trust to take the decision can be found. Naturally, a popular judge or group must be selected, so that society, too, could rely on their judgement (let’s say no fewer than a million people committed to following the judge’s decision) — but that would just make it easier. Or maybe you would trust someone else with the decision — perhaps Apple themselves? Check a box and forget it, then Apple wouldn’t have to go to court for you and fight for popular opinion, which may also have a nice effect on phone prices.

You may see the issue as being even deeper, and believe some laws to be unjust (or subject to abuse). You would not want even a reputable judge to apply such laws to your case, but most likely you agree with most of the other laws and see no problems in them? And then, if we collect data about your choice, we will discover serious problems within the parts of legislation you have not selected, won’t we?

This way, without force or regulation, we can greatly diminish the scope of the initial problem: from a threat to democracy as a whole to a particular illegitimate law — and approach a more secure world without compromising our freedoms.

Now enabling such a choice — that is a technical question.