In the past few days, media reported about how parts of the US IT industry resist the espionage plans of the US government – triggered by Apple’s refusal to hack the phone of a suspect and prospectively install backdoors for secret services. What exactly is Apple required to do? And why is the company’s resistance so important? Also concerning VPNs …
For the first time in history, the government asks a company not just to assist in the investigation of an offense, request that no one would actually complain about; but publicly demanding Apple to develop a completely new software that makes the onsite security of its devices and features superfluous. This demand is affecting the security features that impact all Apple users and anyone who communicates with Apple’s users, and which are essential in the prevention of digital crimes. Bottom line, the company is forced to develop a master key that unlocks every single iOS device.
What would be the new changes? If FBI is successful, three major changes should be implemented by Apple:
- Currently, iOS can be adjusted so that it clears the internal keys after 10 unsuccessful password entries. FBI wants the software without this feature.
- After each unsuccessful password entry to unlock a device, iOS prolongs the time until another attempt can be made. The FBI wants the new software to accept an infinite number of entries without breaks.
- iOS requires that passwords are entered manually. The FBI would like the possibility to enter passwords electronically, so one can run automatically a variety of options in a short period of time.
If FBI’s requests will be approved, not only would Apple suffer of a bigger image loss than the one triggered by the Snowden revelations, but there would arise a fatal situation for citizens and businesses alike. By default, built-in back doors would not only be available for the US government, but potentially for others as well, especially for known enemies of the western countries like Iran, North Korea and Russia, but also the competing national economies, hackers and cybercriminals.
It’s rather naïve to believe that for the sake of all citizens, governments are the only ones trying to keep an eye on encrypted data. This rather reveals how much the thinking of law enforcement agencies has developed in only one direction: understanding total surveillance with themselves as luminaries of the planet, morally unassailable and almost uncontrollable anyway.
Another step towards 1984 2.0
And it would be only the first step, because once the protection of devices is gone, VPNs are just the next target on the hit list. If Apple’s refusal fails in court, the enforcement of backdoors for encrypted Internet access via virtual networks is only a matter of time. And besides: US companies operate globally. What arguments will be used for denying the Chinese government to do the same? And the Iranian? Who then has the last word when it comes to separate the evil from the good? And how exactly is the Russian mass surveillance different from the US one?