What Tim Cook doesn’t want to admit about iPhones and encryption

What Tim Cook doesn't want to admit about iPhones and encryption

When Hillary Clinton called for a “Manhattan-like project” to find a way for the government to spy on criminals without undermining the security of everyone else’s communications, the technology world responded with mockery.

“Also we can create magical ponies who burp ice cream while we’re at it,” snarked prominent Silicon Valley investor Marc Andreessen. Clinton’s idea “makes no sense,” added Techdirt’s Mike Masnick, because “backdooring encryption means that everyone is more exposed to everyone, including malicious hackers.”

It’s an argument that’s been echoed by Apple CEO Tim Cook, who is currently waging a legal battle with the FBI over its request to unlock the iPhone of San Bernardino terrorism suspect Syed Rizwan Farook. “You can’t have a backdoor that’s only for the good guys,” Cook said in November.

There’s just one problem: This isn’t actually true, and the fight over Farook’s iPhone proves it. Apple has tacitly admitted that it can modify the software on Farook’s iPhone to give the FBI access without damaging the security of anyone else’s iPhone.

Claiming that secure back doors are technically impossible is politically convenient. It allows big technology companies like Apple to say that they’d love to help law enforcement but don’t know how to do it without also helping criminals and hackers.

But now, faced with a case where Apple clearly can help law enforcement, Cook is in the awkward position of arguing that it shouldn’t be required to.

Apple isn’t actually worried about the privacy of a dead terrorism suspect. Cook is worried about the legal precedent — not only being forced to help crack more iPhones in the future, but conceivably being forced to build other hacking tools as well.

But by taking a hard line in a case where Apple really could help law enforcement in an important terrorism case — and where doing so wouldn’t directly endanger the security of anyone else’s iPhone — Apple risks giving the impression that tech companies’ objections aren’t being made entirely in good faith.

The San Bernardino case shows secure back doors are possible

What Tim Cook doesn't want to admit about iPhones and encryption

Technologists aren’t lying when they say secure back doors are impossible. They’re just talking about something much narrower than what the term means to a layperson. Specifically, their claim is that it’s impossible to design encryption algorithms that scramble data in a way that the recipient and the government — but no one else — can read.

That’s been conventional wisdom ever since 1994, when a researcher named Matt Blaze demonstrated that a government-backed proposal for a back-doored encryption chip had fatal security flaws. In the two decades since, technologists have become convinced that this is something close to a general principle: It’s very difficult to design encryption algorithms that are vulnerable to eavesdropping by one party but provably secure against everyone else. The strongest encryption algorithms we know about are all designed to be secure against everyone.

But the fact that we don’t know how to make an encryption algorithm that can be compromised only by law enforcement doesn’t imply that we don’t know how to make a technology product that can be unlocked only by law enforcement. In fact, the iPhone 5C that Apple and the FBI are fighting about this week is a perfect example of such a technology product.

You can read about how the hack the FBI has sought would work in my previous coverage, or this even more detailed technical analysis. But the bottom line is that the technology the FBI is requesting — and that Apple has tacitly conceded it could build if forced to do so — accomplishes what many back door opponents have insisted is impossible.

Without Apple’s help, Farook’s iPhone is secure against all known attacks. With Apple’s help, the FBI will be able to crack the encryption on Farook’s iPhone. And helping the FBI crack Farook’s phone won’t help the FBI or anyone else unlock anyone else’s iPhone.

It appears, however, that more recent iPhones are not vulnerable to the same kind of attack. (Update: Apple has told Techcrunch that newer iPhones are also vulnerable.) If Farook had had an iPhone 6S instead of an iPhone 5C, it’s likely (though only Apple knows for sure) that Apple could have truthfully said it had no way to help the FBI extract the data.

That worries law enforcement officials like FBI Director James Comey, who has called on technology companies to work with the government to ensure that encrypted data can always be unscrambled. Comey hasn’t proposed a specific piece of legislation, but he is effectively calling on Apple to stop producing technology products like the iPhone 6S that cannot be hacked even with Apple’s help.

The strongest case against back doors is repressive regimes overseas

What Tim Cook doesn't want to admit about iPhones and encryption

If you have a lot of faith in the US legal system (and you’re not too concerned about the NSA’s creative interpretations of surveillance law), Comey’s demand might seem reasonable. Law enforcement agencies have long had the ability to get copies of almost all types of private communication and data if they first get a warrant. There would be a number of practical problems with legally prohibiting technology products without back doors, but you might wonder why technology companies don’t just voluntarily design their products to comply with lawful warrants.

But things look different from a global perspective. Because if you care about human rights, then you should want to make sure that ordinary citizens in authoritarian countries like China, Cuba, and Saudi Arabia also have access to secure encryption.

And if technology companies provided the US government with backdoor access to smartphones — either voluntarily or under legal compulsion — it would be very difficult for them to refuse to extend the same courtesy to other, more authoritarian regimes. In practice, providing access to the US government also means providing access to the Chinese government.

And this is probably Apple’s strongest argument in its current fight with the FBI. If the US courts refuse to grant the FBI’s request, Apple might be able to tell China that it simply doesn’t have the software required to help hack into the iPhone 5C’s of Chinese suspects. But if Apple were to create the software for the FBI, the Chinese government would likely put immense pressure on Apple to extend it the same courtesy.

AT&T CEO won’t join Tim Cook in fight against encryption backdoors

AT&T CEO won’t join Tim Cook in fight against encryption backdoors

US politicians have been urging tech companies to weaken the security of smartphones and other products by inserting encryption backdoors that let the government access personal data.

Numerous tech companies—including Apple—have come out strongly against the idea, saying that encryption backdoors would expose the personal data of ordinary consumers, not just terrorists.

But tech company leaders aren’t all joining the fight against the deliberate weakening of encryption. AT&T CEO Randall Stephenson said this week that AT&T, Apple, and other tech companies shouldn’t have any say in the debate.

“I don’t think it is Silicon Valley’s decision to make about whether encryption is the right thing to do,” Stephenson said in an interview with The Wall Street Journal. “I understand [Apple CEO] Tim Cook’s decision, but I don’t think it’s his decision to make.”

AT&T has been criticized repeatedly for its cooperation with the US National Security Agency, but Stephenson says his company has been singled out unfairly.

“‘It is silliness to say there’s some kind of conspiracy between the US government and AT&T,’ he said, adding that the company turns over information only when accompanied by a warrant or court order,” the Journal reported yesterday.

While presidential candidate Hillary Clinton called for a “Manhattan-like project” to help law enforcement break into encrypted communications, Cook argues that it’s impossible to make an encryption backdoor that can be used only by law enforcement. “The reality is if you put a backdoor in, that backdoor’s for everybody, for good guys and bad guys,” Cook said last month.

Security researchers recently discovered a backdoor password in Juniper firewall code. Researchers also found a deliberately concealed backdoor in dozens of products sold by a company that supplies audio-visual and building control equipment to the US Army, White House, and other security-conscious organizations.

FBI Director James Comey told lawmakers in October that the Obama administration won’t ask Congress for legislation requiring tech companies to install backdoors in their products, but he said the administration would continue lobbying companies to create backdoors even though they’re not required to.

Despite AT&T sitting out the debate, plenty of tech companies balk at the idea. A letter to President Obama protesting deliberate weakening of security last year was signed by Adobe, Apple, Cisco, CloudFlare, Dropbox, Evernote, Facebook, Google, Level 3, Microsoft, Mozilla, Rackspace, Symantec, Tumblr, Twitter, and others. AT&T did not sign the letter.

Tim Cook pushes for strong encryption at White House summit

As expected, Apple CEO Tim Cook urged White House and government officials to come to terms with strong encryption practices that protect consumer data, at one point saying such intentions should be stated publicly.

Tim Cook pushes for strong encryption at White House summit

Cook’s plea came during a cybersecurity summit held in San Jose, Calif., last week, where government officials met with Silicon Valley tech executives to discuss how best to stymie threats posed by non-state actors like ISIS, reports The Guardian.

According to a follow-up report from The Intercept, Cook asked the White House to take a “no backdoors” stance on encryption. Law enforcement agencies, specifically the FBI, have clamored for so-called “weak encryption” policies that would allow access to protected data through supervised software backdoors.

In response, Attorney General Loretta Lynch said a balance must be struck between personal privacy and national security. The current administration is still grappling with the issue and has yet to reach a resolution that would not tip the scales.

FBI director James Comey was among those in attendance at last week’s summit. White House Chief of Staff Denis McDonough, counterterrorism adviser Lisa Monaco, Attorney General Loretta Lynch, National Intelligence Director James Clapper and National Security Agency Director Mike Rogers were also present.

Government officials say existing strong encryption techniques employed by Apple, Google and other tech firms make it easy for criminals and terrorists to communicate in relative safety. Cook maintains a hardline stance on the issue, saying that “any backdoor means a backdoor for bad guys as well as good guys.” Apple’s introduced a nearly impenetrable data encryption protocol with iOS 8, one that the company itself is unable to crack even with the proper warrants.

A document obtained by The Intercept notes summit talks included questions on whether tech companies would be willing to enact “high level principles” relating to terrorists’ use of encryption, or technologies that “could make it harder for terrorists to use the internet to mobilize, facilitate, and operationalize.” Also on the docket was the potential use of unencrypted data like metadata. Such far-reaching strategies would be difficult, if not impossible, to implement without actively policing customer data.

The summit was held less than three months after the controversial Cybersecurity Information Sharing Act cleared the U.S. Senate floor in October, legislation that would allow private companies to share customer data with government agencies, including the Department of Homeland Security and the NSA. While not labeled a surveillance bill, Apple and other powerful tech companies dispute its merit, saying CISA disregards user privacy.

Apple CEO Tim Cook Mounts Defense of Encryption on “60 Minutes”

Apple CEO Tim Cook Mounts Defense of Encryption on "60 Minutes"

In a “60 Minutes” appearance Sunday, Apple CEO Tim Cook reiterated his support of encryption, in the face of renewed criticism from the U.S. intelligence community that these digital locks interfere with the ability to detect threats to national security.

Cook used an interview with CBS’s Charlie Rose to lay out his argument for why weakening encryption on consumer devices is a bad idea.

“If there’s a way to get in, then somebody will find the way in,” Cook said. “There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door’s for everybody, for good guys and bad guys.”

Following the mass murders in Paris and San Bernardino, Apple and other technology companies have come under mounting pressure to give U.S. law enforcement access to their consumers’ encrypted messages. FBI Director James Comey complained that potential attackers are using communications platforms that authorities can’t access — even through warrants and wiretaps.

“I don’t believe that the trade-off here is privacy versus national security,” Cook said in the interview. “I think that’s an overly simplistic view. We’re America. We should have both.”

Cook said modern smartphones such as the iPhone contain sensitive information: Personal health details, financial data, business secrets and intimate conversations with family, friends or co-workers. The only way to ensure this information is kept secure is to encrypt it, turning personal data into indecipherable garble that can only be read with the right key — a key that Apple doesn’t hold.

Apple will comply with warrants seeking specific information, Cook said, but there’s only so much it can provide.

Moving to other topics, Cook defended Apple’s tax strategy, which has drawn criticism from Congress. He described as “total political crap” charges that Apple is engaged in an elaborate scheme to pay little or no taxes on overseas income. He also discussed the company’s use of one million Chinese workers to manufacture most of its products, saying they possess the skills that American workers now lack.

“The U.S., over time, began to stop having as many vocational kind of skills,” Cook said in the interview. “I mean, you can take every tool and die maker in the United States and probably put them in the room that we’re currently sitting in. In China, you would have to have multiple football fields.”

The television news magazine also took viewers on a tour of Apple’s headquarters. Rose talked with design guru Jony Ive about the Apple Watch inside the secret design studio, where the wooden tables were draped with covers to shield future projects from the camera.

Apple CEO Tim Cook Mounts Defense of Encryption on "60 Minutes"

Retail chief Angela Ahrendts escorted Rose to a mock Apple Store in an unmarked warehouse off the main Cupertino campus.

And, armed with cameras and drones, Rose ascended a giant mound of earth to visit to the site of Apple’s future corporate headquarters, a building dubbed the “spaceship” by many. The $5 billion project, with 7,000 trees, fruit and vegetable gardens and natural ventilation system, is expected to one day house 13,000 employees.

NSA, Apple Chiefs Decode Encryption Views

NSA, Apple Chiefs Decode Encryption Views

LAGUNA BEACH, Calif.—The heads of the National Security Agency and the world’s most valuable company appeared to try to make nice Monday night over their contrasting views on encryption—to a point.

NSA Director Adm. Michael Rogers and Apple Inc. Chief Executive Tim Cook, appearing at The Wall Street Journal’s technology conference, WSJDLive, spoke in broad terms about encryption in back-to-back interviews.

Asked about efforts by Apple and other tech firms to build products that protect user data and communications from law enforcement, Mr. Rogers said, “Strong encryption is in our nation’s best interest.”

But asked if that included impenetrable encryption, he quickly interrupted, “That’s not what I said.”

Mr. Cook, appearing later, disagreed on the latter point. “I don’t know a way to protect people without encrypting,” he said. “You can’t have a backdoor that’s only for the good guys.”

Apple and federal officials have been at odds for more than a year, since Apple issued a new version of its mobile-operating system that it said safeguards user information, even from law enforcement. But the White House signaled recently that it won’t seek new laws to force tech companies to make products that allow law enforcement to eavesdrop.

Messrs. Cook and Rogers said both sides in the encryption debate need to turn down the vitriol. “Reasonable people can have discussions and figure out how to move forward,” Mr. Cook said.

On other subjects, Mr. Cook said, Apple has 15 million users on its streaming music service, including 6.5 million paying subscribers.

Apple launched Apple Music on June 30, offering every user a three-month trial period. Once the trial period ends, customers pay $9.99 a month for individual users and $14.99 for families. The first batch of customers came off the trial period at the end of September.

Mr. Cook also spoke unusually frankly about the automobile industry, although he declined to address Apple’s interest in building an electric car. The Apple CEO said he sees a “massive change” coming in the automobile industry as major technologies shift the sector away from today’s combustion-engine focus.

He said he sees software, electrification and autonomous driving technologies playing a crucial role in the cars of the future. “That industry is at an inflection point for massive change, not just evolutionary change,” he said.