Ah, the good old false trade-off: Security or Letting the Terrorists Win and Kill Your Children. Once again, we have Apple being asked by the FBI to unlock or build back doors that “only law enforcement” (read: any bad guy) can use.
Look: I’m sympathetic to law enforcement. They have a tough enough time dealing with the literal worst of humanity and having to piece together the crimes that are comited by said. This is made more difficult when one of their suspects (or criminals) has encrypted some information. Because we have a codified right to privacy, it is reasonable to argue that giving up passcodes and other privacy stripping keys is not something we should have to do, no matter the case, as we’re all equal under the law (the Constitution being the “highest” of those laws).
This fight is further exacerbated by the fact that this is not the first time that Apple has reasonably denied these requests. It would damage their brand, their customer’s security and give an already powerful governmental department sweeping access to stuff it wouldn’t (and shouldn’t) have access to on it’s own. All in the name of “security”. The subtext of all of this is some what sadder: Despite all the massive surveillance that is being done on Americans, we still cannot stop domestic terrorism from happening. Giving the FBI or any entity, aside from the consumer, access to a device that has become the epicenter (for better or worse) of many people’s lives goes counter to our rights.
What about providing a sort of “key escrow” for law enforcement? It would be a semi-reasonable method of giving everything they want, in theory. Law enforcement would have the ability to decrypt data that they would presumably have proven their need to access. The user would still have encryption that is difficult to impossible to break in a reasonable manner and their rights are respected.
The main problems with this scenario are:
- Who do you give these keys to?
- What legal recourse do you have if they loose, leak or otherwise provide (willingly or not) keys to someone who should not have it?
- How do you get millions of people, companies and devices to enroll in this system when free, strong and cryptographically secure code and systems exist in the wild and aren’t going anywhere?
- Criminals are obviously not going to enroll, so it defeats the point.
Not to mention the massive organizational nightmare it would be to ensure keys are tied to the right person, device or organization. The whole idea is infeasible on any sizable scale.
I wish the general public would be more aware of the erosion of rights. All too often we just allow our government to trample over us because it’s convenient or we’re lead to believe that it’s “for the greater good”. When in actuality we could take some pointers from France, England and Italy where when their governments do wrong, people protest. We need some of that fire back in America, not this anesthetized complacency.