Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Take a stand against the Obama/FBI anti-encryption charm offensive

Last updated

It has been frustrating to watch as the horrific San Bernardino terrorist killing spree has been used as a cover by the FBI to achieve the anti-encryption goals they've been working towards for years. Much of that frustration stems from the fact that the American media has so poorly reported the facts in this case.


The real issue in play is that the FBI wants backdoor access to any and all forms of encryption and is willing to demonize Apple in order to establish an initial precedent it can then use against all other software and hardware makers, all of whom are smaller and are far less likely to even attempt to stand up against government overreach.

However, the media has constantly echoed the FBI's blatantly false claims that it "does not really want a backdoor," that only cares about "just this one" phone, that all that's really involved is "Apple's failure to cooperate in unlocking" this single device, and that there "isn't really any precedent that would be set." Every thread of that tapestry is completely untrue, and even the government has now admitted this repeatedly.

Representative democracy doesn't work if the population only gets worthless information from the fourth estate.

However, in case after case journalists have penned entertainment posing as news, including a bizarre fantasy written up by Mark Sullivan for Fast Company detailing "How Apple Could Be Punished For Defying FBI."

A purportedly respectable polling company asked the population whether Apple should cooperate with the police in a terrorism case. But that wasn't the issue at hand. The real issue is whether the U.S. Federal Government should act to make real encryption illegal by mandating that companies break their own security so the FBI doesn't have to on its own.

The Government's Anti-Encryption Charm Offensive

Last Friday, U.S. Attorney General Loretta Lynch made an appearance on The Late Show with Stephen Colbert to again insist that this is a limited case of a single device that has nothing to do with a backdoor, and that it was really an issue of the County-owned phone asking Apple for assistance in a normal customer service call.

Over the weekend, President Obama appeared at SXSW to gain support for the FBI's case, stating outright that citizens' expectation that encryption should actually work is "incorrect" and "absolutist."

He actually stated that, "If your argument is 'strong encryption no matter what, and we can and should in fact create black boxes,' that I think does not strike the kind of balance we have lived with for 200, 300 years. And it's fetishizing our phone above every other value, and that can't be the right answer."

That's simply technically incorrect. There's no "balance" possible in the debate on encryption. Either we have access to real encryption or we don't. It very much is an issue of absolutes. Real encryption means that the data is absolutely scrambled, the same way that a paper shredder absolutely obliterates documents. If you have a route to defeat encryption on a device or between two devices, it's a backdoor, whether the government wants to play a deceptive word game or not.

If the government obtains a warrant, that means it has the legal authority to seize evidence. It does not mean that the agencies involved have unbridled rights to conscript unrelated parties into working on their behalf to decipher, translate or recreate any bits of data that are discovered.

If companies like Apple are forced to build security backdoors by the government to get around encryption, then those backdoors will also be available to criminals, to terrorists, to repressive regimes and to our own government agencies that have an atrocious record of protecting the security of data they collect, and in deciding what information they should be collecting in the first place.

For every example of a terrorist with collaborator contacts on his phone, or a criminal with photos of their crimes on their phone, or a child pornographer with smut on their computer, there are thousands of individuals who can be hurt by terrorists plotting an attack using backdoors to cover their tracks, or criminals stalking their victims' actions and locations via backdoor exploits of their devices' security, or criminal gangs distributing illicit content that steps around security barriers the same way that the police hope to step around encryption on devices.

Security is an absolutist position. You either have it or you don't.

Obama was right in one respect. He noted that in a world with "strong, perfect encryption," it could be that "what you'll find is that after something really bad happens the politics of this will swing and it will become sloppy and rushed. And it will go through Congress in ways that have not been thought through. And then you really will have a danger to our civil liberties because the disengaged or taken a position that is not sustainable."

However, the real answer to avoiding "sloppy, rushed" panic-driven legislation is to instead establish clear rights for citizens and their companies to create and use secure tools, even if there is some fear that secure devices may be used in a way that prevents police from gaining access to some the evidence they might like to access in certain cases.

The United States makes no effort to abridge the use of weapons like those used in San Bernardino to actually commit the atrocity. It should similarly not insist that American encryption should only work with a backdoor open on the side, giving police full access to any data they might want.

It's not just a bad idea, it's one that will accomplish nothing because anyone nefarious who wants to hide their data from the police can simply use non-American encryption products that the FBI, the president and the U.S. Congress have no ability to weaken, regardless of how much easier it would make things for police.

What you can do about it

You can contact the Obama White House online to comment on strong encryption.

You can contact your state Senators and Representatives via the contact information supplied by ContactingTheCongress.org.

You can specifically contact Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) to express concerns about their bill intended to force companies to weaken or work around encryption under court orders.

Express yourself with the honesty and clarity that the government's charm offensive is lacking.



118 Comments

hmlongco 9 Years · 586 comments

Okay Daniel, I was going to write about this but you have the bigger audience, so here goes.

Apple wanted to allow users to block ads, but they didn't want to bake that capability into the OS itself. So what did they do? They opened up the system and allowed anyone and their kid brother to write ad blockers that users could download from the app store, if they choose to do so.

And many, many people did. Users got the blockers they wanted, and Apple could take a step back and say, "Hey. Wasn't us."

So, let's do it again. Apple should take a page from the "ad blocking" playbook and open the system to third-party encryption engines. Allow app developers to write encryption engines that the system installs and then uses to encrypt the disk. Allow users to install them. And in particular, allow developers outside of the US to create security plugins for the iPhone.

Apple will need to do a thorough job of vetting the code submitted to the store, but they already do that anyway for ad blocker plugins, and they sandbox those plugins to prevent them from transmitting user data and performing other nefarious acts.

Apple can bake in services to help them (Secure Enclave), but, by and large, the security code isn't theirs to break, they don't have access to the encryption keys to give away, and, in the case of developers located outside of the US, they're beyond the reach of the US government.

dysamoria 12 Years · 3430 comments

Ok, comment sent. No confirmation of the submission was given... because my input as an American isn't really wanted(??) so why let me know if it was successfully received...

mikegalloway 10 Years · 3 comments

There is a possible solution, maybe difficult, but if Apple could create a unique hardware based encryption key for every individual device, this could then be split in two,  Apple could hold one half of the key and the other half could be held by FBI/Government/other agency. The two halves of the key could only bought together with a court order and the physical presence of the device.  Even if both halves of the keys were stolen it would be useless with out the actual physical device.

rbonner 17 Years · 635 comments

dysamoria said:
Ok, comment sent. No confirmation of the submission was given... because my input as an American isn't really wanted(??) so why let me know if it was successfully received...

I just did also, whitehouse, at the top of the page there was a nice "Thank You", and a page with tons of other info. Was actually impressed by the page.

cali 10 Years · 3494 comments

hmlongco said:
Okay Daniel, I was going to write about this but you have the bigger audience, so here goes.

Apple wanted to allow users to block ads, but they didn't want to bake that capability into the OS itself. So what did they do? They opened up the system and allowed anyone and their kid brother to write ad blockers that users could download from the app store, if they choose to do so.

And many, many people did. Users got the blockers they wanted, and Apple could take a step back and say, "Hey. Wasn't us."

So, let's do it again. Apple should take a page from the "ad blocking" playbook and open the system to third-party encryption engines. Allow app developers to write encryption engines that the system installs and then uses to encrypt the disk. Allow users to install them. And in particular, allow developers outside of the US to create security plugins for the iPhone.

Apple will need to do a thorough job of vetting the code submitted to the store, but they already do that anyway for ad blocker plugins, and they sandbox those plugins to prevent them from transmitting user data and performing other nefarious acts.

Apple can bake in services to help them (Secure Enclave), but, by and large, the security code isn't theirs to break, they don't have access to the encryption keys to give away, and, in the case of developers located outside of the US, they're beyond the reach of the US government.

Or they could not bend over to government demands and NOT compromise the most secure OS in the world.

In reply to post 3(won't let me quote the post)

What for? Should Apple work for the government for free? The FBI doesn't own iOS nor have they ever subsidized it or anything. Why should Apple go through all the trouble only to later respond to thousands maybe millions of requests a year to open iPhones. F*** THAT! Should Tim Cook spend time managing Apple or half his day opening iPhones for the government to snoop through? What would your respect level be if you knew Apple was opening their customers iPhones all day?