Get the Lowest Prices anywhere on Macs, iPads and Apple Watches: Apple Price Guides updated October 18th
 

 

Apple, other tech companies continue to resist encryption backdoor proposals by FBI, U.S. DOJ

A group made up of Apple and other major technology companies is increasing its efforts to fight attempts by government agencies to force the addition of encryption backdoors, following reports US law enforcement bodies are forming new proposals to gain access to protected data.

J. Edgar Hoover FBI Building

J. Edgar Hoover FBI Building


The privacy-focused coalition, Reform Government Surveillance (RGS), issued a statement following reports the FBI and the U.S. Department of Justice are preparing another push to get tech companies to add backdoors to their products, to defeat end-to-end and device-based encryption measures.

"Recent reports have described new proposals to engineer vulnerabilities into devices and services - but they appear to suffer from the same technical and design concerns that security researchers have identified for years," the statement first spotted by ZDNet reads. "Weakening the security and privacy that encryption helps provide is not the answer."

RGS refers to a report from March 26, claiming the FBI and Justice Department members had met with security researchers on ways to enable "extraordinary access" to encrypted devices, and are apparently convinced it is possible to enable a backdoor without weakening security completely.

The technique suggested apparently involved using a special access key that would be generated whenever a device encrypts itself, which would be used to detour around passcodes. Such a key would be stored locally in a separately encrypted space, similar to the Secure Enclave on iOS devices.

Such a system could require a number of people at Apple and other firms to have access to the key, but the large numbers of people involved would raise the risk of leaks that would undermine the security.

RGS recently agreed to add a sixth core principle to its list, to guide its future advocacy efforts. The principle, titled "Ensuring Security and Privacy through Strong Encryption," calls for governments to stop attempting to force companies to add backdoors to their devices, apps, and services.

"Strong encryption of devices and services protects the sensitive data of our users," the principle reads, noting encryption protects governments as well as individuals and businesses. "Strong encryption also promotes free expression and the free flow of information around the world."

Forcing technology companies to create vulnerabilities that work against encryption would "undermine the security and privacy of our users, as well as the world's information technology infrastructure."

While RGS acknowledges that governments are "responsible for protecting the safety and security of their citizens," and are increasing their demands for law enforcement officials to gain access to user data as part of an investigation, the group "respectfully disagrees" with calls for legislation that would require the creation of purpose-built vulnerabilities.

Rather than adding a backdoor, RGS advises the companies that make up the coalition would continue to collaborate with policymakers to "seek out common sense solutions that are consistent with established norms of privacy, free expression, and the rule of law."

The normal argument against law enforcement backdoors is that they are inherently unsafe, due to the possibility of being misused by hackers or foreign governments with malicious intents.

Apple senior vice president of software engineering Craig Federighi advised last month "Proposals that involve giving the keys to customers' device data to anyone but the customer inject new and dangerous weakness into product security. Weakening security makes no sense when you consider that customers rely on our products to keep their personal information safe, run their businesses, or even manage vital infrastructure like power grids and transportation systems."

RGS counts Apple as one its members, along with other well-known firms, including Google, Facebook, Microsoft, Oath, LinkedIn, Dropbox, Evernote, Snap, and Twitter. A previous effort by RGS involved writing an open letter to members of the US government and law enforcement, urging for a drastic change in surveillance laws, following the bulk-collection of data revealed by former NSA contractor Edward Snowden, with the revelations prompting the creation of the group.