Roger Fingas
Apple's senior VP of software engineering maintained the company's hard line on encryption in response to a story saying the FBI and U.S. Department of Justice are renewing their pursuit of backdoors for searches by law enforcement.
"Proposals that involve giving the keys to customers' device data to anyone but the customer inject new and dangerous weaknesses into product security," Craig Federighi told the New York Times via a statement. "Weakening security makes no sense when you consider that customers rely on our products to keep their personal information safe, run their businesses or even manage vital infrastructure like power grids and transportation systems."
As part of the backdoor push, the FBI and Justice Department have been meeting with security researchers on ways of enabling "extraordinary access" to encrypted devices, Times sources said. As a result, Justice Department officials are claimed to be convinced it's possible to enable a backdoor without fatally weakening device security — the worry of companies like Apple.
The focus of at least some of the meetings has allegedly been on unlocking data on hardware, rather than intercepting encrypted cloud traffic. Specifically, one proposed concept is a special access key that would be generated whenever a device encrypts itself. This key would detour around passcodes, but only be stored locally in a separately encrypted space, much like the Secure Enclave on iPhones and iPads.
The demands of such a system could require a number of people at companies like Apple to have key access, however, which might pose the risk of leaks.
Law enforcement officials have reportedly revived talks in the U.S. executive branch about asking Congress to pass backdoor legislation. In February, the Trump administration is said to have circulated a memo among economic and security agencies, suggesting ways to think about solving the issue.
While Apple regularly provides access to iCloud data when served with legal orders, it has resisted efforts within the U.S. government to gain a backdoor into on-device encryption — most famously battling the FBI and Justice Department over the iPhone of San Bernardino shooter Syed Rizwan Farook. The government relented, but only when it paid for a third-party workaround.
Apple CEO Tim Cook was recently spotted with Democrat Senator Mark Warner, the vice chairman of the Senate Intelligence Committee. He may have been discussing the possibility of a bipartisan commission that would address digital privacy.
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
Malcolm Owen
42 Comments
It’s clear Apple must drastically increase its financial influence (aka: lobbying) of the Congresscritters. Both parties are influenced with money. That’s the game and Apple has to pay to play.
however, which might pose the risk of leaks.however, which WILL leak.
That's more like it IMHO. Once one government gets access then the rest of the world will be demanding the same. If it isn't provided then Apple can say goodbye to selling any kit or services in that country from then on.
I think these idiot officials need to go back to school to actually understand what encryption means as well as understanding how easy a backdoor becomes a front door for all systems, including government ones. It’s all or nothing, there’s no middle ground on the implementation of encryption.
This isn't a political party decision, it’s the protection of people against a tyrannical government no matter which party is in control. As soon as we the people lose this fight, we no longer have a democracy, we have a dictatorship.
Perhaps that's the best solution to a bad situation. No backdoors per-se but a dedicated part of the secure enclave that can still be used to access a customer's device in the event of a security emergency or otherwise lawful order.
It's becoming pretty darn clear that denying access to those tasked with protecting the citizens of a country isn't going to last. China already demands the encryption keys as does Russia. Apple still finds a way to do business in both despite having to "share". I believe there are calls in the EU too besides in the US which is the topic here. Somehow and fairly soon there's going to be a mandated solution that not everyone will be happy with. The consumer-facing companies using encryption can either partner with lawmakers to arrive at the least damaging solution or risk having one chosen for them. IMO it's going to happen anyway.
Does his statement apply to China too?