At Art & Logic, I wear many hats … a likely consequence of having numerous interests: I am passionate about software and the development process; I am passionate about IT operations; I am passionate about information security, cryptography, privacy, and how those topics intersect when our customers seek our services. It does not surprise many of my colleagues to learn I have been closely following the legal battle between the US Dept. of Justice and Apple over an encrypted iPhone 5c … but they are often surprised by why. This case has potentially far-reaching implications for those of us who write software for a living. Equally, so might it affect our customers; companies who seek to use custom software for their own business goals.
Make No Mistake, This Is Not Just about One iPhone
The outcome of the legal debate around the case will not merely affect just the San Bernardino suspect’s iPhone. It will serve to shape legal precedent, policy, and very likely the form of ‘secure’ technology in the future. We build technology – frequently with necessary security properties requested by our customers.
If you have not been following the case, there are a couple of key facts that have emerged. One is that the work phone of suspect Syed Farook is currently protected by Apple’s OS using encryption and a four-digit PIN. That last bit is important: Neither Apple nor the FBI has the ability to undo the encryption on the phone without the key (which is partly derived from the user’s four digit PIN). Unfortunately, it appears that the key was only known by the deceased suspect. The case aside, it is a good thing that a person without the key cannot get into the phone. Encryption has so many subtle yet important uses in modern computing … if it were possible to trivially break it, our digital world could have a host of troubles. E-commerce and online banking, for example, are built on trust that our details for exchanging money are kept private between the parties involved in the transaction. Software updates for your phone, tablet, and computers rely on the ability to deliver them to the machine without tampering. Of course, there’s a desire to communicate privately between two people. All of these rely on encryption to accomplish their tasks… and require that we can trust that encryption in the first place. (more…)