Government interference in encryption and technology matters again at the forefront
The recent revelation that NSA hacking tools and exploits were stolen by allegedly Russian backed hackers shows that Apple was right in refusing to create a backdoor for the FBI during the dubbed FBIOS case. Several advocates are seeing the case in point as a clear vindication of Apple’s decision in the case it had against the FBI earlier this year.
Nate Cardozo, a senior staff attorney with the Electronic Frontier Foundation told reporters that one of the government’s entities which is supposed to be good at keeping secret’s had failed miserably. They had failed to keep this secret effectively, which was telling.
Apple and the FBI were involved in a court case earlier this year after a judge had ordered Apple to unlock a terrorist’s phone. The iPhone in point was used by Syed Rizwan Farook who killed 14 people with his partner back in December 2015 in San Bernardino, California. The case brought up a wider debate between law enforcement agencies together with the government and the technology companies and enthusiasts. The two groups were divided over the issue of broader implications on the privacy of individuals after the involvement of the government and its agencies.
Apple did its best in fighting the FBI, and the CEO of Apple, Tim Cook published a letter that highlighted the importance of not putting all other Apple iPhone users at risk just so as to be able to unlock one phone. Most technology people at the time rallied around Apple at the time noting that a weakened encryption was not the best thing for technology at the moment. They also argued that weakened encryption would not only help the government but if in the wrong hands would be used for the wrong purposes.
Now the NSA has been hacked which just goes to show how right Apple and other tech companies were. Cardozo said that the NSA has been trying to bring out a message which says that secrets can never go out, that the same bug can’t be used over and over again. That there will never be a leak, but with what has just happened it shows that there is no truth to such claims.
Back in March, the government backed down from their fight against Apple because they had managed to find a third party who was willing to help unlock the phone for the FBI without Apple’s assistance. The FBI never revealed who the third party was as Apple insisted on getting the details.
Cardozo believes that there are some cases in point which bring out an issue with the hacking activities of the government and its legality. He said there were two things for the government to do if they found a vulnerability or a bug: they can either use it or disclose it to the affected party, and that is where the grey area is. The rules around that part are completely broken.
In the Vulnerabilities Equities Process, there are some guidelines on how the government is supposed to act. This is a frame work through which the government OS supposed to act upon and decide when they should use or disclose a bug. It can decide to disclose the bug if there is a greater risk compared to the yield it would get from the bug. However, the VEP is a non-binding agreement that was put in place by the Obama government, and it is not an executive order nor a legal law.
Cardozo says that anything other than a law will be futile. As of now there are no rules that can work he says.