After Apple v. FBI, Will Government-Proof Encryption Be the Norm?
The legal showdown between Apple and U.S. law enforcement over encryption, no matter the outcome, will likely accelerate tech company efforts to engineer safeguards against government intrusion, tech industry executives say.
Already, an emerging industry is marketing super-secure phones and mobile applications.
An Apple (AAPL) executive said the company will strengthen its encryption if it wins its court battle with the federal government, which last week secured a court order requiring Apple engineers to help extract data from a phone associated with the mass shootings in San Bernardino.
The executive spoke on condition of anonymity. An Apple spokesperson declined to comment publicly.
If Apple loses the court case, the legal precedent could give the U.S. government broad authority to order companies to assist in breaking into encrypted products.
But even a government victory could have unintended consequences for law enforcement, potentially prompting a wave of investment by U.S. tech companies in security systems that even their own engineers can’t access, said Jonathan Zittrain, co-founder of Harvard University’s Berkman Center for Internet & Society.
“A success for the government in this case may further spur Apple and others to develop devices that the makers aren’t privileged to crack,” he said.
The fast-growing online storage provider Box has already made it a priority to give customers sole custody of data, said Joel De la Garza, chief information security officer at the company. The intent is to make it impossible for the company to access its customers’ data – even under a government order, he said.
“Our goal is to achieve a `zero-knowledge’ state” for the company, he said, “where our customers have total control over their data.”
It’s unclear whether Apple can—or would even want to—make smartphones the company can’t access. Two Apple employees familiar with the company’s security strategy said the company had no such plans.
Smartphone Black Out
One immediate beneficiary of the government’s case against Apple is the niche industry, based mostly overseas, that has sprung up to design apps and phones to thwart snooping by governments, business rivals and criminals.
In the more than two years since former U.S. intelligence contractor Edward Snowden revealed widespread spying via U.S. companies, a handful of companies have released secure phones with names such as BlackPhone, RedPhone or Priv that trumpet security as a prime selling point.
Phones such as Boeing Co’s Black target government customers. Blackberry markets the Priv, an Android device, to corporate clients seeking more security.
Others include Silent Circle, with launched its Blackphone 2 late last year, and Turing Robotic Industries, whose Turing Phone is due in April. Many more apps, such as Signal and Wickr, encrypt calls or texts messages.
Those businesses could surge if the Apple fight drags on.
“That’s going to happen,” said Chris Wysopal, cofounder and chief technology officer of software security company Veracode. “People will go out of the country, and there will be a market.”
The Snowden Effect
U.S. law enforcement officials have long fought for new laws to maintain access to private information that is harder to capture as people move to digital devices from traditional phone lines—which by law must be tappable.
Most recently, the tech industry has fought off numerous efforts to get encryption legislation through Congress, including an attempt last year that died after President Obama declined to support it.
FBI Director James Comey has been particularly outspoken in arguing that law enforcement efforts are hobbled by encryption, which he calls a safe haven for terrorists.
The FBI did not respond to a request for comment on this story. Other law enforcement officials have said the tech industry fears are exaggerated, or in Apple’s case, even a marketing ploy.
Apple, Google (GOOGL), Facebook (FB) and other companies also have accelerated efforts to implement encryption in the wake of Snowden’s disclosures about U.S. spying—including a program called Prism that culled private data from some of the largest U.S. tech companies.
The revelations prompted companies to fight the perception that they were arms of the government and dented the overseas sales of companies including Cisco and IBM, as countries such as China shunned U.S. products.
Apple’s iPhones now have longer passcodes tied to underlying encryption, making them far harder to hack. Facebook’s WhatsApp and others have adopted protocols under which they don’t have the means to unlock user communications.
The fight between Apple and the government could give such security efforts a new urgency. It could also undermine trust in automated software updates, which have until now been viewed as one of the best ways to fix security flaws.
Because U.S. prosecutors asked Apple to employ a software update as a means to break into the phone tied to the San Bernardino shootings, users now worry that updates could compromise the security of their devices, said Orion Hindawi, chief executive of security firm Tanium.
“You are going to see a lot of people who thought auto-update was attractive backing away from that,” he said.