The US Department of Justice (DOJ) recently called Apple’s refusal to comply with it’s order to make a version of iOS that it could easily hack a “marketing strategy.” link It turns out that this is exactly why Apple doesn’t want to comply, and is also why the DOJ should accept it.
Marketing is defined as “the process by which companies create value for customers and build strong relationships in order to capture value from customers in return.” source What does that mean? That means that a good marketing plan needs to create value for customers, or else it simply wouldn’t work.
In this case, it means that Apple’s customers value Apple making a secure cellphone.
And why does this matter for the DOJ? Because in July 2015 Apple had a 44.2% source market share in the US, meaning that Apple’s customers (representing almost half of smartphone users – 77.1% of the US population) don’t want their cellphones to have weak security. While Apple customers aren’t a majority of the population, they alone represent a sizeable portion. Now consider that almost every smartphone on the market right now supports the kind of secure, full-phone encryption that the DOJ doesn’t like, and you realize that companies are sending a strong message to the government: our users don’t want their data to be free for access.
And by the way, these users make up a sizeable portion, perhaps even a majority, of the US population. Keeping in mind that the US is a democratic country this strongly suggests that public approval for the governments’ crusade against encryption is particularly low – something the government should be paying attention to.
So why shouldn’t Apple go along with making this backdoor for the government? Simple: its mere existence would completely compromise the security of the iPhone. Would you want the company that made the deadbolt on your home door to have a master key that can open any lock they have ever sold? Probably not. Surely they would try and keep it safe, but their best efforts can’t guarantee that a copy of the key would never end up in malicious hands – for which the only solution would be to re-key every lock they had ever made and hope they don’t lose the next master key.
Can you imagine if that same lock company gave the master key to the government under subpeona? Sure they say they would only use it legitimately, but can we trust them? Well if their past behaviour is anything to go by, no. Why do I say that? Because this is the same government that did the equivalent of tapping everybody’s phone line and recording every conversation (which is illegal). How did they do that? The NSA’s PRISM program, which records almost all internet traffic in the country, and was kept secret for years. And is still in operation.
Additionally, if the courts were successful in ordering Apple to create this backdoor it would create a terrifying legal precedent for the government to override the security of all citizens in order to access only a single piece of information.
For Apple, Tim Cook agrees that the government should not be given keys to everyones data. In his recent letter to customers he says “while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
To be clear, the government hasn’t yet asked Apple for a master key to all iPhones. The backdoor they are asking for would allow access to only that one. The problem is that no such back door exists today, and Apple’s concern is that by creating this for the FBI they would inadvertently create a backdoor that could be utilized by others, including the government, other countries, and hackers. In Tim Cook’s own words: “Building a version of iOS that bypasses security in this way would undeniably create a backdoor.”
But Wouldn’t that Fix the Issue?
Wouldn’t Apple complying with the FBIs order fix the issue? Technically, yes in this case (if it could be done). Let’s assume for a moment that Apple created this backdoor and furthermore that both they and the government were to keep it perfectly secure, and that the government only used it when a court had approved its use on a case-by-case basis. Even in this case the only result is that security would be weakened for law-abiding citizens, but criminals would be unhindered – they would simply stop using iPhones and switch to a still-secure medium. So can the government just ban encryption? No.
No. No. No. No.
All that would do is stop law-abiding citizens from using the methods that the tech community have devised for protecting their personal information (such as banking information) that could be easily stolen otherwise. Criminals would just keep using encryption – it’s not like a terrorist, child pornographer, or other scum of the earth type* cares particularly about breaking the laws of the United States of America.
* I mean that. The FBI is truly up against the vilest of people. The San Bernardino shooter deserves the worst that can be done to him. The problem here is that through the FBI’s good intentions they risk severely hurting the citizens of their country, and even of other countries, without stopping the crimes they are trying to stop.
So what do we do?
What can we do in face of the fact that, if the rights of law-abiding citizens are to be protected, we also make it hard for law enforcement to catch the bad guys? Unfortunately, I don’t have a good answer for that. I do know (as a fact) that waging a war against strong encryption is not the answer here. Encryption is math, and it works. There’s no way to weaken it for the government and have it be secure for everyone else. Literally. Not. Possible. This isn’t my opinion, or how the tech industry feels about encryption – this is a cold, hard, mathematical fact that cannot be changed no matter how much congress wants it to. And by banning it in the states the US government is powerless to stop it from being developed internationally – which will certainly happen, as much of what already exists was created by mathematicians outside of the US.
Apple has the right idea here. They understand what the people want, and are lobbying the government for it because their users may not understand the implications of what is being done, and because citizens in general don’t tend to retaliate against their government until things have gone way too far.
Going back to the quote that started this rant, the DOJ is completely correct in saying this is a Marketing Strategy – because people value their security. The DOJ needs to consider the far-reaching effects of what they do here, and the long term (not just short term) effects on the citizens of their country, and other countries around the world. This isn’t just about cellphones. This is another straw on the camels back for the issue of encryption – and Apple, and the tech industry in general, are the right people to be starting this fight.
The US government (or any government) can’t stop encryption, but by not trying to ban it they can preserve the security of their citizens – and isn’t that what they’re supposed to be doing?
It turns out that Trump called for a boycott of Apple because of this. link One more reason (of many) to shut down his presidential campaign. Hard.