The end to the months-long, closely watched Apple v FBI standoff over a locked iPhone came with a whimper rather than a bang.
The now infamous phone belonged to Syed Farook, the gunman shot dead by authorities in San Bernardino, California last December during an attack in which Farook and his wife killed 14 people.
The FBI had wanted Apple to create a weakened version of its iPhone software to aid its attempts to unlock the phone. Apple, backed by both industry friends and rivals, had refused, stating that to weaken the software for one case would cripple the software’s inbuilt encryption and privacy protection for all users.
On Monday, the US government officially stood down the court case. Rumours had been floating about that some entity – believed to be a non-US company – had come forward with a method that would help the FBI crack the phone.
That seems to have been the case. The FBI said this week that it had accessed the data on the phone. And it withdrew from the case. The end.
Well, no. This case only ever represented an initial skirmish in a new, global battle over encryption. That is why this case was so important for Apple to defend.
That is also why the US justice department tried to represent it as less important than it really was.
“The San Bernardino case was not about trying to send a message or set a precedent; it was and is about fully investigating a terrorist attack,” FBI director James Comey wrote last week.
The FBI chose to investigate that attack with demands on a company that would have set an alarming precedent and sent a firm message to businesses and citizens that no communication was guaranteed to be private and that businesses and citizens had no fundamental entitlement to privacy.
Why? Because – as the FBI knows full well – you just cannot have secret, limited-access backdoors by which some parties can gain access to communications and others are locked out.
Security does not work that way. Backdoors create fatal weaknesses because they rely on two impossible suppositions: that everyone with a key to the door is trustworthy and that the bad guys cannot s get hold of those digital skeleton keys that would unlock a jackpot of data.
Apple was criticised by some for standing up to the FBI because this was “the wrong case”, one which had all the elements to make public opinion side with the FBI: terrorists, shootings, deaths, horror.
However, those critics are wrong. For all those reasons, this was exactly the case on which Apple had to take a strong stand. The core issues – the right to use encryption, the difficult balance between privacy and security, the very definition here of “security” and understanding of whose “security” is at stake – are bedrock tensions in a societal debate. We cannot talk about security as if it is a separate issue from privacy.
That is why Apple was broadly supported by civil society groups internationally as well as the businesses that understand security in a digital world relies on unbroken strong encryption.
That governments and national leaders – particularly the US and UK – miss this point is not frustrating. It is shocking.
Encryption, which underlies virtually every business-to-business, business-to- government and business -to-citizen transaction and much of what any individual does online, is just too big to fail. And therefore too big to weaken.
If governments force the companies that offer encrypted products and services – products and services on which civil society as well as whole economies run – to weaken encryption, we move into a potentially more dangerous and dystopian place.
Some wiser and better informed officials have tried to sound warnings about how much is at stake.
Two former US secretaries of Homeland Security (Michael Chertoff and William Lynn) and a former secretary of intelligence and navy admiral (Mike McConnell) wrote an opinion piece for the Washington Post arguing that strong encryption, without backdoors, was crucial to security, for society and for the economy.
Weakening publicly available encryption would encourage black market, dark web products for criminals and terrorists and “could lead to a perverse outcome in which law-abiding organisations and individuals lack protected communications but malicious actors have them”, they wrote.
But I think it’s worse. Corporates may be pushed to operate more and more like nomadic nation states, moving to where they can offer the encrypted products and services businesses, other governments and individuals want.
Corporates themselves will move further beyond needed scrutiny in a world where some argue that they control so much of our data that they are already a form of virtual nation state.
A concerted battle over encryption – a resource needed by the many – will only strengthen their position.
Governments play a critical role in maintaining checks and balances on the power of corporates – and vice-versa – in an open, regulated and more dually scrutinised landscape. This should not be sacrificed in a misguided battle over encryption.