Apple's Federighi: Encryption Reversal Would Put US At Risk

With the Feds pressing Apple to return to "turn back the clock" to iOS 7-style security, Apple's head of software engineering used an op-ed piece in The Washington Post to explain the need to always race forward.
 Siri, Cortana Are Listening: How 5 Digital Assistants Use Your Data
Siri, Cortana Are Listening: How 5 Digital Assistants Use Your Data
(Click image for larger view and slideshow.)

Craig Federighi, Apple senior vice president of software engineering, added his voice to the growing national conversation over encryption in a March 6 opinion piece in the Washington Post.

"Our nation's vital infrastructure -- such as power grids and transportation hubs -- becomes more vulnerable when individual devices get hacked. Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks through access to just one person's smartphone," Federighi wrote.

The encryption "conversation" was instigated by a Feb. 16 court order insisting Apple unlock the iPhone of one of the San Bernardino terrorists and create new software that will enable law enforcement to unlock iPhones on an as-needed basis. On March 1, the discussion continued in a House Judiciary Committee hearing.

[What does the battle between Apple and the Feds mean for your business? Read Apple, FBI, Congress: 5 Burning Questions.]

Federighi primarily focused his statements on the desire of the FBI and National District Attorney's Association (NDAA) for Apple to return to its iOS 7 security policy.

With iOS 8, a user's personal data, such as photos, messages, and call history were, by default, put under the protection of the user's password, making the data inaccessible to Apple -- and suddenly also law enforcement.

Apple stated on its website at the time, "For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user's passcode, which Apple does not possess."

In an amazing leap of logic, the NDAA, in its written testimony, quoted Apple's original assertions that iO7 "provides solid protection against viruses, malware and other exploits that compromise the security of other platforms."


Apple's Craig Federighi

Federighi explained that the security of iOS 7, "while cutting-edge at the time, has since been breached by hackers." He also described requests to "turn back the clock" as "disappointing."

"Security is an endless race -- one that you can lead but never decisively win. Yesterday's best defenses cannot fend off the attacks of today or tomorrow," he concluded. "To slow our pace, or reverse our progress, puts everyone at risk."

But getting Apple to turn back the clock may be exactly the FBI's motive with the court order, some argue.

The horrendousness of the San Bernardino attack, coupled with the scale of the news media's response, lends an emotional bias to the argument, making it a perfect case on which to press Apple over a matter that has been frustrating all levels of law enforcement since the debut of iOS 8 in September 2014.

In its testimony, the NDAA quoted a victim's assistance organization as saying "we owe no less" to victims than making all relevant evidence available.

Selina Wang reported in Bloomberg Business March 4 that security experts believe "there are many ways" the FBI could have hacked the iPhone in question by now.

"Experts interviewed for this story have concluded the Feds aren't even trying," wrote Wang, "because they'd rather win a legal precedent that gives agents the power to access phone data with a warrant."