Customer smartphone control keeps growing
San Francisco – — Although it fiercely opposes the FBI’s demand for help unlocking a San Bernardino shooter’s encrypted iPhone, Apple has never argued that it simply can’t do what the government wants. That might not be true for long.
At the moment, the San Bernardino case is on hold while the FBI evaluates an alternative method of getting into that phone. But experts say it’s almost certain that Apple and other tech companies will keep increasing the security of their products, making it harder or perhaps even impossible for them to answer government demands for customer data.
“If I were them, I would use any means possible to avoid having to answer these information requests,” said Anna Lysyanskaya, a computer scientist and cryptography expert at Brown University. “It’s bad for their business, and not just in the United States but in other countries where law enforcement cannot be trusted to follow the law.”
Smartphones and Internet services increasingly store a vast trove of personal information. Apple won’t comment on specific future plans, although it says it’s constantly increasing security to protect that data from hackers and criminals. That’s why, for example, its latest mobile operating system won’t let anyone read files on an encrypted iPhone without knowing the user’s passcode.
Its intent, Apple says, isn’t to foil legitimate government investigations, but to protect its users against criminal hacking. In the San Bernardino case, the FBI wanted Apple to create a software tool that would override a “self-destruct” security feature that would activate after too many incorrect passcode attempts. Apple argued that creating such a tool would make all iPhones more vulnerable.
The magistrate judge in the San Bernardino case canceled a hearing on the dispute this week after the government said an unnamed “third party” had come forward with a possible alternative to Apple’s assistance. That method, which the government hasn’t described, is under testing.
Apple, however, could design future iPhone hardware and software security that would be much more difficult to circumvent. It could also lock up its iCloud backup service so that only its users would hold the keys necessary to unscramble data they store online.
Some commercial data-storage firms already promote services that let business customers hold the keys to their own encrypted data.
“It’s the new reality,” said Yorgen Edholm, CEO of Palo Alto-based file-sharing company Accellion. If a service doesn’t offer that feature, he said, “they are scrambling to add that in.”
And when the police come knocking, Edholm added, “we tell them, ‘We’d like to help,’ but because the customer controls the decryption key, they have to go to the customer directly.”
Such security comes with trade-offs, and they could be serious for consumers.
Copyright 2016 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.