What the Apple/FBI Encryption Debate is Really About

There’s been a lot in the news lately about Apple not being able to decrypt iPhones of terrorists, criminals, etc. Recently, Pres. Trump and AG Barr have stated that “Apple has to help [decrypt phones],” and last year Sen. Graham stated “[You tech companies are] gonna find a way to do [decrypt phones & messages] or we’re going to do it for you.

Photo by Paul Hanaoka on Unsplash

These public-policy debates are important, and need to happen, but they miss what this is really all about.

These public-policy debates are important, and need to happen, but they miss what this is really all about. The end-result is that we could end up with government policies/laws that lead to worse outcomes than the current situation.

In this simplified article, I talk about what this debate is all about. I’ll stay objective until the end, where I’ll share my personal opinion on where regulation should go. This article is organized as follows:

• How Encryption Works
• Consequences of Current State
• Consequences of Giving Law Enforcement a Backdoor
• Conclusion

Will Apple Be the New Netflix? | Data Driven Investor

How Encryption Works

First, we need to talk about encryption. Encryption is where you take readable text and make it unreadable. It’s accomplished like this:

Encryption & decryption process, where the “key” is your password. Image is from wikimedia.org and labeled for reuse

A great example of this is the Decoder Ring/Crummy Commercial scene from A Christmas Story:

Consequences of Current Situation

Currently, it’s difficult to get evidence off of phones in some situations, such as when:

• Terrorist activities
• Human trafficking, sex abuse and pedophilia
• etc.

On the plus side, a lot of crimes are being prevented, including:

• Financial theft
• Identity theft
• etc.

All of these crimes occur, yes, but because of encryption they aren’t happening as frequently as they would without encryption. Additionally, our current economy, culture and world have, at a foundational level, been built on being able to encrypt data.

Consequences of Forcing Apple/Big Tech to Make a Backdoor for Law Enforcement

Encryption is all about mathematics. Right now, there’s mathematically no way to create a backdoor for law enforcement without making it possible for others to find & use that backdoor. Encryption algorithms are one of (if not the) most-vetted security feature out there. There are so many eyes on encryption algorithms that a backdoor would quickly be found, especially if it’s public knowledge that it’s a requirement.

So, what if we decided to put a backdoor or “master” key in? Essentially, devices & online services would no longer be secure.

So, what if we decided to put a backdoor or “master” key in? We live in a world where all important aspects of our lives are digital (including those who aren’t connected to the grid — their info is still online), and our lives are now enabled b/c others can’t intercept our important internet traffic.

Essentially, devices & online services would no longer be secure. Reasonable examples include:

• If you lose your phone, a criminal would get access to all of the data on your phone (including photos, access to accounts, etc.)
• Your credit card would be stolen when shopping online (and in-person)
• Your bank’s username & password would be stolen

What Are the Choices

Ultimately, we have to ask ourselves which type of world we want to live in:

• A world where a lot of crimes are prevented but collecting evidence on some crimes is difficult
• A world where a lot of (serious) crimes happen but collecting evidence is easy

It’s possible there may be other solutions out there. For example:

1. Devices could remain encrypted, but backups could be left unencrypted(organizations have ways of protecting data without necessarily needing encryption). If orgs are required to implement appropriate security controls in place to protect unencrypted data, this could be a sensible option.
2. It’s understood that, due to how rapidly tech changes, law enforcement officials aren’t adequately trained on how to interact with technology. It could be that the evidence law enforcement needs is available but they don’t know how to access it. We could (i) provide additional training and/or (ii) increase funding & hire people with extensive backgrounds in tech.

Conclusion

Everyone on both “sides” of the debate doesn’t want crime. They don’t want pedophiles or terrorists to go unpunished. We are all on the same side here.

Ultimately, as a society we need to decide what type of world we need to live in: One where some serious crimes are harder to prosecute or one where a lot of also-serious crimes occur.