Should Apple Backdoor iPhones for the US Government?

Apple has claimed to make the most secure smartphones and tablets and for years, that has remained the case.  There have been very small malware outbreaks and a few, rare vulnerabilities discovered.  During the RSA Conference 2016 in San Francisco, CA, I will be showing some of the latest exploits against the Apple iPhone and iPad operating system, iOS.  There’s not much to show but it is very innovative because Apple has taken the time to lockdown the operating system as best as they are able to do, without taking away from the consumer experience.  Now, like the NSA, the FBI is asking for Apple to ‘break-into’ one of its devices.  If they can do so, it proves they have a secret, hidden backdoor, that no one else knows about.  Once that’s in the news, every top hacker, cyber criminal and cyber terrorist as well as nation state cyber actors are going to want access and will find a way to take advantage of this back door. 

 Let’s look back very recently to the elaborate installation of backdoors into Cisco equipment, allegedly by the NSA, as leaked by Edward Snowden.  Not only are these backdoors accessible by the NSA but also by hackers, such as the recent Juniper firewall attack, as they too had a new backdoor appear in their equipment, labeled an accidental ‘vulnerability’ that they took to fixing quickly.  Hackers immediately attempted to exploit any Juniper firewall they could find on the internet to attempt to gain access to remote networks by using the firewall itself as the backdoor into corporate networks.  What do these backdoors actually cost us, as a society?  Not just the PRIVACY costs but how about the financial losses on the Global Markets? These backdoors have cost US INFOSEC companies like Cisco, Juniper and others at least $10 Billion in revenues this past year, alone.  John Chambers, CEO of Cisco asked President Obama to make this problem go away and according to leaks by Edward Snowden, this problem has only grown worse.  In reaction, other nations don’t trust our telephone equipment, cellular equipment, network equipment, laptops, PCs, routers, switches, hubs, firewalls, wireless routers and so much more that it’s killing this industry.  The NSA will have to find alternative and legal means of collecting data without tarnishing the Made in America brand any longer or causing more GDP hemorrhage where other NON-USA INFOSEC companies like Huawai are going to take away lost revenues because of the backdoors and damaged/tarnished brand reputations.

 Finally, when it comes to ‘is Encryption’ a PRIVACY RIGHT?  The answer is yes.  Just as the right to bear arms, the Second Amendment, speaks to the sovereignty of all Americans, having their rights to defend themselves, the US Government needs to support their rights to privacy and internet safety and security by supporting their use of new and advanced encryption technologies.  Our civilian and military personnel need to agree on standardization across agencies of all-time-encryption technology, using a layered approach based upon the level of classification of the information being used or transmitted, which will defeat all enemy nation state eavesdropping.  As to terrorists with smartphones, planting a backdoor will become obvious to them and they will seek alternative channels, as they’ve done in the past, communicating over SKYPE, Online Chat rooms and even inside video game sessions, none of which has yet to be eavesdropped or tapped en masse.  Therefore, it’s best to put our energies into a stronger OPEN society where freedoms and privacy rights are not violated.  Finding a needle in a haystack and collecting this kind of information might seem more difficult with encrypted SMARTPHONES but it also is a double edged sword where it makes it harder for criminals, terrorists or enemy nation states to eavesdrop on America.

In summary, my answer is “NO” because:

• Encryption is a good thing, it powers the e-tail/retail economy and online banking
• Backdooring encryption is a bad thing, it empowers not just ‘trusted’ agencies like NSA and FBI but also any cybercriminal who can find the back door, and they look for them daily
• Once criminals know of back doors, they move on to other platforms like silent circle, or video game chat networks or tor – they will always find a way to have a covert conversation
• Root cause analysis says find the bad guys at the source, not when it’s too late, so finding them after the fact and hacking their phones is reactive not proactive

About the Author

Gary is the CEO of SnoopWall, Inc. and inventor of the company’s novel Counterveillance technology. He has been extremely active in the INFOSEC arena, most recently as the Editor of Cyber Defense Magazine and the cover story author and was a frequent contributor to Hakin9 Magazine. He also founded NetClarity, Inc., an internal intrusion defense company, based on a patented technology he invented. He is a member of ISC2.org, CISSP® and Advisory Board of the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. He also advised the National Infrastructure Advisory Council (NIAC) which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace. Miliefsky is a Founding Member of the US Department of Homeland Security (http://www.DHS.gov), served on the OVAL advisory board of MITRE and is a strong supporter of the CVE Program (http://CVE.mitre.org) and is a founding Board member of the National Information Security Group (http://www.NAISG.org). Email him at [email protected]