Apple VP Craig Federighi Says FBI Demands Overlook Criminal Innovation

Illustration for article titled Apple VP Craig Federighi Says FBI Demands Overlook Criminal Innovation

The fight between Apple and the FBI over unlocking an iPhone continues. Now, Apple’s VP for software engineering, Craig Federighi, has spoken out, warning that legal arguments overlook the fact that criminals—as well as tech companies—continue to innovate.

Advertisement

In an opinion piece for the Washington Post, he writes that his “team must work tirelessly to stay one step ahead of criminal attackers who seek to pry into personal information and even co-opt devices to commit broader assaults that endanger us all.” That’s why, he explains:

[I]t’s so disappointing that the FBI, Justice Department and others in law enforcement are pressing us to turn back the clock to a less-secure time and less-secure technologies. They have suggested that the safeguards of iOS 7 were good enough and that we should simply go back to the security standards of 2013. But the security of iOS 7, while cutting-edge at the time, has since been breached by hackers. What’s worse, some of their methods have been productized and are now available for sale to attackers who are less skilled but often more malicious.

Advertisement

He admits that even Apple engineers make mistakes in their code, creating points of weakness that can be exploited. But adds that “identifying and fixing those problems are critical parts of our mission to keep customers safe. Doing anything to hamper that mission would be a serious mistake.”

[Washington Post]

Share This Story

Get our newsletter

DISCUSSION

So, quick metaphor for everyone about security. I have an enclosed trailer that I attach to my truck every so often, I keep a lock on the trailer so it doesn’t get stolen from my yard. Last night, I had to hook up the trailer, but in my vast intelligence, I lost the damn key to the lock.

After an hour of searching, I decided that the lock is only $10 to replace, I grabbed my disc grinder and in 15 seconds, the lock was off. It really makes you think about personal security when you have to break into your own stuff and it only takes you a matter of seconds or even minutes to do so. No matter how thick of a lock or chain or shackle I were to put on that trailer, it would only be a minute away from a dedicated person to cut and grab. Pad locks aren’t shit. But neither are door locks, or window locks, or car alarms, or safes. Locks are deterrents. It’s not worth making the noise or being seen, caught, shot by someone while you’re attempting to break in.

Cops don’t necessarily have this problem. With a warrant, they have all the permission, time, and resources to break any lock they need to in order to collect evidence and solve a crime.

Encryption is not a lock, encryption is a super power. It goes beyond what police and thieves are able to overcome, given any resource available. You don’t simply break encryption without a password or backdoor, there is no one able to get in, not a thief, not the police, not even the owner who’s lost the keys.

Now, for argument’s sake, does this mean that encryption should come with back-doors or a second set of keys? Well, to put it another way, I don’t necessarily have a problem of people regularly going into my yard and trying to steal or break into things. Deterrents (multiple) are usually enough to keep my things safe and keep almost anyone out. The problem is, internet crime doesn’t work that way. Deterrents don’t work when your average internet criminal is 2500mi away, committing a crime from the convenience of his own home, sipping on a beer, in his boxers.

Your average government or financial institution’s servers are getting hit up by hundreds of attacks at any given moment. Encryption HAS to be strong, nearly infallible, to hold up against being data-mined for a criminal’s financial gain. Back-doors are a weakness, and a pretty big one.

On a personal level, do you..or your friends, family, coworkers, etc. need the same kind of hardcore encryption that the government/banks use? Well, not necessarily, but *1) never under-estimate the value of a security vulnerability that affects millions of people. *2) Pandora’s box of encryption methods can never be closed. Want the same level of security the gov/banks use? Here’s a link, free, open source, decentralized; it can never go away. That means that I have a choice: I can go with the crap, back-doored, hokey-pokey junk that (potentially) Microsoft, Apple, Google, Et al. might be forced to put out, or I can go with (free) proven methods that are so secure, no mortal being could ever break. Criminals also have that same choice.

Forcing tech companies to bow at the FBI’s every whim is not going to get the FBI any closer to solving the encryption problem. It’s simply going to go back to my *1st bullet point by opening up a big juicy rabbit hole that puts millions of people in danger of data mining.