Update: The Department of Justice on March 28 announced it was dropping its lawsuit against Apple because it had unlocked the iPhone of one of the San Bernardino shooters with the help of a third party.
Although the battle over whether the courts should compel Apple to help the FBI unlock the iPhone used by one of the San Bernardino shooters is on hold for now, the debate over the privacy issues involved isn't going away.
A March 22 hearing on the court order was delayed because the FBI says it might have found a way to unlock the phone without Apple's assistance (see Feds Obtain Delay in Apple Hearing). Yedioth Ahronoth, a newspaper in Israel, reports the Israeli mobile forensics software provider Cellebrite is furnishing the FBI with the know-how to unlock the phone.
It remains to be seen whether the courts will address, in the San Bernardino case or another one, the issue of whether law enforcement can require technology companies to assist in circumventing passwords, encryption and other safeguards built into their devices and systems. And just because the FBI might have the ability to break into devices doesn't mean it should, Greg Nojeim, director of the advocacy group Center for Democracy and Technology's Freedom, Security and Technology Project, says in an interview with Information Security Media Group (listen by clicking on player beneath photograph).
Nojeim says a public debate surrounding this matter should focus on whether the techniques law enforcement adopts to bypass safeguards, including exploiting vulnerabilities in encryption software, are legal and how those techniques would have an impact on the privacy and security of ordinary people. "That's the kind of conversation that we need to have, not this going in circles about whether we're going to have backdoors built into encrypted devices and services," he says.
In this interview, Nojeim:
- Explains why the FBI's concession that it might have found a way to unlock the iPhone without Apple's help could weaken other government cases to compel technology companies to help circumvent safeguards built into their products and services;
- Foresees the failure of congressional efforts to enact legislation to require technology companies to help law enforcement bypass encryption and safeguards; and
- Contends that other national governments - including Brazil, China, Russia and Turkey - also could require Apple and other American technology companies to provide assistance to circumvent encryption if the U.S. invokes such a requirement. "As a result, Apple's concern about information getting into the wild that would compromise the security of its products is quite real."
Nojeim, senior counsel at the Center for Democracy and Technology, directs the group's initiatives that respond to the 2013 disclosures about NSA surveillance and was engaged in the center's efforts to promote the USA Freedom Act, the 2015 law that ended bulk collection of telephone call records under the Patriot Act (see President Obama Signs USA Freedom Act). Before joining the advocacy group, Nojeim served as associate director and chief legislative counsel of the American Civil Liberties Union's Washington legislative office.