The FBI hasn’t made any headway in its standoff with Apple Inc., and the bitter feud isn’t changing minds at competitors either.
Several tech executives have voiced their support for Apple and are forging ahead with their plans for greater privacy, arguing that what consumers want is more control over their devices and no backdoors for governments.
That’s bad news for the FBI, and signals that even as it battles Apple, pushback will persist from other tech companies, including social media giants, hardware makers and online storage providers.
The government has shown no signs of backing down, though. During the last week, FBI Director James Comey, Sen. Dianne Feinstein, D-Calif., former Los Angeles Police Chief Bill Bratton and victims’ families have issued emotional pleas for Apple’s cooperation, arguing that investigators need access to an iPhone belonging to one of the San Bernardino terrorists to aid in its investigation.
Sign Up and Save
Get six months of free digital access to the Tri-City Herald
They try to use the horrors of the world to erode civil liberties and privacy, but the greater good – having encryption, more privacy for more people — is always going to trump small isolated incidents.
John Adams, director of security at San Francisco payments processing start-up Bolt and a former head of security at Twitter Inc.
To some, the FBI has made a compelling case for government intrusion into personal devices in extreme cases.
But where the government wants reasonable paths into phones and databases for criminal investigations, it is instead being met with stiffer barriers.
“As much as they try to play up terrorism and child pornography and make an emotional play, we are going to see more encryption,” said John Adams, director of security at San Francisco payments processing start-up Bolt and a former head of security at Twitter Inc.
“They try to use the horrors of the world to erode civil liberties and privacy, but the greater good —having encryption, more privacy for more people — is always going to trump small isolated incidents.”
Protecting consumer data
In a post-Edward Snowden era, the nation’s tech businesses are sensitive to giving off the image that they are secretly funneling consumer data to authorities or that their products are susceptible to hacking. Companies have buttressed their security to mollify outraged and distrustful customers. Apple and Google made encryption a default on their devices, while app developers introduced two-factor authentication, so that users must enter a pair of codes to log in.
Customers won’t buy products if they don’t trust them or the manufacturers, so designing the strictest privacy settings possible is a way to protect revenue
Gaps still remain. More and more data are being put in the cloud, which means that companies still have access to it. But the end goal for many companies is to give users the only key, so that only they can decide who sees the trips they’ve taken on Uber, the videos they’ve shared on Snapchat and the documents they’ve stashed on Dropbox. The FBI’s appeal hasn’t deterred that mission.
Executives at Microsoft Corp., Facebook Inc. and Google have sided with Apple Chief Executive Tim Cook and said that government access to their consumers’ data needs to be closely vetted.
We will continue to fight aggressively against requirements for companies to weaken the security of their systems.
“We will continue to fight aggressively against requirements for companies to weaken the security of their systems,” a Facebook spokeswoman said Tuesday.
Despite Cook’s lofty rhetoric about consumers’ right to privacy, the heart of the issue for all tech companies is money: Customers won’t buy products if they don’t trust them or the manufacturers, so designing the strictest privacy settings possible is a way to protect revenue. So Silicon Valley and the industry at large are unlikely to budge until any change in consumer attitude is reflected in diminished sales and profits.
Debating both sides
The impasse has led to heated debate on both sides.
On Tuesday evening, Apple supporters organized by technology advocacy group Fight for the Future gathered at the company’s stores and other locations across the country.
At the Grove mall in Los Angeles, where about a dozen people gathered, Tiffiniy Cheng, 36, stood in front of the Apple store holding a sign that said: “Don’t break our phones.”
Allowing the government to hack into the iPhone once, Cheng said, would leave sensitive information vulnerable in other situations. “We’re talking about a skeleton key,” she said. “You wouldn’t let the government have a skeleton key to every home.”
Not every prominent technologist is staunchly on Apple’s side. Microsoft co-founder Bill Gates cited a need for more balance Tuesday during a Bloomberg interview.
“You don’t just want to take the minute after a terrorist event and swing that direction, nor do you, in general, want to completely swing away from government access when you get some abuse being revealed,” Gates said.
Providers don’t want the key
Experts recognize that creating impregnable systems is impossible. Hackers and authorities can usually find loopholes.
Technology providers just don’t want to be the ones handing data over, and they’re extricating themselves by essentially not having a key to unlock users’ data.
Google, Amazon.com Inc., Apple and other online services typically “have the ability, if compelled, to look at the data” they store, said Nick Doty, director of the University of California, Berkeley’s Center for Technology, Society and Policy. It allowed them to provide functionality like password resets and speedy customer service.
The only strategy that makes long-term sense for vendors is to make sure their products are as secure as possible so that no one — neither hackers, nor the government, nor themselves — can access encrypted data.
David Cowan, a partner at Bessemer Venture Partners who has invested in LinkedIn, Twitch and several cybersecurity companies
But in newer systems, the companies don’t have a master key. Some features are lost, but the downsides will be fewer over time, experts say.
“The only strategy that makes long-term sense for vendors is to make sure their products are as secure as possible so that no one — neither hackers, nor the government, nor themselves — can access encrypted data,” said David Cowan, a partner at Bessemer Venture Partners who has invested in LinkedIn, Twitch and several cybersecurity companies.
While Apple and larger companies are leading the way, start-ups are also looking for ways to improve security, investors and consultants said. Some are even partnering with the likes of Google.
Safeguarding life online
For instance, hundreds of thousands of people are spending $60 a year for a browser plug-in from Washington, D.C., start-up Virtru that encrypts Gmail messages so that neither Google nor Virtru can see their contents. It works with other email providers as well.
Virtru-like services will only become more commonplace as people realize that they should do more to safeguard their online lives, especially people abroad, Cowan said.
“There are many individuals and companies in Europe who will not trust their data to Amazon or Google or Apple,” Cowan said. “If those companies don’t find ways to satisfy them, then they won’t be successful selling outside the U.S.”
In addition, the companies want to be freed from legal debates. University of Maryland law professor James Grimmelmann said technology companies do not want to be constantly responding to subpoenas, including those issued in civil disputes.
New York University law professor Stephen Gillers, an expert in legal ethics, said Apple and its competitors have the right to “create a pick-proof lock” on electronic devices. Congress could act to change that, but for now they don’t have “an obligation to ensure that some future investigators will be able to unlock their phones,” he said.