|
|
|
|
|
|
by djillionsmix
3752 days ago
|
|
|
Is there some reason why the government wouldn't be able to license the use of unadulterated crypto for purposes it doesn't give a shit about, like you transmitting your credit card number to online retailers, while mandating some form of government access in situations where it does give a shit, such as being able to access the data stored on disk-encrypted cell phones? I'm sincerely asking here, I don't know. |
|
|
Encryption is software-based and is as available to people connected to the internet as checking out a book from the library. Using encryption is free, and writing software that makes use of encryption is something anyone could teach themselves.
I think what you're getting at is, why can't we have some forms of encryption that have back doors for government, and other forms that have no back doors.
Think about computer viruses. They are designed to infiltrate your system, and any system that is like yours. If a virus targets Windows 7 and infects your computer, then it would be able to infect any Windows 7 machine. The same is true for bugs or vulnerabilities within legitimate software.
Say I run a WordPress site. The computer that serves my website runs WordPress 3.4, for example. Let's say a weakness is found in WordPress 3.4 that allows anyone using the username "jabberwocky" to log into my site and gain administrator privileges. This enables them to edit text and photos on my site. WordPress discovers this weakness and releases an upgrade to 3.5 which fixes the bug and no longer allows users to gain administrator status when logged in as "jabberwocky".
If I don't upgrade my site to 3.5, my system is still vulnerable. Further, everyone knows about the weakness in WordPress 3.4 because the 3.5 release notes explain the reason for the upgrade. My site becomes an instant target for any hackers. If my business were based on this website it could really hurt my reputation, profits etc. if someone were to gain control of my site.
What the government is asking Apple to do is allow them to login as "jabberwocky" whenever they have a warrant. By doing this, Apple enables anyone to login as "jabberwocky" so long as they have the special software which Apple is being asked to write. And, since the government is asking for this access permanently, Apple will never be allowed to modify this security weakness sufficiently so that it does not exist, because by court order it must exist.
The final point I would make is that since encryption is so readily available, any user can download software that makes use of encrypted communications in less than a minute with an internet connection. Compelling Apple to weaken their encryption system does nothing to provide the DOJ with access to data within these other communication programs. Some examples are Signal, wickr and Telegram. Senator Lindsey Graham makes this point at the end of his questioning of Attorney General Loretta Lynch [1]. I hope you'll give it a listen.
[1] https://youtu.be/uk4hYAwCdhU?t=1m44s