| A specific claim of the AG, and one that I've seen relatively smart people assert before, is that software update systems could be adapted to insert these backdoors into individual phones, securely and reliably, upon receipt of a valid warrant. Software update systems have been successfully exploited to deliver malware: > On a normal day, these servers push out routine updates—bug fixes, security patches, new features—to a piece of accounting software called M.E.Doc, which is more or less Ukraine’s equivalent of TurboTax or Quicken. It’s used by nearly anyone who files taxes or does business in the country. But for a moment in 2017, those machines served as ground zero for the most devastating cyberattack since the invention of the internet—an attack that began, at least, as an assault on one nation by another. https://www.wired.com/story/notpetya-cyberattack-ukraine-rus... Presumably the software update systems for major operating systems, like for Android or iOS, are typically more heavily secured than M.E.Doc. But they are also targets of limited value. To insert malware into iOS, you would need not only access to their software update system, you would need access to (and understanding of) their source code and build system, and access to their code signing key. And even then, it's not clear that these software update systems are even capable of targeting patches down to the level of the phone of an individual person. There's no reason for it now. The central system really just needs to make the update available in its various OS flavors, and each client can request what it needs. If we force these OS companies to create a targeted backdoor system, all the hard work will be done for the bad guys. They need only achieve access to the special "law enforcement access" system, they will have everything they need all ready to go. Under these conditions, could Google or Apple keep out the bad guys with 100% success? I have great respect for these teams, but those are very long odds. It's far safer, for them and for us, to just not build that functionality. This was the point that Apple so forcefully made when Jim Comey came after them to decrypt the San Bernadino iPhone. EDIT to add: these companies operate in more than just the U.S. If they build a targeted backdoor system, you don't think other countries will demand access to that system as well? Look: Apple already compromised on iCloud hosting to maintain access to the Chinese market. |
There is reason against it now, because it makes it impossible to do things like reproducible builds or other security checks like comparing the software being offered to other devices to verify that none of them is being offered compromised updates before installing any of them.
It would also require prohibiting the transparency necessary to implement any of those checks independently, or anyone could do so and then use that to detect the attack regardless of whether or not the attackers are domestic state sponsored.