Encryption is one of the hottest controversies in cybersecurity.
Particularly as sparks are flying again between Apple and the U.S. government.
You've probably seen the debate emerge before in a scenario like this: the Department of Justice has a locked iPhone from a terrorist it wants to investigate. It asks Apple to open the device, and Apple declines.
Now, however, there is a recent development related to a 2019 terrorist attack that reignited this controversy in a new way.
DOJ unlocks terrorist iPhone with 'no thanks to Apple'
United States Attorney General William Barr was enthusiastic to announce a recent development in the case of a deadly 2019 shooting at the Pensacola Naval Air Station. Three sailors died and eight others were injured.
The critical evidence that emerged during the investigation focused on two iPhones that the shooter had in his possession during the attack.
The shooter tried to destroy the phones and severely damaged them.
However, the Department of Justice (DOJ) was able to make both devices operational, despite the damage. But both phones remained locked with a passcode.
SecureWorld covered Barr's statement about the case earlier this year:
"We have asked Apple for their help in unlocking the shooter's iPhones. So far Apple has not given us any substantive assistance. This situation perfectly illustrates why it is critical that investigators be able to get access to digital evidence once they have obtained a court order based on probable cause."
But that apparently never happened. Now, fast forward to this week.
Five months after the shooting, the DOJ managed to unlock the devices on their own.
Unlocking the phones revealed that shooter Mohammed Saeed Alshamrani had "significant connections" with Al Qaeda, according to the DOJ. And Barr says it proved the shooting was an act of terror.
Attorney General criticizes Apple
At a press conference, Barr celebrated the employees who managed the achievement—while slamming Apple in the same statement:
"Thanks to the great work of the FBI—and no thanks to Apple—we were able to unlock Alshamrani's phones. The trove of information found on these phones has proven to be invaluable to this ongoing investigation and critical to the security of the American people.
However, if not for our FBI's ingenuity, some luck, and hours upon hours of time and resources, this information would have remained undiscovered.
The bottom line: our national security cannot remain in the hands of big corporations who put dollars over lawful access and public safety. The time has come for a legislative solution."
You can watch the Attorney General discuss more of this here:
What are arguments against weakening encryption?
The Justice Department and others in government are really asking for a path around strong encryption, if a judge grants them that access.
When it comes to unlocking devices, Apple has made a consistent argument that building something that can give investigators "lawful access" could mean access for bad actors in cyberspace. This was the company's response to Barr's original criticism earlier this year:
"We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations.
We feel strongly encryption is vital to protecting our country and our users' data."
It sounds very similar to what cybersecurity thought leader Bruce Schneier told us at SecureWorld Boston just before his keynote. Here, he is talking about the U.S. government, 5G, and encryption issues:
"They have this weird definition of security which means security from everyone except them, which we as technologists can't actually build. And they are pushing for insecure protocols at the same time they're complaining about a lack of security.
So yes, we need security. We need trust and that actually means the FBI and NSA are not going to be able to eavesdrop on those systems. And they have to either accept that or be happy with the insecurity. They can't get both."
Listen to the rest of our interview with Schneier in this podcast episode:
We can expect the debate over encryption and privacy to continue.