Tim Cook has refused to back down over iMessage end-to-end encryption in a stance which could see Apple on a collision course with the UK government, as clamor grows for the security services to be given more snooping powers following the Paris terror attacks.
In an interview with the Irish Independent Cook explained his repeated position that Apple has never allowed access to its servers or “worked with any government agency from any country to create a backdoor in any of our products or services.”
"The UK government has been clear publicly that they are not seeking to weaken encryption," Cook is quoted as saying.
"And so I take them at their word that they would not do that. And at the moment as you know, we encrypt iMessage end-to-end and we have no backdoor. And we have no intention of changing that. Any change made would contradict the UK government's view that they would not weaken encryption.”
That might not entirely be true because of either confusion or deliberate vagueness by some politicians and intelligence bosses when they talk about not wanting to weaken “encryption” as opposed to “end-to-end” encryption.
In fact, the controversial Investigatory Powers Bill currently passing through parliament contains a passage stating that CSPs must assist with interception warrants and “maintain permanent interception capabilities, “including maintaining the ability to remove any encryption applied by the CSP to whom the notice relates.”
However, Cook seemed to suggest that parliamentary scrutiny and common sense would prevail.
“And so I think that we'll work closely with them,” he said. “And I have every faith that through this process of the next year, give or take a year, that the bill will become very clear.”
The fear among opponents of the bill is that recent terror attacks in Paris could be used as justification for extra state snooping powers as proposed in the legislation, including the de facto ban on end-to-end encryption and the forcing of ISPs to retain web browsing records for a year.
CipherCloud CEO, Pravin Kothari, argued that “dismantling privacy for the masses” will push the terrorists deeper underground.
“But diluting commercial encryption won’t prevent the bad guys from using their own proprietary encryption and won’t make us safer,” he added. “Weakening the technology that companies use to protect average users misses the mark. Nor will enacting the IPB better protect the homeland as many of its monitoring provisions already exist in France following Charlie Hebdo.”
Meanwhile, Context Information Security lead investigative researcher, Tom Williams, argued in a lengthy note that ISIS faces numerous challenges in recruiting and retaining those with the cyber skills to launch major attacks.
He said the possibility of an attack on critical infrastructure, as mentioned by chancellor George Osborne in a speech in which he announced a doubling of the funding for the fight against cybercrime, was unlikely in the short term.
“Due to the likely fluid nature of their cyber capability, both in terms of skill and access to sophisticated malicious software, this prospect cannot and should not be ruled out as a possibility in the medium to long-term,” he claimed.
Any future threat would probably involve a malicious insider working at a targeted facility, Williams added.