Google Voices Support for Apple, but what Does the FBI Actually Want?

Written by

As the fallout from the San Bernardino gunmen case continues to escalate, the CEO of Google, Sundar Pichai, has voiced his support for Apple, who remain in a standoff with the FBI.

In a series of tweets echoing comments made recently by Tim Cook, Pichai argued that forcing companies to enable hacking could compromise the privacy of users.

Whilst admitting that “law enforcement and intelligence agencies face significant challenges in protecting the public against crime and terrorism”, he said keeping the information of users safe and protected is a top priority of theirs.

He added that although organizations do all they can to work alongside law enforcement, giving them access to data based on valid legal orders, that is a very different matter than “requiring companies to enable hacking of customer devices and data” which he suggests could be a “troubling precedent”.

However, in his blog, Troy Hunt argues that although “seeing the CEO of one of the world’s largest companies refer to one of their fiercest competitor’s positions in a favorable way is precisely what we want to see on such an important topic” he would have liked to have seen even stronger support from Pichai, suggesting his comments are too vague, lacking the staunchness of Cook’s.

In a lengthy statement on Apple’s website, Cook blasted US authorities following a court order requested them to create a new custom iOS version which would allow the FBI to access information on the device of one of the San Bernardino gunmen. Cook made it clear that they point-blank refused to adhere to these demands.

Instead, he argued that such an act would jeopardize the privacy and safety of its customers by creating a ‘backdoor’, circumventing several important security features.

He wrote:

“The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers – including tens of millions of American citizens – from sophisticated hackers and cyber-criminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”

Australian Greens Communications spokesperson Senator Scott Ludlam shares a similar view, highlighting the fact that as there are so many Apple users worldwide the security fears this case is generating are not limited to the US.

"The US FBI's demand that Apple build a 'back door' into the iPhone is extraordinarily reckless. There are millions of iOS devices in use in Australia. This proposal would put every single one of those users at risk of identity theft.” he said.

Cook added:

“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks – from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”

With Google publically backing Apple’s stance and making it clear they, even if more tentatively, share the same viewpoint the FBI are now facing resistance from two of the globes biggest tech companies.

However, such support has not been so forthcoming from other professionals in the industry. Chris Eng, VP of research at application security specialists Veracode, disputes Cook’s claims the software update could be used multiple times as a malicious ‘master key’, insisting this is not what the court order has requested .

He said:

“The issue here is not one of creating a backdoor; nor is the FBI asking for Apple to decrypt the data on the phone. They’re asking for a software update (which could be designed to work only on that one particular phone) which would then allow the FBI to attempt to crack the passcode and decrypt the data. Such a solution would be useless if applied to any other phone.”

Eng also goes so far as to question Apple’s intentions, suggesting they are less concerned with the ethical issues surrounding the case and more focused on setting a competitive standard.

“In the past Apple has complied with requests to, for example, bypass lock screens in aid of criminal investigations. It’s only in recent years that they’ve taken an ideological stance on consumer privacy. I believe Apple is taking this position less as a moral high ground and more as a competitive differentiator, betting that Google won’t do the same.” he argued.

However, with Sundar Pichai coming out in support of Tim Cook, Eng’s comments about Apple seeking to establish a “competitive differentiator” appear to be wide of the mark.

Eng is not alone in challenging Apple over this case. French Caldwell, chief evangelist at MetricStream, has stated that although he admires Google’s dedication to protecting its customer’s data, like Eng he believes the “assertion that the FBI is demanding that Apple create a backdoor is a stretch.”

“Until now, when tech companies have discussed a backdoor they’ve referred to encryption. In this case, the government is not asking for a backdoor to Apple’s encryption, but rather is demanding Apple’s assistance in unlocking the screen of the phone of an alleged terrorist. This demand for assistance is not the first of its kind and Apple will have to comply.” he argued.

“Apple may be taking a pre-emptive stand on future government orders for access to data that don’t involve just unlocking a screen. However, tech companies should ensure they are challenging government demands for access and court orders on legal and judicial grounds. The courts have for decades deferred to the US Government on national security issues, and to get a hearing on privacy grounds, tech companies will need to be careful not to alienate the judiciary. Judges are not elected, and while they do pay attention to public sentiment, if that sentiment is whipped up by a company publicizing its defiance of a court order, the judiciary is not going to be very responsive to that.”

There’s no doubt the aftermath of this case will continue to rumble on for some time to come, and we will surely see more and more tech companies voicing their standpoint over the coming days and weeks. It will certainly be interesting to see where this leads and ultimately what resolution will be reached, if any.

What’s hot on Infosecurity Magazine?