February 22, 2016

FBI vs. Apple: A New Crypto Commission to Be Ignored?

As new revelations dribble forth regarding the FBI vs. Apple iPhone case, calls are rising in various quarters (both in tech and government) for the creation of Yet Another Commission of Experts to presumably take a more comprehensive look at the encryption sphere in terms of government desires vs. users' security and privacy.

I'm not opposed to serious commissions on serious matters. I am opposed to commissions whose membership is not representative of all stakeholders, or whose findings are used to disingenuously rubber-stamp existing policies -- or whose findings are simply ignored.

We saw an example of how commissions go wrong with the recent, rushed, FAA "drone registration" panel, which made a number of common sense recommendations that would have served both FAA needs and the privacy and other concerns of honest citizens -- recommendations that were largely ignored by the FAA in what appeared to be a preordained fashion.

A new crypto commission that was similarly castrated would not serve the public interest.

Based on information currently available, we can see that the government effectively locked themselves out of the iPhone in question -- I prefer to charitably assume through error and/or incompetence, rather than the darker possibility of a purposeful plan to force the crypto backdoor controversies more directly into the spotlight of politics during a contentious election year.

Passwords were changed under FBI orders that should not have been. San Bernardino officials did not avail themselves of common device management software that could have prevented this entire problem -- software of a sort that most responsible corporations and other organizations already use with company-owned smartphones in employee hands.

Add to these facts the reality that virtually every expert in the encryption field agrees that backdoor access to these devices' crypto systems puts all honest users' personal data at risk from black-hat hacking -- including from terrorists and other criminals -- and the possibility that any new crypto commission would quickly find itself at loggerheads seems very high indeed.

That all said, a truly representative crypto commission including a wide variety of participants -- not necessarily only the usual folks who seem to always turn up on government-sponsored commissions -- could still (at least in theory) serve a useful purpose in helping the community at large better understand these highly technical and complex issues that do not have simple solutions.

Whether such a commission actually should, could, or will be formulated, and not later be twisted into a mouthpiece for what the government wanted all along, remains to be seen.

I have consulted to Google, but I am not currently doing so -- my opinions expressed here are mine alone.

Posted by Lauren at February 22, 2016 08:39 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein