×

Why Apple is fighting the FBI's San Bernardino investigation

The debate over regulating cybersecurity hit a new peak as the Feds pressed Apple to provide access to a San Bernardino terrorist's locked iPhone.

The investigation of the December mass shooting in San Bernardino, California, presented a critical juncture in a raging battle between industry and lawmakers after a federal magistrate ordered Apple to help the FBI break into the iPhone used by Syed Rizwan Farook.

The order sparked a sharp response from CEO Tim Cook, who has long argued that allowing government access to encrypted data in the form of a so-called "back door" would introduce vulnerabilities that could be exploited by hackers and be a breach of user privacy. But investigators have maintained that terrorists are hiding behind the safety of encryption to plan attacks, putting lives at risk.

Cook's response echos the broader tech industry, the vast majority of which resists efforts by governments to get special access to encrypted data.

Last year's terror attacks in Paris reignited the debate around privacy and security, with a number of U.S. officials, including CIA Director John Brennan and Sen. Dianne Feinstein, D-Calif., blaming encrypted technology and recent curbs on intelligence-gathering for empowering the terrorists.

And while it is unclear what role, if any, encrypted communication played in those attacks, there were voices in and out of government demanding law enforcement be given access to electronic communication.

"I view encryption like many view the 2nd Amendment," Mark Cuban said in a post on his Cyber Dust messaging app in December — a service that deletes users' messages 24 seconds after they are read. "Encryption is a fundamental underpinning of the freedom of speech."

In Europe, the U.K. is considering the Investigatory Powers Bill, also known as the Snoopers charter, which would force tech companies to help provide unencrypted communications to police or spy agencies, fueling fears that companies could be forced to terminate end-to-end encryption.

In a November interview with The Telegraph newspaper, Cook spoke out against the measure. "To protect people who use any products, you have to encrypt. You can just look around and see all the data breaches that are going on. These things are becoming more frequent. They can not only result in privacy breaches but also security issues," said Cook.

Cybersecurity and privacy experts CNBC spoke with universally agreed that the benefits of encryption far outweigh the potential threats raised by lawmakers.

"Today, every online communications platform offers encryption to their users. The motivation for doing so is the desire to protect people's privacy and safety. It protects people from cybercriminals from stealing information or in more extreme cases it protects people from more dangerous issues," said Fortinet director Deena Thomchick.

"These types of platforms have been used to coordinate positive reforms in any number of countries and this same encryption protected the people involved in those activities. For this reason, a few years ago a number of major platforms in the social media and information-sharing space decided to default to always encrypting communications. Unfortunately, these same technologies developed to protect individuals are sometimes used by bad actors to hide criminal activity," she said.

Ben Johnson, a former NSA employee and Bit9+CarbonBlack chief security strategist, agreed. "The problem is that when the bad guys can use the same technology, the same information, the same process as the good guys, how can you stop only the bad guys from using it?"

The Electronic Frontier Foundation also weighed in. "These heinous attacks must not be used to justify further erosion of our security, civil liberties or privacy," wrote Executive Director Cindy Cohn. The privacy advocacy organization points out that there has been neither public confirmation that the terrorists used end-to-end encryption, nor that encryption of communications caused the intelligence agencies to fail to detect the plot.

"What we do know is that strong encryption is crucial to allow political organizers, government officials and ordinary people around the world to protect their security, privacy and safety from criminals and terrorists alike. Any 'back door' into our communications will inevitably (and perhaps primarily) be used for illegal and repressive purposes rather than lawful ones," wrote Cohn.

So-called back doors would enable government agencies to access encrypted communications using keys provided by tech companies. That opens up a whole new set of issues, said Gartner analyst Peter Firstbrook.

"The biggest problem is that the U.S. cannot get a backdoor in all encryption software. It is simply not practical." -Peter Firstbrook, Gartner analyst

"The biggest problem is that the U.S. cannot get a back door in all encryption software. It is simply not practical. The terrorists will simply switch or overlay encryption tools to avoid surveillance," he said.

If the government has a back door, said Firstbrook, it will weaken encryption and eventually get discovered by bad actors and used to steal personal, identity and banking information. Quite apart from the security and privacy issues, there are commercial concerns, a big problem for Silicon Valley. "If the U.S. government has a back door in U.S. products, it will kill the international appeal of U.S. products. What foreign government or citizen will buy an Apple iPhone or Android phone if they knew the U.S. CIA can crack the encryption used?"

Most people who endorse a back door, use the "if you have nothing to hide" argument, said Firstbrook. "However, there are a number of private details that everybody has that they don't want exposed and just having a surveillance state can change the way people converse and behave."

— CNBC's Anita Balakrishnan and Arjun Kharpal contributed to this report.