Considering this option, is Apple’s refusal to cooperate really a declaration of their commitment towards user privacy? Or is it simply the tech giant’s way of distracting public attention from the fact that it is the only one to possess the encryption keys off all 700 million iPhones out there?

1. Should we go down the FBiOS rabbit hole?
The headlines have been soaring for the past 2 months over the Apple/FBI debate. We will not be
going into the specifics of this particular case, but for those of you who have been living under a rock
the whole time, here is a brief summary of the situation:
Following the San Bernandino shooting, the FBI came into possession of an iPhone used by one of
the terrorists who killed 14 people last year on December 2nd. Suspecting the device might contain
helpful information in the fight against terrorism, the FBI requested of Apple to develop a new iOS
version – or an FBiOS as the media baptized it, capable of circumventing certain iPhone key security
features. At the request of the Justice Department, a federal judge instructed Apple to assist law
enforcement in unlocking cell phones whose contents are cryptographically protected.
The issue was taken to court and, while Apple was instructed to assist law enforcement, it blatantly
refused to do so. Backed up by technology giants such as Google and Facebook, Tim Cook, CEO of
Apple, stated his position firmly: ‘this software — which does not exist today — would have the
potential to unlock any iPhone in someone’s physical possession. Building a version of iOS that
bypasses security in this way would undeniably create a backdoor. And while the government may
argue that its use would be limited to this case, there is no way to guarantee such control’. During his
public relations campaign, Cook pointed out repeatedly the impact the court order could have on the
privacy of IPhone users. Seeing as how only in the US there are 110 million IPhone owners (a little
over a third of the entire US population), we can understand how that might upset some.
On the other hand, the FBI made quite a compelling case, invoking past situations when impenetrable
IPhones were involved and lives were in danger. When the argument is national security and the fight
against terrorism, the majority will give in to fear and renounce privacy in the favor of security. At least,
that is how the US government portrayed the FBI-Apple dispute, a battle meant to determine which of
the two is more important. Would you rather feel safer or have more privacy? This question, however,
begs for a singular answer, while one aspect cannot exclude the other. Less privacy doesn’t
automatically equal more security, on the contrary.
Benjamin Benifei, our Legal Consultant at ITrust, states his opinion: ‘It is easy for public authorities to
criticize data encryption. Opinions are fusing together in order to weaken encryption by legallystripping
it of its use, enforcing the creation of hidden backdoors, or by simply forbidding it. That being said,
what the general public needs to understand is that limitingdataencryption will have a definite negative
impact on our society. It will not achieve its goal of helpinglaw enforcement agenciesto fight terrorism,

2. Benjamin Benifei, our Legal Consultant at ITrust, states his opinion: ‘It is easy for public authorities to
criticize data encryption. Opinions are fusing together in order to weaken encryption by legallystripping
it of its use, enforcing the creation of hidden backdoors, or by simply forbidding it. That being said,
what the general public needs to understand is that limitingdataencryption will have a definite negative
impact on our society. It will not achieve its goal of helpinglaw enforcement agenciesto fight terrorism,
but will instead reinforce hacker’s chances to get a hold of our sensitive data, jeopardizing even more
our security’.
We tend to see eye to eye with our consultant on this. There is a tension being created now at the
center of rising new technologies, a tension that was anticipated neither by device manufacturer nor
by law government agencies. The real dilemma here is not to define the exceptional cases when
security trumps privacy, but this: how do we conserve both security and personal rights without
hindering one or the other?
With this bigger picture in mind, it becomes easier to see that the FBiOS discussion was merely a
pretext to bring forward the fact that there is no clear legislation around encryption in the US. In court,
the All Writs Act cited by the FBI dates way back to the 1800s, which no longer hold their validity more
than 200 years later.
In the end, the FBI dropped its case against Apple and managed to recover the data on the terrorist’s
iPhone via a ‘third party’ – represented, in fact, by a handful of professional hackers that the Federal
Bureau had paid to do so. The method used by this third party is said to only unlock the iPhone 5C
used by the San Bernardino shooter.
The resolution puts in a questionable light the entire case to begin with, but the turmoil it arose is just
now starting to spread its ramifications. A policy proposal aiming to weaken encryption, by forcing tech
actors to override their own security features for the sake of law enforcement, was introduced by US
senators not long ago. On the other side, the technology sector and privacy advocates form a united
front in militating against its approval in Congress.
One thing is clear: the situation has yet to find its balance on US soil. On the topic, Benjamin also
explains the legal status of encryption in France, treated similarly in 2004: ‘The LCEN (Loi pour la
Confiance dans l’Economie Numérique; English: Bill for Building Confidence in the Digital Economy)
bestowed upon French companiesthe complete liberty regarding their choice of employingencryption
methods. Nevertheless, the bill restricts the way these means of encryption are imported, provided
and exported (Art. 30 from the LCEN). Refusing to provide law enforcement agencies with an
encryption key that was supposedly used to plan and/or commit crimes, can be punished with a 3-
year jail sentence, as well as with fine of up to 75k€ (Art. 434-15-2 from the Penal Code). Public
prosecutors and police officers are, thus, entitled to request that an individual or a company
communicate all information useful in “revealing the truth”, including encryption keys (Art. 60-2 from
the Criminal Procedure Code). Therefore, if a similar case were to happen in France, Apple would be
legally bound to hand over its encryption key in order to decrypt the data’.
The matter of security and privacy in the context of encryption can be carried out to no end and,
depending on where you stand, both opinions may seem reasonable. ‘The trick is then’, Benjamin
adds, ‘to fully respect cybersecurity good practices and to apply end-to-end encryption, leaving the
phone manufacturer outside of the loop where encryption is concerned.’

3. The matter of security and privacy in the context of encryption can be carried out to no end and,
depending on where you stand, both opinions may seem reasonable. ‘The trick is then’, Benjamin
adds, ‘to fully respect cybersecurity good practices and to apply end-to-end encryption, leaving the
phone manufacturer outside of the loop where encryption is concerned.’
Considering this option, is Apple’s refusal to cooperate really a declaration of their commitment
towards user privacy? Or is it simply the tech giant’s way of distracting public attention from the fact
that it is the only one to possess the encryption keys off all 700 million iPhones out there?
Link:
https://www.reveelium.com/en/fbios-rabbit-hole/