Comment While fans of strong crypto and privacy are celebrating the US Department of Justice decision to back down in the San Bernardino case against Apple, it's important not to get too giddy – this is going to be a long battle and the FBI has nothing but time.
The FBI still hasn't explained quite how it managed to unlock the encrypted iPhone 5C in question, nor given any details about the intelligence it did or didn't contain. But in public statements the Feds have made it clear that this is just the beginning.
Apple has been working with the FBI quietly for years, but this broke down in the San Bernardino case. The FBI wanted to make this a public issue; some have speculated that this was planned because such a terrorist case would make an easy test case to set a legal precedent. Get a manufacturer to produce a custom firmware to weaken a device's security. For investigators, that would be a perfect tool.
Whatever the reasons, the FBI walked into a war with Apple. Its CEO Tim Cook made unprecedented public statements on the matter, and the tech industry took Apple's side.
Trial documents filed by the FBI made it clear that the Feds were going to play hardball – at one stage threatening to force Apple to hand over its source code and crypto keys. Such extreme measures were justified because of the extreme nature of the crime, the Feds said, and because it was impossible to unlock the phone any other way.
This proved to be untrue. In fact, it took only six weeks before someone – the Feds aren't saying who – came up with a solution to the locked phone problem. The FBI claimed that the unlocking procedure was only good for that individual phone, something security experts find hard to believe. But it does indicate that the FBI anticipates going to court again in future cases.
"This lawsuit may be over, but the Constitutional and privacy questions it raised are not," said Congressman Darrell Issa (R-CA).
"Those worried about our privacy should stay wary – just because the government was able to get into this one phone does not mean that their quest for a secret key into our devices is over."
Issa is one of the few congressfolk who has any experience with IT, and coincidentally one of the few to support Apple. But he has suggested that maybe US Congress should take a look at the issue.
On one level this isn't a bad idea. Having clear laws in place is preferable to a hodgepodge of legal rulings on disparate cases that have to be reinterpreted over time. But the downside of this is that much of Congress is clueless about technology and could easily make the kinds of laws that put us all at risk. It has happened before.
The infamous Clipper Chip was a government idea that got widespread support in Congress, but everyone with an ounce of sense in the tech industry knew it was a horrible idea. Even the technologists working on it were feeding its weaknesses to the press.
The FBI will no doubt lay it on thick if Congress is considering new legislation on the matter, as will other law enforcement bodies. The whole terrorists and criminals "going dark" trope has been done to death, but it's effective in convincing politicians who want to be convinced.
Crypto guru Bruce Schneier has already said that in crypto wars round two, the tech industry may lose out big time. If Congress is making the rules he could well be right.
But the alternative is to follow the FBI's lead on this. Sooner or later, probably sooner, the Feds will bring up another case to court similar to the San Bernardino investigation. It'll be something juicy – a child's kidnapping maybe, or another mass shooting – and it'll be making the same arguments in court.
Law enforcement is in this for the long term. So is the tech industry. It's going to be interesting to see who gets the upper hand. ®