Apple Fights DoJ On Privacy

Apple and the Department of Justice are not getting along these days.  The DoJ wants Apple to feed them real time iMessage traffic for someone the DoJ is quietly investigating.

Apple says that the way their system is designed, this is not possible.  If the user stores their messages in iCloud, they can give the DoJ those messages after the fact, but not in real time.

The FBI and DoJ advocate taking Apple to court, which apparently they have not done yet, to get Apple to insert a back door to allow them to feed messages to the DoJ in real time.

Tim Cook, head of Apple, said they “have to cart us out in a box before we would do that”.

Yahoo got into a similar fight with the DoJ and were subject to fines of $250,000 a day for refusing to turn over stuff that they had the ability to turn over.

What is much less clear is whether a court can compel Apple to add a security hole into their software because the government would like them to, absent some law that specifically requires that.

What probably has the DoJ pausing before clicking the court fight trigger is that if the court says NO to the DoJ they have created a precedent that will haunt the DoJ for a long time.

In the 1990s, the DoJ got a very different Congress to agree to make telephone companies add back doors for wiretaps.  The trade was that the government would pay the phone companies to do that.  At the time there were a handful of phone companies and the gov spent several billion dollars.

The DoJ has been lobbying Congress hard to pass a law like that today.  Congress has had no stomach to do that, I suspect for several reasons.  First, both liberals and conservatives would have to explain to their believers why they voted for such an invasive law.  Both groups would be scared that they would likely get booted out of office at the next election.

Second, if it cost say $2 billion in the 1990s for a handful of phone companies, it would like cost a thousand times that much or more for a thousand times as many software companies.  Who is going to vote to add that much to the federal deficit and stay in office.

Finally, the phone companies kept CALEA (the 1990s era wiretap law) tied up in court for a decade.  I suspect that the likes of Google, Microsoft and Apple, in a partnership might be able to keep it tied up in court for at least that long and probably get an injunction to force the government not to enforce it until the courts resolve it.

One simple thing that Apple could do – and I have no clue if they are considering this – is completely kill iMessage.

At the same time give a grant to a company in the Caymans or some other haven to create a product that does the same thing.  They need to have ZERO ownership interest in that company.

Then Apple could legitimately say that it is not our software, we don’t have any control over it, but you can certainly sue that company in the Caymans court if you like (or some other similar scenario).

It turns out that iMessage has a security flaw that a lot of software has.  It is one reason why my former company, Absio, is adding the ability to do offline key exchange into their product.

The feds could try and force Apple to add an additional public key to your account like would happen if you had an extra device.  Except that this “device” belongs to the feds.

And since Apple, in it’s quest to simplify things, does not show the user what keys exist for each account, the user would be none the wiser if they did that.

This is about as certain as tomorrow’s weather – but it could be an interesting battle.  Picking a fight with a company with $200 billion in cash in the bank and who’s products are probably used by almost every lawmaker and judge in the country might not make the DoJ very popular – and may not be a fight the DoJ is willing to take on.

Stay tuned!

 

Information for this article came from ZDNet.

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code