What you need to know
- The FBI tried to force Apple to decrypt a terror suspect's iPhone.
- Apple refused despite FBI general counsel Jim Baker's attempts.
- Now Baker has had a rethink on encryption.
When Apple and the FBI clashed heads over the San Bernadino iPhone case three years ago Jim Baker was the latter's general counsel. He no longer works at the FBI and as part of his new role writes for the blog "Lawfare" where he's been discussing encryption. His latest post is titled "Rethnking Encryption" (via 9to5Mac.) And yes, he's had a rethink.
While he still believes he was in the right in the FBI-Apple case, he does feel that there is a need to protect the United States from threats. And that requires encryption.
What follows are reflections on my efforts to embrace reality (and) rethink my prior beliefs about encryption and to better align those beliefs with the reality that (a) Congress has failed to act—and is not likely to act—to change relevant law notwithstanding law enforcement's frequent complaints about encryption, and (b) the digital ecosystem's high degree of vulnerability to a range of malicious cyber actors is an existential threat to society.
In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities—including law enforcement—to embrace encryption because it is one of the few mechanisms that the United States and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly from China. This is true even though encryption will impose costs on society, especially victims of other types of crime.
But despite all that he still thinks that he was right to push Apple to hand over the encryption keys that would have given the FBI access to the San Bernardino terror suspect's iPhone.
During the Federal Bureau of Investigation's very public disagreement with Apple over encryption in 2016, I was the bureau's general counsel and responsible for leading its legal efforts on that matter. I fought hard for the government to obtain access to the contents of an iPhone used by one of the perpetrators of the San Bernardino terrorist attack. I stand by that work.
Baker apparently understands why encryption is important, but the problem of protectiong people and the government at the same time still remains. While making it easier to allow law enforcement to get the information they want is a concern, that isn't possible without impacting people and their privacy.
When it comes to protecting the United States, Baker believed that strong encryption is required to deal with concerns about the potential for Chinese spying attacks.
The Defense Innovation Board of the U.S. Department of Defense recently released a report that discussed the "zero-trust" 5G network problem for the department.
In general, a zero-trust network is, as the name implies, one that you do not trust. A network operator that employs the zero-trust network concept presumes that one or more adversaries have successfully penetrated the network's perimeter defenses and are present inside the network. The operator also presumes that it will be difficult or impossible to ever be sure that the adversaries have been identified and removed. Accordingly, they treat their internal systems as zero-trust networks, which will include consistently challenging all users, applications and devices and encrypting data as much as possible.
I'd suggest reading the whole piece over on "Lawfare" to see exactly how Baker feels now, three years removed from the mess that was the FBI's legal battle with Apple.