Former NSA, CIA Director Michael Hayden Sides With Apple Over FBI

cold fjord writes: General Michael Hayden (Retired), who served as head of both the NSA and CIA, has taken a position supporting Apple in its conflict with the FBI. Apple is fighting a court order to assist the FBI in breaking into the government owned phone used by one of the two dead terrorists responsible for the recent San Bernardino massacre. General Hayden stated, "You can argue this on constitutional grounds. Does the government have the right to do this? Frankly, I think the government does have a right to do it. You can do balancing privacy and security dead men don't have a right to privacy. I don't use those lenses. My lens is the security lens, and frankly, it's a close but clear call that Apple's right on just raw security grounds. ... I get why the FBI wants to get into the phones but this may be a case where we've got to give up some things in law enforcement and even counter terrorism in order to preserve this aspect, our cybersecurity."

Re:Ponder this

To be and enjoy it. Or change as you would like to. Just because someone is better than something and even if it is by orders of magnitude beyond your understanding that doesn't mean you are worth less as a person. Whether that is a fundamental truth or a quirk of the Human brain I think that should be something we should hypothetically instill (Not necessarily install.) in others. So find something to do.

Re:Really?

[Ol+Olsoc]

Even if your premise is true, You don't need side stories to be against this. If a backdoor is planted in the software that allows Law Enforcement to bypass the security features of the system, it does indeed make it easier for Law Enforcement do dig into a device. It also makes it easier for some folks other than Law Enforcement to dig into your device.

Looking over my iphone I don't really have anything that Law enforcement would be interested in - however, I really really really do not want the bad guys having that very same access.

note: I don't actually want anyone snooping in my phone at all, so let's not have the semi-obligitory "First they came for....." sillieness folks, mKay?

Re:Ponder this

[arbiterxero]

What was the point of human existence before computers?

I doubt it's changed.

Of course Apple is right

[sjbe]

You can argue this on constitutional grounds. Does the government have the right to do this? Frankly, I think the government does have a right to do it.

I disagree. I think the government doesn't (or at least shouldn't) have the right to compel companies to break security protocols on behalf of the government when that would affect parties other than the one under legal scrutiny. Furthermore it seems clear to me that this creates an unreasonable burden on Apple (or any other company) to support the government. I'm not sure the court in this case fully appreciates what they are asking from Apple. By breaking the encryption on this device they materially devalue the product Apple is selling substantially. I think you can argue this on at minimum 1st and 4th amendment grounds.

it's a close but clear call that Apple's right on just raw security grounds.

"Close"? No it isn't. Apple is clearly correct that breaking security for one phone breaks them all. That's how it works. Anybody with even a basic understanding of cryptography on computers would know this. If we break it for the US government we break it for foreign governments, black-hats, paparazzi, etc. There is no way to restrict it to just one specific party. Apple is 100% correct to do what they are doing. I'm not always a fan of Apple but they are both morally and technologically correct in their position here.

Re:Really?

Except Snowden doesn't say what you claim. He states that he disbelieves the FBI's claims that they can't break into the phone. According to what is referenced in that article, he doesn't say anywhere that this is just Apple putting on a show.

They likely can break into the phone, but that is not what this is all about. And it never has been, just as this has never been about "one phone", regardless of who wants to claim that bullshit.

This is about setting legal precedent. Period. End of statement. And once it's set, it will be abused. Guaranteed. There is zero evidence in our history to even prove otherwise.

Re:Security threats are a strawman

[ledow]

The question is not "what if it escapes".

What if, one of the guys working at Apple is able to get his hands on that "one-serial" version? Is that guy security checked? Is he a spy?

That such a version even exists is a risk. Whereas if all the Apple firmwares issued, to anyone, are just consumer, technical, etc. firmwares that don't allow arbitrary bypass of security restrictions, it's much harder to make happen.

And how difficult would it be for, same, some enterprising country to get their hands on this "one-serial" firmware and hack either the serial is applies to AND/OR the serial on the hardware they want to get into?

It's not public escape and the guys on the firmware hacking forums that this guy would care about. That kind of thing could already be going on anyway. It's that Apple are providing firmwares capable of device compromise to anyone who asks in any of their legal locations. Like China. If the FBI succeed in the US, what's to stop the appropriate equivalent Chinese agency succeeding in China (where it would be done much more quietly and probably without any safeguards at all?). Nothing.

Short of Apple literally having to pull out of China if they are forced to do it, they would have to comply with the laws there too, by their court's interpretation, whether the device was originally bought in the US, the EU or anywhere else, if if a similar case comes up and the highest Chinese legal authority decrees they want this, and Apple has already provided the facility to the FBI, it's almost impossible to deny them it short of pulling out of sales in that country entirely. And that would hurt Apple and, by proxy, the American export economy.

This guy is making some sense, at least. He's not even trying to pretend that the courts aren't within their right in this instance, what he's saying is that it's a much bigger issue than just resolving one legal dispute, and will affect the security and export of US electronics worldwide.

It's got nothing to do with "how many times we give in", but "that we gave in the first time", which is a sad and oft-repeated lament where law is concerned. Apple aren't even saying they COULDN'T do this... they are saying they SHOULDN'T.

It would destroy exports, user confidence, and provide a tool that - with almost zero effort - could be applied elsewhere. And, please bear in mind - evidence submitted in a court can be requested, inspected, queried and argued over by the other side too.

In the same way that the firmware of breathalysers and all kinds of other devices are legally forced open in many jurisdictions (because you are putting people behind bars based on the assertions that the software is making, and thus the software has to be able to be inspected by an appropriate professional analyst if the defendant makes a fuss about it, in order to dis/prove their case), providing this firmware to the FBI may well pave the way to providing it to the defendant's lawyers, legal team, analysts, courtroom, etc.

It's not joe-public hacking the firmware on their iPad that anyone cares about. It's creating a tool that you then can't "uncreate" and may well be able to be applied to everything from some kiosk-like visitor-log device in the White House to the kid's tablet in Downing Street, and then advertising that the tool exists to any court in the world that might demand it.

Though I hate Apple with an absolute, physical, lividness, this is actually a big case with much more impact for Apple, the US electronics economy and the global IT economy, plus the national security of almost every country, than just "who might bypass your passcode when they can put a hacked firmware on your iPad when you leave it unattended in a bar".

It doesn't even need to "escape". If Apple get summonsed to provide this same tool by a Chinese court, or an EU one, they will have to comply or fight the same fight. If they could point at the US and say "No, look, we argued this over there, we're not going to do it", it holds much more precedent than "We caved to the FBI, but we don't like your court system over here so we won't do the same for you."

Re:Security threats are a strawman

[rgbscan]

I didn't read the article, but I heard the interview on NPR. Basically his reasoning is this: Cybersecurity is our biggest defense gap. It's clear now that the chinese have stolen designs for expensive weapon systems of ours and we've seen signs that foreign entities have the ability to manipulate our power grid and infrastructure, and possibly the stock market. In this context, building in any weakness at all - even for a seemingly slam dunk case such as terrorism, we should be cautious. In a landscape so woefully filled with security holes, it is more incumbent upon us to protect Americans by tightening security, than gaining a little extra information about some lone wolf shooters.

Re:Really?

[fustakrakich]

And you know what the FBI wants? That's pretty powerful stuff there. Those four items are a backdoor. And just because the FBI doesn't publicly reveal their desires, it doesn't mean they don't exist. You need to acknowledge precedent.

Re:Really?

Because they want a president set that it's okay for the government to insert backdoors into encryption solutions, and make unreasonable requests of tech companies, so that when it comes to inserting backdoors in all communications systems, it'll be easy to force through.

Re:Subject

[93+Escort+Wagon]

I think the issue is a bit different.

The FBI is basically a national police force. I've known a few cops, and their point of view has been all about solving and preventing crime. Even the ones I like as people... on these sorts of subjects it's like they're wearing blinders. Innocent people's privacy isn't a concern to them. Constitutional guarantees aren't a concern to them, except when it's been hammered into their heads as something they're required to do by the higher ups - not because they agree with those guarantees, but because they know it will mess up the eventual prosecution if they don't do it.

Their job is to prevent and solve crimes, and anything that obstructs those two goals should be done away with (in their view).

In a cop's perfect world, they'd be able to just walk into your house and look around. They'd be able to stop people on the street and frisk them. And of course they should be able to use license plate scanners, and have unrestricted access to the data forever.

So of course they they think should be able to look through anyone's phone.