Crypto Wars: Behind the Encryption Debate

On December 2, 2015, two gunmen staged a cold-blooded attack in California, leaving 14 people dead and 21 wounded. At the time, the San Bernardino shooting was called the deadliest terror attack on US soil since September 11.

So the thing about a world where the FBI never misses anything is that that's also a world where the FBI has access to everything.

by Moxie Marlinspike, founder of Open Whisper Systems, developer of the Signal Protocol

One of the gunman, later identified as Syed Rizwan Farook, was a San Bernardino county employee. 

Farook and his 27-year-old wife Tashfeen Malik were hunted down and killed by the police soon after the shooting. 

With the killers dead, the FBI pursued the investigation. The shooters’ mobile phones were found smashed in a rubbish bin, but then the FBI made another discovery: they found Farook’s work iPhone, which soon took centre stage.

“We have a promise and a commitment to the victims and the folks that were impacted by this that we will leave no stone unturned. It was critical to get into that phone. Probably the most important reason was: are there contacts or conversations to indicate that there were co-conspirators involved in the attack?” says San Bernardino Police Chief Jarrod Burguan. 

“The phone was a county phone, but he had the ability to lock the phone himself … The concern is that based upon that version of IOS and that version of encryption, they can only make x amount of attempts to get into the phone. And then, it would have erased all the data. So that was the dilemma the FBI was in,” Burguan adds.

The FBI asked Apple to write a new version of the operating system for the phone, which would allow them an infinite number of tries to guess the password without encrypting all the data. But Apple refused.

The FBI took Apple to court, but Apple pushed back. In the end, the FBI dropped the case and announced they’d paid an unnamed entity to hack the phone. The price was a secret, rumoured to be around $1m.

To the FBI’s critics, the case against Apple looked like an attempt to set a legal precedent, forcing a company to undermine its own encryption.

“Apple helped a lot. Apple gave them access to all of the information they had, which included all the metadata, so they knew everybody who got called from this phone, everybody who called into this phone …” Cindy Cohn, executive director of Electronic Frontier Foundation, says.

Apple vs FBI was not the first battle with the US government in the so-called crypto wars. Legal victories in the 1990s paved the way for widespread use of encryption on the internet.

In 2013, Edward Snowden leaked documents revealing the scope of the US government’s surveillance programmes. They showed that the NSA (National Security Agency) had conscripted American tech and phone companies to help them spy.

Since then, more and more people are adopting end-to-end encryption to keep their communication private, blocking law enforcement from accessing information they want to investigate and prosecute crimes. It’s what the FBI calls its “going dark” problem.

Moxie Marlinspike is one of the developers of the Signal protocol and the force behind the Signal App, which encrypts messages end-to-end by default. The protocol has been integrated by the likes of WhatsApp and Facebook Messenger. 

“There’s two ways to think about security. One is computer security … this has been a losing strategy for 30 years, it’s just not possible…. the other way to think about security is information security. Instead of trying to secure computers, you secure the information itself. And that’s what actually works,” he says.

The FBI contends that encryption by default is slowing down investigations, sucking up resources, and making the prevention and prosecution of criminal activity more difficult.

“We don’t know what we don’t know, and what we’re missing because of this issue,” says Sasha O’Connell, chief policy adviser for science and technology in the FBI.

But Marlinspike believes, “the thing about a world where the FBI never misses anything is that that’s also a world where the FBI has access to everything.” 

The crypto wars show no sign of coming to an end.

“This is fundamental. You can’t have security without strong cryptography, so if the FBI is going to continue to push for it, we have to continue to push back, because we want a secure internet,” says Cohn.

In a series of interviews with hackers, software developers and government officials, Fault Lines investigates the debate over encryption – and what’s at stake when public agencies want to access private data.