The U.S. government is tapping the broad authority of a centuries-old statute, the All Writs Act of 1789, to make Apple build new software that would make it easier to get information locked in the iPhone in the San Bernardino, Calif., murder case. According to Apple chief executive Tim Cook, if the government used the law in such a way, nothing would stop it from peeking into the iPhones of millions of users without their knowledge.
Johna Till Johnson, president and founder of Nemertes Research, suggested the government dug up the legislation because it doesn’t have an encryption law to use in its place: one that would require “backdoors,” or mechanisms that would bypass the encryption on mobile devices that turns private information into gibberish for anyone but authorized users.
Several lawmakers are looking into bills that would require tech companies to decrypt information when the government demands it. The debate will surely rage on Capitol Hill for some time. But what if such a bill passes both houses of Congress and becomes law? What then?
Ultimately, it may prove hard to enforce, at least among telecoms, Johnson said. Other countries would still be able to produce uncrackable devices, so there would be little stopping anyone from going abroad and buying one.
“You’d have to really push,” Johnson said of the government. “You’d basically have to say something like, ‘Verizon, you cannot provide service to XYZ model PDQ phone, because that’s an illegal phone.'”
For CIOs and security teams, though, things probably wouldn’t change too much, she said. Under an encryption law that would circumvent secure communications on mobile devices, CIOs could encrypt their applications instead. For everyone else, especially those without a whole lot of tech smarts, it’s a different story.
“Your average consumer isn’t going to go out and buy application-layer security and layer it on top of his iPhone,” she said. “So it really is mostly an impact on citizens-slash-consumers.”