More like this

Business

Arrow

Law

How the FBI will lose its iPhone fight, thanks to 'West Coast Law'

Uncle Sam can't argue against science

Analysis Apple versus the FBI has generated much discussion and conjecture lately.

The vast majority of it has centered on the rights and the wrongs, about the loss of privacy, and of the precedent that breaking one iPhone would create.

Many are hanging on the blow-by-blow developments for an outcome, to see which side trumps: Apple – and by implication, increasingly, the tech industry – or law enforcement and the government. But this misses the point and the ultimate outcome: victory for Apple.

That's because there is a higher law beyond what FBI director James Comey sought to enforce on Apple last month.

It was described by Harvard professor Larry Lessig almost 20 years ago, when he was then unknown, in a book called Code and Other Laws of Cyberspace, since updated as Code v2. Lessig called law as defined in computer code "West Coast Law." This is as opposed to "East Coast Law," which is defined by statute.

Encryption is one such West Coast Law. It was defined by Whitfield Diffie and Martin Hellman 40 years ago in a paper called "New Directions in Cryptography." Their Diffie-Hellman protocol brought us the concept of public key cryptography, messages encrypted first with a key everyone knows, then decrypted with a private key controlled by the recipient. Or vice versa.

East Coast Law is analog. It changes and it has exceptions. Arguments can be made – on either side of a question – that define or change East Coast Law or that shift its interpretation, as happens in courts. West Coast Law, like encryption, is binary. It's science. It uses facts that can't be denied or altered through the relative strength or weakness of an argument. So we have learned from that day to this.

As the Diffie-Hellman paper was published, Ron Rivest, Adi Shamir, and Len Adleman created an implementation known by their initials: RSA. They defied the wishes of the US National Security Agency and published an article on it in Scientific American in 1977.

In 1991, programmer Phil Zimmermann wrote a program called Pretty Good Privacy, implementing RSA. Zimmermann launched PGP Inc in 1996, defying attempts by RSA Security (now part of EMC) to claim patent rights over the two-key method, then fighting the US government over rights to export it.

The first version of the encrypted Web standard, https, also using Diffie-Hellman keys, was written into Netscape Navigator in 1994. It evolved into a full Internet specification in 2000. After encrypting its own traffic, Google began preferring the encrypted pages of web sites it indexed late last year.

Why did Google do this? Partly in response to the revelations of Edward Snowden, whose document dump in 2013 showed that the NSA has been ignoring privacy routinely ever since 9/11. Snowden's point was that the government's promises on this issue can't be trusted.

Snowden says we can't trust government with our secrets, and we don't have to. You might as well pass a law telling glaciers not to melt. We all want our privacy and security. West Coast Law says the only way you get it is if everyone does.

But, Comey says, he just wants Apple to disable PIN protection on one iPhone. But this, too, is an encryption case. The PIN serves as a shorter key. This phone will self-destruct after 10 failures, just like the messages in Mission Impossible.

If Apple unlocks the phone because of terrorism, the district attorney for New York County (Manhattan) alone has 175 Apple devices in his lab he wants to open, in hopes of solving crimes.

And it's not just America. If Apple broke its own phone's security because of US legal demands, China would demand that right. So would Russia. So would every other dictatorship. Many "crimes" being investigated in these countries are political. If Comey gets his way, then so does Vladimir Putin.

This is why Bruce Schneier, a security expert who became an IBM employee last week when his employer was bought by Big Blue, writes that "Our national security needs strong encryption." He adds:

I wish I could give the good guys the access they want without also giving the bad guys access, but I can't. If the FBI gets its way and forces companies to weaken encryption, all of us – our data, our networks, our infrastructure, our society – will be at risk.

That's West Coast Law in a nutshell. It's science. It's binary. Resistance to it is futile.

The decision by Judge James Orenstein to deny a government demand against Apple, based on the arguments used in San Bernardino, is thus theater. So, too, with the House hearing. Congress could pass a law, and the President could sign a law, mandating that all security have a back door, just as was sought in 1991.

But even if Tim Cook was not allowed to defy such a demand, as he says he will in the case of the PIN, replacing it with something "even Apple" can't crack, unbreakable security is possible. Which means unbreakable security will exist.

Will only criminals and governments have it? Or will you? Will everyone? It's all or nothing. That's the ruling of West Coast Law.

And what of Diffie and Hellman, who launched this ship 40 years ago? They were just awarded the Turing Prize, computing's equivalent of the Nobel.

Law can't defy science. ®

Sponsored: Accelerated Computing and the Democratization of Supercomputing