Skip to content
Naked Security Naked Security

Bill Gates takes issue with reports that he’s backing FBI over Apple

But he's also taken issue with Apple's assertions that the feds are after an encryption backdoor and that it would set a wider precedent.

No, Bill Gates says: he isn’t siding with the FBI over encryption in its court battle with Apple.

At least, it’s not quite as simple as that.

The co-founder of Microsoft on Tuesday clarified his earlier statements about how Apple should unlock the iPhone of the San Bernardino shooter.

In an interview with the Financial Times, Gates had said that the Feds were after one specific thing: they want Apple to unlock a terrorist’s phone.

That’s it, Gates said, thereby disagreeing with Apple CEO Tim Cook’s assertions that the government is after a backdoor in Apple’s encryption and that the case will set a wider precedent.

From the FT interview:

This is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case.

It is no different than [the question of] should anybody ever have been able to tell the phone company to get information, should anybody be able to get at bank records. Let’s say the bank had tied a ribbon round the disk drive and said, ‘Don’t make me cut this ribbon because you’ll make me cut it many times’.

His take has been interpreted as breaking ranks with the technology industry.

Google, WhatsApp and Microsoft have backed Apple’s defiance on the court’s encryption order, though Microsoft’s support was seen as being tepid.

Whereas the leaders at Google and WhatsApp have come out in full-throated support of Apple, Microsoft’s head, Satya Nadella, has remained quiet.

Prior to Gates’s remarks, Microsoft had simply pointed to a statement against the court order.

Brad Smith, Microsoft’s president and chief legal officer, tweeted a link to a pro-Apple statement from Reform Government Surveillance: a coalition of tech companies, including Microsoft, that monitors government surveillance issues.

Following his statements to the FT, Gates backpedaled a bit in an interview with Bloomberg.

Clearly, the government’s historically taken information and used it “in ways we didn’t expect,” he said, “going all the way back to, say, the FBI under J. Edgar Hoover.”

But while government misuse of information is the potential that lies on one end of the spectrum, Gates said that there’s a middle ground:

I do believe there are safeguards where the government doesn’t have to be entirely blind.

What exactly does an unblinded government that’s not hoovering up everybody’s personal information entail?

Gates said that the courts, and Congress, will decide, referring to examples such as the evolution of the Patriot Act.

In the meantime, “it gives us an opportunity to have a discussion,” he said.

He continued:

You don’t want to just take the minute after a terrorist event and swing [in] that direction. Nor do you, in general, want to completely swing away from government access when you get some abuse being revealed. You want to strike that balance, that the United States needs, in setting an example.

Everybody wants to feel like their information is kept private. Particularly because more and more of your activity is there in that digital log. Then again, when people are empowered by technology in terrorist activities, it’s not just that they can kill a few people. It’s [that] through nuclear, biological [weapons], they can kill a lot.

We do want the government out there trying to stop those things from happening.

Gates’s avowal that the Apple vs. FBI case is simply about one mobile phone, not about undoing encryption on a broad scale, echoes what FBI Director James Comey said in a statement published on Lawfare.

This isn’t about breaking encryption or setting loose some master key, Comey said.

Rather, it’s about developing software to enable brute-force password attacks, by disabling the iPhone auto-erase security feature that kicks in after 10 failed password attempts.

Sophos does not agree with backdoors in software. It’s put out a #nobackdoors pledge that explains why.

Image of Bill Gates courtesy of 3777190317 / Shutterstock.com

11 Comments

Does sophos agree with Gates or Apple in this case? As Gates is kind of saying that this isn’t really a backdoor its just breaking one phone?

But if its possible to take an iPhone, install something that disables the “wipe phone after 10 tries” and then brute force the password. Then it is creating a backdoor right? Because if someone else could do that to an iPhone they could also get access to any iPhone with enough time and computing power?

As I understand it they cannot put anything on this particular phone as it is password protected. The ‘brute-force’ would need to be applied external to the phone.

What the FBI need isn’t actually a backdoor, rather Apple to build software that can bulldoze through the encryption from outside the phone without forcing the ’10 tries’ lock-out. Apple would own this software and anyone wishing to have it used on a suspect’s iPhone would still need Apple’s compliance because they would have to physically take the device to Apple. It wouldn’t be, and shouldn’t be run from anything other than a very secure Apple server. It wouldn’t be part of the iPhone so couldn’t be used by anyone else.

Where is there a problem with this?

Assuming that’s how it would/could work, the goal is to bypass standard security protection – what essentially amounts to recovering the password via a backdoor. Can you imagine how much time the US economy would spend on doing these “one off” recoveries once Pandora’s Phone is opened? Because it isn’t really a “one off,” is it?

And “Apple’s compliance” doesn’t come into it. You make it sounds as though Apple can pick and choose the cases it will decide to work on, and that this one is special because of who used the phone. That’s the problem with backdoors. Once you unlock the backdoor, it can take decades to lock it again.

My feeling is that if Apple is forced to do this phone, and manages to do it, the company will have 1000s more “one off” requests by year end, and no way to refuse. The process will become onerous enough that it doesn’t feel too far fetched to imagine a court asking Apple to outsource the unlocking process because it can’t meet its legal unlocking obligations in reasonable time.

Oh, and just think: if Apple unlocks the phone and there are some files on it that can’t be accessed due to some third party vendor…guess who’s next to face a forcible-unlock lawsuit? Rinse. Repeat.

It’s ‘simply’ that if it is done once then the game is over, period! The gov will force it legally one way or another thereafter and should that prove unacceptable (too time-consuming etc) they will no doubt make sure to have a log etc to follow thereafter no matter the ‘secure server’ used, or anything else. Does it appear they will accept any obstructions to their quest for absolute & complete access to anything they want? The word ‘legal’ will always be debatable & selectively avoidable for them in this quest for ‘terrorists’ and most understand that by now which is at the core of refusal to them, plus, when you make a disaster happen only for the purpose of forcing an agenda and leave thermite evidence laying about can and should trust be regained, no. Citizens mostly do not accept ‘acceptable loss’ as well as the gov might wish lol.

it may not be about creating a back door, but it is about getting access to encrypted data. no matter how you put it they want to bypass the security of the phone. no thank you.

As much as I’m sure we’d all rather this phone were opened so that the government could have access to one terrorist’s information, the unfortunately reality is that Gates, and anyone else who supports the government’s position here are nearsighted. It doesn’t stop here. It’s not just one phone, and if they build this capability, there is a strong chance that it will fall in to the wrong hands or be subject to misuse.

I get that the strong emotional reaction to these heinous acts leads us all to initially dismiss Apple’s position here. That’s human nature. However, if we step back for even a moment and consider the broader consequences, I can’t see how anyone would see this as advisable.

This appears to be an opposing opinion from the former head of Microsoft. But in fact Microsoft is/was fighting the release of email on an Irish server.

I know it’s not the same principal of law at work, but both open the door to the same slippery slope.

And who will ever need more than 640 K of ram anyways….

“Apple would own this [hacked iOS] software…… It wouldn’t be, and shouldn’t be run from anything other than a very secure Apple server.”

So unlike

Microsoft Source Code – October, 2000
Google – May 2013
NSA (Snowden) – May 2013
US Military Weapons Systems Designs – May 2013
Kaspersky Labs – June 2015
US Office of Personnel Management – Sep 2015
Apple App Dev Xcode – Sep 2015
Nato – Oct 2015

Apple are (clearly not!) convinced their secure Apple Server can remain “secure”?
And no-one in their team could possibly be employed by a foreign power or Hacker Team?
And they don’t employ a “Chelsea Manning” (Nee Bradley) or an “Edward Snowden”?

Great! So what could possibly go wrong?

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?