Open source software doesn’t know borders. It doesn’t know friends, enemies, or frenemies. It doesn’t know if you’re an FSB agent, or an ISIS operative, or an FBI agent. It is also why you are able to use your iPhone or Android phone today. For iPhone, it’s rooted in a BSD kernel, and for Android, it is rooted in a Linux kernel.
The only major fully-closed-source platforms out there, are Windows 10 and BlackBerry 10. When you’re closed source, you can create special keys that allow specific people to “break in” to a device, while freezing others out.
But with open source, it’s a lot more complicated. Let’s say for a second that there was a law, which compelled Google to allow FBI agents to hack people’s Android phones. A federal magistrate, unfortunately, gave an order to Apple recently that carried the same force. Apple likely will appeal that order, on the basis it cannot be implemented… I hope that they do.
Eventually, the terrorists would (and as I’ll explain later, already have) simply catch wise to the fact this backdoor exists. They would bake their own builds of Android software – and flash it to their phone, with their own encryption… sans the backdoor key. For iOS, this can be done with jailbreaking. For Windows, well, it’s more complicated… but usually, this would be done by encrypting data with an app like VeraCrypt.
And despite conspiracy theories surrounding TrueCrypt, there are dozens – literally, dozens, of FOSS (free open source software) alternatives.
In the end, the terrorists will (and already do) simply Trust No One™. They’ll run their own software (which will appear totally like stock Android, by the way) and the only people that will really be impacted, will be law-abiding citizens. For one, European companies will begin avoiding American devices, just like EU techies now have begun to avoid American data centers.
And for two, American’s Fourth Amendment civil liberties will now be under constant assault. With the FBI holding keys to decrypt standard/built-in firmware, you can rest assured, the insatiable-and-human urge will be to use them on more than just terrorists. Just as the Patriot Act has been leveraged against very-much-not-terrorist drug dealers, amongst others.
When laws are drafted, lawmakers often tout that they will only be used against one discreet group. Be wary when the people implementing those laws don’t sign on to those statements. They rarely do.
At some point, someone’s civil liberties will be violated. Badly.
But the worst-worst thing about putting backdoors in devices, is that you cannot promise they are exclusive to a single party. At some point, the “FBI Key” could (and probably, would) become backdoor-exposed to terrorists, foreign governments, and/or unscrupulous individuals or corporations. Before the technology company is even aware that a decryption method is being utilized by nefarious individuals, data of their customers could be compromised.
This is not theoretical. It has been done in the past, on the PC, particularly in Windows. It will be done in the future. A smartphone is a tiny PC. None of this is new. I am not spilling state secrets by this editorial. If you think I’m sharing anything new, groundbreaking, or would seriously aid or assist a group like ISIS, then you are sadly out of date. ISIS has their own engineers.
It is already public, common knowledge that ISIS already has done every action that I have posted above… or I wouldn’t have posted it.
We, as a sector, and as a community, need to send the FBI and lawmakers a clear message: We support what you want to do, it just isn’t possible to implement properly… especially in an Open Source Software world.
Full disclosure: Console, Inc. is (trying to be) a company that builds Android devices. We also make Console OS with Android, which is fully open-source on GitHub. We cannot embed a backdoor in our source code… without it being ridiculously easy for someone else to use too.