China Is Watching the FBI-Apple Battle Very Closely

Protesters carry placards outside an Apple store in Boston on Feb. 23, 2016.

AP Photo/Steven Senne

AA Font size + Print

Protesters carry placards outside an Apple store in Boston on Feb. 23, 2016.

Even if the U.S. government abandons its insistence on a backdoored iPhone, Beijing may not.

Shadowing the standoff between the FBI and Apple over access to an encrypted iPhone used by one of the San Bernardino attackers is the question: What will China do? If Apple creates unique software that allows Washington access to the phone, does that open the door for Beijing to make similar demands on the company and all other foreign technology firms operating in China? As Sen. Ron Wyden of Oregon argued, “This move by the FBI could snowball around the world. Why in the world would our government want to give repressive regimes in Russia and China a blueprint for forcing American companies to create a backdoor?”

Certainly, China watches U.S. statements and policy very closely. An early draft of China’s counterterrorism law included provisions requiring the installation of backdoors and the reporting of encryption keys. In the face of criticism from the US government and foreign technology companies, Fu Ying, spokeswoman for the National People’s Congress, defended the provisions as in accordance with “international common practices,” adding that it was common for the Western countries, such as the United States and Britain, to request tech firms to disclose encryption methods. The final law, passed in December 2015, was much more ambiguous about what type of demands the government would make on technology companies, but it is clear that Chinese leaders are more than happy to exploit what is happening in the United States as rhetorical cover.

Yet we should be clear that what happens in the United States will have very little impact on what China ultimately decides to do. Beijing, like governments everywhere, wants to collect and analyze data for law enforcement and national intelligence reasons. The desire for data may only intensify under Xi Jinping’s leadership; the Chinese Communist Party appears increasingly worried about domestic stability and the spread of information within the country’s borders. For foreign companies, refusal to cooperate with the Chinese authorities will increasingly lead to a loss of market opportunities.

Faced with competing pressures across the many jurisdictions that they operate in, there are no easy options for the companies. Any resolution will be political, not technical. The ideal outcome is a multilateral agreement that embraces privacy and the strongest encryption possible, but also allows government access to data for legitimate purposes.

The most workable solution within the United States may in fact involve sidestepping the question about whether governments (or companies) should be able to break encryption. As a recent report from the Berkman Center for Internet & Society at Harvard University argues, there are now massive amounts of data generated through the Internet of Things (cars, thermostats, surveillance cameras and hundreds of devices other connected devices) and the metadata (time, location, address, but not content) produced by cell phones and Internet communications. This data can be made available to law enforcement through established legal procedures, while leaving the encryption that protects phones and other devices alone.

This approach could be standardized across the Atlantic. Governments would leave encryption alone, but share other measures to collect data. With Privacy Shield, the new agreement that regulates the transfer of data by companies between the U.S. and the EU, and reports that the U.S. and UK are negotiating a new treaty that would allow easier access for law enforcement to data, there are promising signs that it is possible to develop trans-Atlantic agreements about how information might be shared across national borders.

China, however, remains the hard case. There is no indication that Beijing would be willing to forgo access to encrypted data on a phone, and, given cultural and political differences, little hope for rules and standards shared across the European, Chinese, and American economies. China and Apple seem to have reached a temporary détente. Beijing has so far not made any further public demands on Apple, and the Chinese market is increasingly important to the company’s future, with revenues growing to $12.5 billion in 2015.

Yet Beijing has also made it clear that it expects foreign companies to follow its rules if they want to continue selling in the Chinese market. As China’s cyber czar Lu Wei said in December, “As long as you don’t harm China’s national interests or Chinese consumers’ interest, we welcome you and your growth in China.” Apple is likely to be pushed, unwillingly, into forking its products, creating separate, less secure products for Chinese users. While this will be a bitter pill for Tim Cook and Apple to swallow, given their promises to defend the privacy of all users, it is likely to be the price of continuing to do business in China.

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.