Mozilla Exec: There’s No Such Thing as a Safe Backdoor

Since the news broke of the FBI request for Apple to unlock the iPhone used by one of the San Bernardino attackers, we’ve seen reactions from many horizons: tech companies, the FBI, victims’ families and, last weekend, President Barack Obama.

This case is attracting a lot of attention, and it should. Much is at stake. This is not about Apple, or the FBI or helping the bad guys. It is about how to achieve the best public safety for all Americans. That’s what we all want, and we all have our part in achieving that goal. As technology companies, we do it through building and deploying the best security measures available to protect users and the technologies that they rely on every day.

This is not about a single iPhone, either. This case is about the security and the trustworthiness of the technology that everyone depends on. In modern technology companies, we do not get to make decisions about one phone, or one encryption key or one user’s Internet browser. Instead, decisions we make about how to build our products have ramifications for hundreds of millions of Americans and people around the globe.

The government is telling us that Apple would rather its products be warrant-proof and that this fight is a marketing decision on the part of Apple. The view that any company would design products with the goal of being “warrant-proof” is ludicrous. Companies like Apple have built a reputation on creating products aimed at making people’s lives easier. They are looking out for their users, not trying to make their technology warrant-proof.

The decisions we make about our products can also build or undermine trust in the Internet. People need to know that the Internet and other modern communications tools are on their side. The Internet is integral to our lives, our economy and even our national security.

If the technology we use cannot be trusted, it places those activities in jeopardy.

Too many recent incidents have already undermined that trust and shown that modern communications tools are not as secure as they need to be. That is why we care about the outcome of this case.

Much like the victims’ families, the Americans public is divided. A recent Pew Research survey found that 51% respondents said Apple should unlock the phone and 38% said that it should not. We’ve heard people say that refusing to unlock the iPhone is helping terrorists. Encryption is not about helping the bad guys; it is about protecting the good guys and Internet users at large.

Companies should be able to build the best security for their users that they can provide. They should aspire to build “unhackable” products. But if Apple is required to create and install a malicious version of its operating system, it is not clear where the government’s authority would end. Companies could be told not to build secure products in the first place. Such mandated insecurity would have devastating consequences and would undermine all of the efforts we have collectively made to protect the safety of users and the Internet.

And here is a dirty secret: as bad as this could be for Apple, it could be worse for others and their users. Many companies do not have the resources or the engineering know-how to protect the malware they may be forced to create if the government is allowed to do this here. We also need to understand that any backdoors that companies are asked to build are doors that can be opened, not just by law enforcement, but by others that want to do harm roaming the Web.

There is just no “safe” backdoor. You are either safe or you are not.

Mozilla has filed an amicus brief in support of Apple.