Bill Gates thinks Silicon Valley isn’t worried enough about government regulation. In a new interview, he warned that big tech companies are being reckless in their support for end-to-end encryption, and he made some cryptic comments about Apple.
The Bill and Melinda Gates Foundation released its annual letter on Tuesday, and Bill gave a brief interview to Axios this morning that raises more questions than it answers.
As lawmakers on both sides of the aisle have started paying more attention to tech’s increasing influence over our lives, Microsoft’s antitrust battle with the US government in the ‘90s has frequently been used as an example of the worst way to deal with the US government. Since it lost that case, Microsoft has become the war-weary veteran of the tech world—highly profitable and not too disruptive. Gates tells Axios that he fears “Apple and other tech giants” are in a precarious position at the moment. “The companies need to be careful that they’re not … advocating things that would prevent government from being able to, under appropriate review, perform the type of functions that we’ve come to count on,” he said.
When pressed for an example of how companies are flouting government oversight, he mentioned the wave of “enthusiasm about making financial transactions anonymous and invisible, and their view that even a clear mass-murdering criminal’s communication should never be available to the government.” Axios pointed out that he appeared to be referring to the FBI’s desire for an ability to break into encrypted iPhones. Gates replied, “There’s no question of ability; it’s the question of willingness.”
What does that mean?
In 2016, Gates was a surprising outlier in a major encryption debate. Gates supported the FBI’s request for Apple to help it break into the locked iPhone of the San Bernardino shooter. “This is a specific case where the government is asking for access to information,” he said. “They are not asking for some general thing, they are asking for a particular case.” This went against the position of Apple’s CEO Tim Cook. In a statement at the time, Cook insisted Apple doesn’t have the power to access a person’s private data on the iPhone because it’s intentionally encrypted to prevent that access. Cook said that the government was really asking for an entirely new tool to be created that would provide a backdoor for government agencies and would make all iPhones vulnerable to hackers. Other big names in tech like Facebook’s CEO Mark Zuckerberg came out in support of Cook’s position.
Gates may be semi-retired from tech, but he’s no novice, so it was surprising when he insisted that “nobody’s talking about a backdoor.” Apple says it intentionally doesn’t possess the tools to crack the iPhone and creating the tools would amount to a backdoor. But is Gates is calling bullshit on Apple’s claim that it currently doesn’t have the ability to break into an individual’s iPhone? Or is Gates saying that Apple should be more willing to create that ability?
For security professionals, the idea of a backdoor is nonsense. No software is bulletproof, there’s invariably a flaw to be exploited somewhere. But best practices dictate that if a flaw is found, it should be patched. Intentionally creating a hole in a device’s security is understood to be somewhat like locking all the doors in your house but leaving the bathroom window cracked. By creating an opening for one approved group, others are bound to notice it and exploit it, too.
The most generous interpretation of Gates’ warning is that he feels Apple and others would be better off leaving a backdoor that only they know how to access, and they should only use it when properly compelled by authorities. He’s not entirely wrong that a bunch of dullards in Congress could wake up one morning and suddenly say backdoors for the FBI are now the law of the land. But it seems irresponsible to give up the ideological fight in order to prevent some hypothetical worst-case scenario.
We’ve asked the Bill Gates Foundation for clarification on his comments and we will update this post when we receive a reply.[Axios]