Apple’s head of software engineering Craig Federighi has warned against going backwards in the “endless race” on digital security.

James Martin/CNET

With every new generation of smartphone and every browser update, there’s a security arms race being waged between software engineers and hackers.

Cyber security experts keep improving encryption, hackers find new vulnerabilities to exploit, and so the engineers work harder in turn to keep data safe.

But the head of software engineering at the world’s biggest tech company is refusing to be hobbled in this “endless race” against hackers, saying that engineers shouldn’t have to turn back the clock on security, no matter the stakes.

Senior vice president of software engineering at Apple Craig Federighi penned an op-ed in The Washington Post Sunday, arguing that building a backdoor into the iPhone would drag Apple back to security standards of three years ago.

Federighi’s comments are just the latest salvo in the legal battle between Apple and the FBI over requests to decrypt an iPhone belonging to one of the terrorists involved in December’s San Bernardino shootings. While the FBI, along with the US Department of Justice, argue that the device could hold vital clues, Apple says deliberately compromising security would affect the online safety of all its customers.

The case has seen the likes of Google and Microsoft weigh in on the debate, and even America’s Big Wig Donald Trump has called for an Apple boycott.

But for Apple’s software team, it’s a simple matter of not losing ground in a critical battle.

“Our team must work tirelessly to stay one step ahead of criminal attackers who seek to pry into personal information and even co-opt devices to commit broader assaults that endanger us all,” Federighi wrote in his op-ed. “Sadly, these threats only grow more serious and sophisticated over time.”

Just as Apple fans wouldn’t want the company to take the stage to launch an iPhone with last year’s specs, Federighi said Apple’s security team aren’t happy with old security either.

The encryption technology built into today’s iPhone represents the best data security available to consumers…

That’s why it’s so disappointing that the FBI, Justice Department and others in law enforcement are pressing us to turn back the clock to a less-secure time and less-secure technologies. They have suggested that the safeguards of iOS 7 were good enough and that we should simply go back to the security standards of 2013.

But the security of iOS 7, while cutting-edge at the time, has since been breached by hackers. What’s worse, some of their methods have been productized and are now available for sale to attackers who are less skilled but often more malicious.

These comments resonate all the more after security researchers today announced the discovery of ransomware targeting Apple’s Mac — what is believed to be the first of its kind found circulating in the real world. According to Federighi, the kind of encryption that Apple’s teams of engineers work so hard to maintain are the very protections that keep this kind of malware out of its devices, and keep data out of the wrong hands.

“Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks through access to just one person’s smartphone,” he said.

With Apple’s legal counsel being called before Congress and other big names in tech filing their support for the company, the stoush between Apple and the FBI is growing in scope by the day. And with national security being weighed against the personal security of an increasingly-connected public, both parties have serious skin in the game.

But for the engineers behind it all, the personal is political.

“Great software has seemingly limitless potential to solve human problems — and it can spread around the world in the blink of an eye,” says Federighi. “Malicious code moves just as quickly, and when software is created for the wrong reason, it has a huge and growing capacity to harm millions of people.”


Apple's head software engineer refuses to 'turn back the clock' on iPhone security – CNET