Quartz reporter Joon Ian Wong wrote an article where he appears to conflate Apple’s showing its source code to China as somehow being the same thing as putting in a backdoor.
"Apple's response to US and UK government demands for backdoors to user data has been direct, bordering on defiant," Mr. Wong wrote. "Apple appears to take a different tack in dealing with data security demands from China, a key growth market for the company."
So did Apple give China a backdoor or some secret keys? His assertion seems to be that maybe Apple gave China access to see Apple's source code. Here is the choice quote:
If Apple had indeed agreed to a Beijing security audit, it could have shared vital information with the Chinese government, such as its operating system's source code, that could indirectly help government agents discover vulnerabilities on their own. It would have been a serious departure from Apple's public, privacy-centric stance.
The assertion apparently is that if Apple lets China see Apple's source code, it's somehow akin to letting the government see what is on every person's iPhone.
This maybe one of the most profoundly misguided assertions about encryption software ever made. It is laughable to anyone that knows anything about cryptography. Showing the source code in no way reveals the magic encryption keys generated by the source code and maintained in secret on peoples' individual devices.
It would be like saying revealing the source code to Microsoft Word would let the government know the contents to the novel you wrote using Word. To call this horse$%!# is an odious insult to horse$%!#.
If you do a search for "encryption" on GitHub (an open source repository), you get over 6,500 open source application/library results. Check it out. This is why it's moronic that the government wants Apple to put in a backdoor into its operating systems, something that TMO’s own Bryan Chaffin has ranted about many times.
Terrorists will simply pick any one of those 6,500-plus open source encryption packages on GitHub or elsewhere, and have their own private encryption software that cannot be defeated, and meanwhile the government will deprive all honest law abiding citizens of their right to privacy.
So why are there so many encryption projects that expose their source code? Well, encryption experts believe that seeing source code to encryption software makes the software better because anyone can confirm there are no backdoors.
In other words, this is exactly the opposite reason implied by Joon Ian Wong's article. The US and UK have asked Apple to put a backdoor into its source code, while China wants to see the source code is to ensure there is no backdoor, at least one that China itself doesn't have access to.
Furthermore, asking Apple to see its source code is not the same as giving China Apple's source code; for such an audit, there is no reason to believe Apple just handed China the source code for its entire operating system. The more likely scenario that Apple would let Chinese engineers examine its software under the supervision of Apple engineers without actually turning the software over.
So why is the Quartz article conflating Apple's maybe making source code available to inserting a back door? Other than the obvious attraction of clickbait, an alternative theory for the creation of an article that so grossly misrepresents the reason for a software audit is some anti-Apple agenda.
His article may have been a fair bit of questioning if we knew Apple had handed over its source code to China, while denying the US and UK that same access—that would have been an Apples to Apples comparison. But, as far as we know, the US and UK did not ask Apple to view its source code, and there is no reason to believe that if Apple showed its source code to China that it would not show its source code to the US and UK.
And to iterate, the US and UK governments likely have zero interest in just seeing Apple’s source code, because that won’t give them what they really want, a back door.
That makes the Quartz piece either deliberately disingenuous or based on a foundation of ignorance. Reporter Joon Ian Wong should either provide evidence that Apple gave China its source code (as opposed to merely letting China see its source code), or worse some kind of back door access to the Chinese government. Absent such evidence, Quartz and Mr. Wong should apologize for being so profoundly wrong and/or disingenuous with his article.
[Correction: This article originally named Reuters as the publisher of this article, but Joon Ian Wong was writing for Quartz. The article has been corrected accordingly. - Editor]
Image made with help from Shutterstock.