In its latest attack on data security, the DOJ tried to suggest that Apple has given the Chinese government backdoors into its products. Sadly for this storyline, it’s merely an attempt to blur lines around the encryption debate.
Specifically, the government claims:
… Apple produced a modified iPhone for sale in mainland China that used a “WAPI” WiFi standard as required by the Chinese government… Apple was the first Western company to have its products use WAPI and “
[t]hus, [Apple] is presumably sharing confidential information with the [Chinese] government”Does this WAPI use case meaningfully contribute to the debate? Or is it just inflammatory rhetoric by the DOJ? We’ve unpacked the argument below. But first, the basics:
What is WiFi?
WiFi is likely something you use every day to access and share content over the internet. Officially, WiFi is a technical protocol for the transfer of data in wireless local area networks (WLANs). This protocol is contained in a set of technical standards. WiFi employs security protocols to protect access to WLANs that include encryption algorithms, such as Wi-Fi Protected Access 1 (WPA) and 2 (WPA2).
Since its release in 1997, WiFi has undergone a variety of amendments to increase data transfer speed, quality of service, and security – some of which are the result of regional or country-specific requirements.
What is WAPI?
WLAN Authentication and Privacy Infrastructure (WAPI) is a Chinese national standard developed in the early 2000s to secure WLANs within China’s borders – it functions as a de facto requirement for companies selling products in China. WAPI was developed by the China Broadband Wireless Internet Protocol Standards group, and includes its own encryption algorithm. In order for devices sold in China to gain access to public networks in the country, they must support the WAPI protocol. However, devices can access private networks using other protocols like WPA or WPA2.
Because access to the WAPI protocol is owned and controlled by a group of China-based chipset manufacturers, it has been at the core of trade disputes with major trading partners including the United States.
Ostensibly, the Chinese government offered WAPI up to the standards body as a “new and improved” authentication mechanism for wireless networks. However, technical experts, the U.S. government, and industry saw this as a ploy to force companies to purchase chips from domestic Chinese manufacturers as part of their “indigenous innovation,” and to set up trade barriers.
So, how does this come into play in the case against Apple?
Let’s take a closer look at the government’s arguments.
Myth: The WAPI standard enables a built-in backdoor to the encryption used in WiFi.
Reality: WAPI’s encryption has not been determined to contain a “backdoor.” The WAPI standard is mandated by the Chinese government to ensure revenue for its domestic businesses.
The U.S. government and tech industry have long agreed that WAPI mandates are really about trade discrimination, and are just another example of the widespread practice that the Chinese government uses to create technical barriers to trade against “foreign” companies in order to boost its domestic industry.
Myth: WiFi products sold in the Chinese market must use WAPI and exclude other security protocols such as WPA and WPA2.
Reality: Support for the WAPI standard in a wireless device does not exclude it from supporting other WLAN security protocols. Today, many vendors that sell wireless devices in China incorporate chipsets that support WAPI along with WPA, WPA2, and WEP.
Myth: Apple gained entrance to the Chinese market by building a backdoor in the iPhone’s encryption through its support of WAPI.
Reality: Today, the WAPI standard is widely deployed in all kinds of WLAN equipment sold in the Chinese market by companies from all over the world. This has been a boon to Chinese companies through increased licensing fees collected from foreign manufacturers. While it’s not good for free trade or international standards, it’s a bad trade policy – not a security-driven one.
Use of the WAPI standard does not require a “backdoor” being built into the encryption algorithms employed by WLAN devices. The U.S. Government and the global ICT industry opposed the WAPI condition due to it being a case of blatant trade discrimination.
The ongoing debate around encryption requires thoughtful and deliberate public discourse with a wide range of stakeholders. Unsubstantiated anecdotes, such as the WAPI argument alleged by the DOJ, act as a smoke screen rather than a meaningful contribution to this important conversation.
Image: Andrew Hart / license / no changes made