We Cannot Have A Master Key: Why Apple and Tim Cook Have it Right
Originally published on Medium
Apple did a brave thing today.
As Tim Cook describes, backdoors are vulnerabilities?—?they are a technical feature, not a controllable policy. If introduced, they can be exploited not only by our vendors and government, but by others (criminal hackers, foreign governments, rogue individuals in organizations with legitimate access).
For more than twenty years, security experts have come out against this inbuilt vulnerability: “Key recovery systems [aka systems with backdoors] are inherently less secure, more costly, and more difficult to use than similar systems without a recovery feature.”
There is overwhelming evidence that actors good and bad, public and private will have access to increasing data about us all. Despite the concerns and frustrations about law enforcement investigations “going dark”?—?instead of sparse breadcrumbs for law enforcement to follow, there are now endless troves of new, rich communications and behavior data. Even encryption (the adoption of which is still very slow and incomplete) only partially obfuscates it.
How would the FBI have tracked someone years ago? The rise of smartphones bring only more opportunities for heavy-handed surveillance, not less. One could argue that even the metadata (the data about the data) of encrypted communications in the mobile age gives richer visibility than the full, unencrypted content of the early internet age.
Today, if you had unencumbered access to everyone’s smartphone, you could find out where I’ve been, who I’ve spoken to, texted, emailed, what I asked Google, what I bought, where I bank, if I’ve run, what media I read and watched, where I live, and who my family, my friends and colleagues are.The more internet services I use, the more digital exhaust I leave behind.Depending on what other connected devices I have (many of which interact with my phone) you might be able to find out what I eat, and look into my house by remote video. The potential granular visibility into individual lives is startling.
I have confidence that law enforcement can continue to innovate in their defense of their citizens, and can use the ever-growing digital footprint we all have to effectively surveil terrorists and other bad actors. Even our best systems and services?—?and we use so many?—?are not that secure. I have confidence that a highly motivated, sophisticated and funded actor?—?of which law enforcement is one?—?intent on learning about an individual can succeed in more cases than not. The trend is ever in their favor.
Unfortunately, even when intent is good, I do not have confidence that enabling easier bulk surveillance will be a net positive. History suggests that “surveillance creep” is the norm?—?use for inappropriate reasons, or for the silencing of dissident voices, or by a broader and broader base (see use of Stingray devices by local law enforcement). If so easily available, the data is too attractive to abuse.
We all have a right to privacy. We should applaud Tim Cook for trying to uphold that right (and enabling it by default).
I wholeheartedly agree. Data access is a slippery legal slope, and the risk in this case is not worth the return.
High-Tech Entrepreneur | Executive | Advisor
9 年The FBI is not asking Apple for a "master key" because none exists. Instead, they want a special version of the OS that would not limit passphrase guessing to just 10 tries. There is no guarantee that the FBI will succeed in its guessing attempt even when the limit is removed. That said, if the FBI prevails legally and Apple provides such an OS version, the danger is that this OS version will sooner or later get into the wrong hands. If in doubt, look no further than the recent OPM hacking incident whereby ~20M secret clearance records were exposed to intruders for about a year! The only reasonable compromise I can see is if this special OS version, issued under a binding and final court order, were tied to the particular device that needs to be open. But that restriction could probably be hacked as well, unless some unique features of the security chip on the device were used.