An Apple A Day

An Apple A Day

Keeps security at bay

Apple’s refusal to unlock the San Bernardino terrorists’ smartphones has generated a heated debate in security, technology and legal circles nationwide. To many, Apple seems more interested in protecting its brand than cooperating to protect our national interests. As a practical matter, it would seem highly unlikely that Apple would adopt a position contrary to its financial self-interests, so the assumption that there is an underlying business motivation has some merit.

Bigger Issues

Apple has staked its flag upon privacy issues. As Tim Cook, Apple’s CEO’s, explains it, the issue is not about unlocking one phone. There are bigger issues afoot.

Beyond the immediate, the Apple controversy has raised policy discussions about the need for government agencies to have formal backdoors to encrypted communications and data. The basic argument is that criminals and terrorists can operate in the dark by using commonly available encryption like AES 256 ciphers, and there is no practical way for authorities to deencrypt and access information critical to thwarting serious criminal activities.

The arguments for backdoors are compelling, but before we rush headlong down backdoor paths, I would suggest we understand where they could lead, and in order to do so we first must uncover the substance of the issue.

Encryption Through the Ages

Nobody would assume the Navajo language, while virtually undecipherable and used during World War II for secret communications, would require a government back door. For that matter, whether it is undecipherable ancient Linear A script or modern English, language itself is a form of encoded information. So why does the government believe a backdoor is required for modern encrypted communications and stored data?

Is there something different about encrypted information than any other undecipherable or obscure human language? Perhaps, it is the ease of deciphering an encoded communication that is the essential difference. While on the surface this seems to be a distinction without substance, it could be rightfully argued that machine-generated unbreakable encryption is sufficiently nonhuman in origin to be different. In other words, unbreakable encryption exceeds the natural human capacity to devise and initiate such as a form of expression in the absence of a machine. Thus, it is not a form of protected human speech.

Yet, ciphers have been used since antiquity, for good and bad, precisely for secrecy communications. Even in more recent precomputer times, anyone could employ a relatively simple, mathematically unbreakable Vigenere cipher scheme. So, we again are left with the question of, “What is the real difference?” Whereas a Vigenere cipher requires only paper, pencil and a random passage from a secret book, modern encryption achieves these ends in a much more efficient and pervasive way. Even the Vigenere cipher itself is available as one-time pad software, albeit grossly inefficient for real-time communications. So, it would seem the real difference is that it is too easy, too accessible and too quick.

With any “too” controversy, the basic contention is that something is too advantageous. Government security agencies argue that they don’t want criminals to enjoy an advantage, because modern encryption is too good, too available and too uncontrolled. Of course, unfair advantage is a matter perspective. I hope that law enforcement enjoys every possible advantage over criminals, but I also don’t want criminals accessing my sensitive private data either.

The problem with backdoors is just that. It is another way in for everyone. But insofar as law enforcement and national security are concerned, for most of human history, crafty criminals enjoyed the advantage when it came to secret communications.

It was not until the communications age that phone tapping and eavesdropping came about and gave law enforcement a leg up. Phone networks became the places where most communications occurred, and intercepting communications became an essential part of the law enforcement’s repertoire.

In today’s cloud-based, Internet world, we are leaving “digital footprints” everywhere that we go well beyond transient phone calls and it provides law enforcement with a wealth of investigative advantages. This is offered up as a social good that helps make our communities more secure than ever before. But, we would be wise to be aware of its potential costs so as to avoid being short-changed on liberty.

Man vs. Machine

As we trek along the evolutionary path of man and machine, questions around encryption will continually arise. Yet, the root conflict goes beyond encryption. It is about the role of society versus the individual in relation to who really governs a new form of emerging intelligence that can increasingly see, record, and analyze the most trivial aspects of our daily lives. Every large city is populated with cameras monitoring public places, automatic license plate readers innocuously record passersby, and your mobile phone tracks your every movement. The fundamental question becomes: What are the limits of government access to the communications between mind and personal machine?

The brain, with all its memories, recollections and thoughts, is free from government intrusion. But, do we want personal privacy to shrink to the space between your ears, as smart refrigerators, TVs, cars, lights, and so on become ever present life companions. There will be no expectation of privacy because it will have been sacrificed long ago in exchange for the innocuous promise of convenience and ease. This, then, is the risk: to be lulled into the complacency of convenience.

Some may argue that backdoors are the price of security in an increasingly dangerous world. Access to powerful tools of secrecy and deception have given some nefarious people too much power, and the playing field needs to be rebalanced in favor of law enforcement. I would argue that we merely are reverting to the status quo, and this is not so much a new battle as much as a familiar conflict between individual autonomy and state control in pursuit of security.

Some argue that the stakes are higher than ever because of the threats of modern terrorism, global crime syndicates, rogue nations and other modern phenomena. I’m not so sure. History is replete with successive generations of hostile invaders, mass enslavement, savage conflicts and global pandemics. That said, I have no interest revisiting the Middle Ages either.

These issues require significant reasoned discourse with an understanding that technology will not stop and is accelerating at an ever-quickening pace. The ultimate question will be in whose hand or hands this awesome power will sit. I find no more comfort in Apple or Alphabet guarding privacy than good old Uncle Sam. Between them, I would bet on the one that has the greatest guarantee of human freedom in history. Ultimately, it will fall upon those in black robes covetously protecting our freedom; otherwise I don’t think we would stand a chance against technology.

Whereas Apple seeks to preserve and grow its profits, and government bureaucracies seek to preserve and expand power, it is the acolytes of the Constitution, unencumbered by neither, that can best preserve liberty. Let’s jealously guard liberty and understand there is more to privacy than mere expectation by custom. Privacy is inherently human, and our machines cannot be allowed to make us less so.

This article originally appeared in the May 2016 issue of Security Today.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”