An Apple A Day

Keeps security at bay

• By Joseph Mazzarella
• May 01, 2016

Apple’s refusal to unlock the San Bernardino terrorists’ smartphones has generated a heated debate in security, technology and legal circles nationwide. To many, Apple seems more interested in protecting its brand than cooperating to protect our national interests. As a practical matter, it would seem highly unlikely that Apple would adopt a position contrary to its financial self-interests, so the assumption that there is an underlying business motivation has some merit.

Bigger Issues

Apple has staked its flag upon privacy issues. As Tim Cook, Apple’s CEO’s, explains it, the issue is not about unlocking one phone. There are bigger issues afoot.

Beyond the immediate, the Apple controversy has raised policy discussions about the need for government agencies to have formal backdoors to encrypted communications and data. The basic argument is that criminals and terrorists can operate in the dark by using commonly available encryption like AES 256 ciphers, and there is no practical way for authorities to deencrypt and access information critical to thwarting serious criminal activities.

The arguments for backdoors are compelling, but before we rush headlong down backdoor paths, I would suggest we understand where they could lead, and in order to do so we first must uncover the substance of the issue.

Encryption Through the Ages

Nobody would assume the Navajo language, while virtually undecipherable and used during World War II for secret communications, would require a government back door. For that matter, whether it is undecipherable ancient Linear A script or modern English, language itself is a form of encoded information. So why does the government believe a backdoor is required for modern encrypted communications and stored data?

Is there something different about encrypted information than any other undecipherable or obscure human language? Perhaps, it is the ease of deciphering an encoded communication that is the essential difference. While on the surface this seems to be a distinction without substance, it could be rightfully argued that machine-generated unbreakable encryption is sufficiently nonhuman in origin to be different. In other words, unbreakable encryption exceeds the natural human capacity to devise and initiate such as a form of expression in the absence of a machine. Thus, it is not a form of protected human speech.

Yet, ciphers have been used since antiquity, for good and bad, precisely for secrecy communications. Even in more recent precomputer times, anyone could employ a relatively simple, mathematically unbreakable Vigenere cipher scheme. So, we again are left with the question of, “What is the real difference?” Whereas a Vigenere cipher requires only paper, pencil and a random passage from a secret book, modern encryption achieves these ends in a much more efficient and pervasive way. Even the Vigenere cipher itself is available as one-time pad software, albeit grossly inefficient for real-time communications. So, it would seem the real difference is that it is too easy, too accessible and too quick.

With any “too” controversy, the basic contention is that something is too advantageous. Government security agencies argue that they don’t want criminals to enjoy an advantage, because modern encryption is too good, too available and too uncontrolled. Of course, unfair advantage is a matter perspective. I hope that law enforcement enjoys every possible advantage over criminals, but I also don’t want criminals accessing my sensitive private data either.

The problem with backdoors is just that. It is another way in for everyone. But insofar as law enforcement and national security are concerned, for most of human history, crafty criminals enjoyed the advantage when it came to secret communications.

It was not until the communications age that phone tapping and eavesdropping came about and gave law enforcement a leg up. Phone networks became the places where most communications occurred, and intercepting communications became an essential part of the law enforcement’s repertoire.

In today’s cloud-based, Internet world, we are leaving “digital footprints” everywhere that we go well beyond transient phone calls and it provides law enforcement with a wealth of investigative advantages. This is offered up as a social good that helps make our communities more secure than ever before. But, we would be wise to be aware of its potential costs so as to avoid being short-changed on liberty.

Man vs. Machine

As we trek along the evolutionary path of man and machine, questions around encryption will continually arise. Yet, the root conflict goes beyond encryption. It is about the role of society versus the individual in relation to who really governs a new form of emerging intelligence that can increasingly see, record, and analyze the most trivial aspects of our daily lives. Every large city is populated with cameras monitoring public places, automatic license plate readers innocuously record passersby, and your mobile phone tracks your every movement. The fundamental question becomes: What are the limits of government access to the communications between mind and personal machine?

The brain, with all its memories, recollections and thoughts, is free from government intrusion. But, do we want personal privacy to shrink to the space between your ears, as smart refrigerators, TVs, cars, lights, and so on become ever present life companions. There will be no expectation of privacy because it will have been sacrificed long ago in exchange for the innocuous promise of convenience and ease. This, then, is the risk: to be lulled into the complacency of convenience.

Some may argue that backdoors are the price of security in an increasingly dangerous world. Access to powerful tools of secrecy and deception have given some nefarious people too much power, and the playing field needs to be rebalanced in favor of law enforcement. I would argue that we merely are reverting to the status quo, and this is not so much a new battle as much as a familiar conflict between individual autonomy and state control in pursuit of security.

Some argue that the stakes are higher than ever because of the threats of modern terrorism, global crime syndicates, rogue nations and other modern phenomena. I’m not so sure. History is replete with successive generations of hostile invaders, mass enslavement, savage conflicts and global pandemics. That said, I have no interest revisiting the Middle Ages either.

These issues require significant reasoned discourse with an understanding that technology will not stop and is accelerating at an ever-quickening pace. The ultimate question will be in whose hand or hands this awesome power will sit. I find no more comfort in Apple or Alphabet guarding privacy than good old Uncle Sam. Between them, I would bet on the one that has the greatest guarantee of human freedom in history. Ultimately, it will fall upon those in black robes covetously protecting our freedom; otherwise I don’t think we would stand a chance against technology.

Whereas Apple seeks to preserve and grow its profits, and government bureaucracies seek to preserve and expand power, it is the acolytes of the Constitution, unencumbered by neither, that can best preserve liberty. Let’s jealously guard liberty and understand there is more to privacy than mere expectation by custom. Privacy is inherently human, and our machines cannot be allowed to make us less so.

This article originally appeared in the May 2016 issue of Security Today.