An Apple A Day

An Apple A Day

Keeps security at bay

Apple’s refusal to unlock the San Bernardino terrorists’ smartphones has generated a heated debate in security, technology and legal circles nationwide. To many, Apple seems more interested in protecting its brand than cooperating to protect our national interests. As a practical matter, it would seem highly unlikely that Apple would adopt a position contrary to its financial self-interests, so the assumption that there is an underlying business motivation has some merit.

Bigger Issues

Apple has staked its flag upon privacy issues. As Tim Cook, Apple’s CEO’s, explains it, the issue is not about unlocking one phone. There are bigger issues afoot.

Beyond the immediate, the Apple controversy has raised policy discussions about the need for government agencies to have formal backdoors to encrypted communications and data. The basic argument is that criminals and terrorists can operate in the dark by using commonly available encryption like AES 256 ciphers, and there is no practical way for authorities to deencrypt and access information critical to thwarting serious criminal activities.

The arguments for backdoors are compelling, but before we rush headlong down backdoor paths, I would suggest we understand where they could lead, and in order to do so we first must uncover the substance of the issue.

Encryption Through the Ages

Nobody would assume the Navajo language, while virtually undecipherable and used during World War II for secret communications, would require a government back door. For that matter, whether it is undecipherable ancient Linear A script or modern English, language itself is a form of encoded information. So why does the government believe a backdoor is required for modern encrypted communications and stored data?

Is there something different about encrypted information than any other undecipherable or obscure human language? Perhaps, it is the ease of deciphering an encoded communication that is the essential difference. While on the surface this seems to be a distinction without substance, it could be rightfully argued that machine-generated unbreakable encryption is sufficiently nonhuman in origin to be different. In other words, unbreakable encryption exceeds the natural human capacity to devise and initiate such as a form of expression in the absence of a machine. Thus, it is not a form of protected human speech.

Yet, ciphers have been used since antiquity, for good and bad, precisely for secrecy communications. Even in more recent precomputer times, anyone could employ a relatively simple, mathematically unbreakable Vigenere cipher scheme. So, we again are left with the question of, “What is the real difference?” Whereas a Vigenere cipher requires only paper, pencil and a random passage from a secret book, modern encryption achieves these ends in a much more efficient and pervasive way. Even the Vigenere cipher itself is available as one-time pad software, albeit grossly inefficient for real-time communications. So, it would seem the real difference is that it is too easy, too accessible and too quick.

With any “too” controversy, the basic contention is that something is too advantageous. Government security agencies argue that they don’t want criminals to enjoy an advantage, because modern encryption is too good, too available and too uncontrolled. Of course, unfair advantage is a matter perspective. I hope that law enforcement enjoys every possible advantage over criminals, but I also don’t want criminals accessing my sensitive private data either.

The problem with backdoors is just that. It is another way in for everyone. But insofar as law enforcement and national security are concerned, for most of human history, crafty criminals enjoyed the advantage when it came to secret communications.

It was not until the communications age that phone tapping and eavesdropping came about and gave law enforcement a leg up. Phone networks became the places where most communications occurred, and intercepting communications became an essential part of the law enforcement’s repertoire.

In today’s cloud-based, Internet world, we are leaving “digital footprints” everywhere that we go well beyond transient phone calls and it provides law enforcement with a wealth of investigative advantages. This is offered up as a social good that helps make our communities more secure than ever before. But, we would be wise to be aware of its potential costs so as to avoid being short-changed on liberty.

Man vs. Machine

As we trek along the evolutionary path of man and machine, questions around encryption will continually arise. Yet, the root conflict goes beyond encryption. It is about the role of society versus the individual in relation to who really governs a new form of emerging intelligence that can increasingly see, record, and analyze the most trivial aspects of our daily lives. Every large city is populated with cameras monitoring public places, automatic license plate readers innocuously record passersby, and your mobile phone tracks your every movement. The fundamental question becomes: What are the limits of government access to the communications between mind and personal machine?

The brain, with all its memories, recollections and thoughts, is free from government intrusion. But, do we want personal privacy to shrink to the space between your ears, as smart refrigerators, TVs, cars, lights, and so on become ever present life companions. There will be no expectation of privacy because it will have been sacrificed long ago in exchange for the innocuous promise of convenience and ease. This, then, is the risk: to be lulled into the complacency of convenience.

Some may argue that backdoors are the price of security in an increasingly dangerous world. Access to powerful tools of secrecy and deception have given some nefarious people too much power, and the playing field needs to be rebalanced in favor of law enforcement. I would argue that we merely are reverting to the status quo, and this is not so much a new battle as much as a familiar conflict between individual autonomy and state control in pursuit of security.

Some argue that the stakes are higher than ever because of the threats of modern terrorism, global crime syndicates, rogue nations and other modern phenomena. I’m not so sure. History is replete with successive generations of hostile invaders, mass enslavement, savage conflicts and global pandemics. That said, I have no interest revisiting the Middle Ages either.

These issues require significant reasoned discourse with an understanding that technology will not stop and is accelerating at an ever-quickening pace. The ultimate question will be in whose hand or hands this awesome power will sit. I find no more comfort in Apple or Alphabet guarding privacy than good old Uncle Sam. Between them, I would bet on the one that has the greatest guarantee of human freedom in history. Ultimately, it will fall upon those in black robes covetously protecting our freedom; otherwise I don’t think we would stand a chance against technology.

Whereas Apple seeks to preserve and grow its profits, and government bureaucracies seek to preserve and expand power, it is the acolytes of the Constitution, unencumbered by neither, that can best preserve liberty. Let’s jealously guard liberty and understand there is more to privacy than mere expectation by custom. Privacy is inherently human, and our machines cannot be allowed to make us less so.

This article originally appeared in the May 2016 issue of Security Today.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

  • Protecting Data is Critical

    To say that the Internet of Things (IoT) has become a part of everyday life would be a dramatic understatement. At this point, you would be hard-pressed to find an electronic device that is not connected to the internet. Read Now

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3