An Apple A Day

An Apple A Day

Keeps security at bay

Apple’s refusal to unlock the San Bernardino terrorists’ smartphones has generated a heated debate in security, technology and legal circles nationwide. To many, Apple seems more interested in protecting its brand than cooperating to protect our national interests. As a practical matter, it would seem highly unlikely that Apple would adopt a position contrary to its financial self-interests, so the assumption that there is an underlying business motivation has some merit.

Bigger Issues

Apple has staked its flag upon privacy issues. As Tim Cook, Apple’s CEO’s, explains it, the issue is not about unlocking one phone. There are bigger issues afoot.

Beyond the immediate, the Apple controversy has raised policy discussions about the need for government agencies to have formal backdoors to encrypted communications and data. The basic argument is that criminals and terrorists can operate in the dark by using commonly available encryption like AES 256 ciphers, and there is no practical way for authorities to deencrypt and access information critical to thwarting serious criminal activities.

The arguments for backdoors are compelling, but before we rush headlong down backdoor paths, I would suggest we understand where they could lead, and in order to do so we first must uncover the substance of the issue.

Encryption Through the Ages

Nobody would assume the Navajo language, while virtually undecipherable and used during World War II for secret communications, would require a government back door. For that matter, whether it is undecipherable ancient Linear A script or modern English, language itself is a form of encoded information. So why does the government believe a backdoor is required for modern encrypted communications and stored data?

Is there something different about encrypted information than any other undecipherable or obscure human language? Perhaps, it is the ease of deciphering an encoded communication that is the essential difference. While on the surface this seems to be a distinction without substance, it could be rightfully argued that machine-generated unbreakable encryption is sufficiently nonhuman in origin to be different. In other words, unbreakable encryption exceeds the natural human capacity to devise and initiate such as a form of expression in the absence of a machine. Thus, it is not a form of protected human speech.

Yet, ciphers have been used since antiquity, for good and bad, precisely for secrecy communications. Even in more recent precomputer times, anyone could employ a relatively simple, mathematically unbreakable Vigenere cipher scheme. So, we again are left with the question of, “What is the real difference?” Whereas a Vigenere cipher requires only paper, pencil and a random passage from a secret book, modern encryption achieves these ends in a much more efficient and pervasive way. Even the Vigenere cipher itself is available as one-time pad software, albeit grossly inefficient for real-time communications. So, it would seem the real difference is that it is too easy, too accessible and too quick.

With any “too” controversy, the basic contention is that something is too advantageous. Government security agencies argue that they don’t want criminals to enjoy an advantage, because modern encryption is too good, too available and too uncontrolled. Of course, unfair advantage is a matter perspective. I hope that law enforcement enjoys every possible advantage over criminals, but I also don’t want criminals accessing my sensitive private data either.

The problem with backdoors is just that. It is another way in for everyone. But insofar as law enforcement and national security are concerned, for most of human history, crafty criminals enjoyed the advantage when it came to secret communications.

It was not until the communications age that phone tapping and eavesdropping came about and gave law enforcement a leg up. Phone networks became the places where most communications occurred, and intercepting communications became an essential part of the law enforcement’s repertoire.

In today’s cloud-based, Internet world, we are leaving “digital footprints” everywhere that we go well beyond transient phone calls and it provides law enforcement with a wealth of investigative advantages. This is offered up as a social good that helps make our communities more secure than ever before. But, we would be wise to be aware of its potential costs so as to avoid being short-changed on liberty.

Man vs. Machine

As we trek along the evolutionary path of man and machine, questions around encryption will continually arise. Yet, the root conflict goes beyond encryption. It is about the role of society versus the individual in relation to who really governs a new form of emerging intelligence that can increasingly see, record, and analyze the most trivial aspects of our daily lives. Every large city is populated with cameras monitoring public places, automatic license plate readers innocuously record passersby, and your mobile phone tracks your every movement. The fundamental question becomes: What are the limits of government access to the communications between mind and personal machine?

The brain, with all its memories, recollections and thoughts, is free from government intrusion. But, do we want personal privacy to shrink to the space between your ears, as smart refrigerators, TVs, cars, lights, and so on become ever present life companions. There will be no expectation of privacy because it will have been sacrificed long ago in exchange for the innocuous promise of convenience and ease. This, then, is the risk: to be lulled into the complacency of convenience.

Some may argue that backdoors are the price of security in an increasingly dangerous world. Access to powerful tools of secrecy and deception have given some nefarious people too much power, and the playing field needs to be rebalanced in favor of law enforcement. I would argue that we merely are reverting to the status quo, and this is not so much a new battle as much as a familiar conflict between individual autonomy and state control in pursuit of security.

Some argue that the stakes are higher than ever because of the threats of modern terrorism, global crime syndicates, rogue nations and other modern phenomena. I’m not so sure. History is replete with successive generations of hostile invaders, mass enslavement, savage conflicts and global pandemics. That said, I have no interest revisiting the Middle Ages either.

These issues require significant reasoned discourse with an understanding that technology will not stop and is accelerating at an ever-quickening pace. The ultimate question will be in whose hand or hands this awesome power will sit. I find no more comfort in Apple or Alphabet guarding privacy than good old Uncle Sam. Between them, I would bet on the one that has the greatest guarantee of human freedom in history. Ultimately, it will fall upon those in black robes covetously protecting our freedom; otherwise I don’t think we would stand a chance against technology.

Whereas Apple seeks to preserve and grow its profits, and government bureaucracies seek to preserve and expand power, it is the acolytes of the Constitution, unencumbered by neither, that can best preserve liberty. Let’s jealously guard liberty and understand there is more to privacy than mere expectation by custom. Privacy is inherently human, and our machines cannot be allowed to make us less so.

This article originally appeared in the May 2016 issue of Security Today.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.