An Apple A Day

An Apple A Day

Keeps security at bay

Apple’s refusal to unlock the San Bernardino terrorists’ smartphones has generated a heated debate in security, technology and legal circles nationwide. To many, Apple seems more interested in protecting its brand than cooperating to protect our national interests. As a practical matter, it would seem highly unlikely that Apple would adopt a position contrary to its financial self-interests, so the assumption that there is an underlying business motivation has some merit.

Bigger Issues

Apple has staked its flag upon privacy issues. As Tim Cook, Apple’s CEO’s, explains it, the issue is not about unlocking one phone. There are bigger issues afoot.

Beyond the immediate, the Apple controversy has raised policy discussions about the need for government agencies to have formal backdoors to encrypted communications and data. The basic argument is that criminals and terrorists can operate in the dark by using commonly available encryption like AES 256 ciphers, and there is no practical way for authorities to deencrypt and access information critical to thwarting serious criminal activities.

The arguments for backdoors are compelling, but before we rush headlong down backdoor paths, I would suggest we understand where they could lead, and in order to do so we first must uncover the substance of the issue.

Encryption Through the Ages

Nobody would assume the Navajo language, while virtually undecipherable and used during World War II for secret communications, would require a government back door. For that matter, whether it is undecipherable ancient Linear A script or modern English, language itself is a form of encoded information. So why does the government believe a backdoor is required for modern encrypted communications and stored data?

Is there something different about encrypted information than any other undecipherable or obscure human language? Perhaps, it is the ease of deciphering an encoded communication that is the essential difference. While on the surface this seems to be a distinction without substance, it could be rightfully argued that machine-generated unbreakable encryption is sufficiently nonhuman in origin to be different. In other words, unbreakable encryption exceeds the natural human capacity to devise and initiate such as a form of expression in the absence of a machine. Thus, it is not a form of protected human speech.

Yet, ciphers have been used since antiquity, for good and bad, precisely for secrecy communications. Even in more recent precomputer times, anyone could employ a relatively simple, mathematically unbreakable Vigenere cipher scheme. So, we again are left with the question of, “What is the real difference?” Whereas a Vigenere cipher requires only paper, pencil and a random passage from a secret book, modern encryption achieves these ends in a much more efficient and pervasive way. Even the Vigenere cipher itself is available as one-time pad software, albeit grossly inefficient for real-time communications. So, it would seem the real difference is that it is too easy, too accessible and too quick.

With any “too” controversy, the basic contention is that something is too advantageous. Government security agencies argue that they don’t want criminals to enjoy an advantage, because modern encryption is too good, too available and too uncontrolled. Of course, unfair advantage is a matter perspective. I hope that law enforcement enjoys every possible advantage over criminals, but I also don’t want criminals accessing my sensitive private data either.

The problem with backdoors is just that. It is another way in for everyone. But insofar as law enforcement and national security are concerned, for most of human history, crafty criminals enjoyed the advantage when it came to secret communications.

It was not until the communications age that phone tapping and eavesdropping came about and gave law enforcement a leg up. Phone networks became the places where most communications occurred, and intercepting communications became an essential part of the law enforcement’s repertoire.

In today’s cloud-based, Internet world, we are leaving “digital footprints” everywhere that we go well beyond transient phone calls and it provides law enforcement with a wealth of investigative advantages. This is offered up as a social good that helps make our communities more secure than ever before. But, we would be wise to be aware of its potential costs so as to avoid being short-changed on liberty.

Man vs. Machine

As we trek along the evolutionary path of man and machine, questions around encryption will continually arise. Yet, the root conflict goes beyond encryption. It is about the role of society versus the individual in relation to who really governs a new form of emerging intelligence that can increasingly see, record, and analyze the most trivial aspects of our daily lives. Every large city is populated with cameras monitoring public places, automatic license plate readers innocuously record passersby, and your mobile phone tracks your every movement. The fundamental question becomes: What are the limits of government access to the communications between mind and personal machine?

The brain, with all its memories, recollections and thoughts, is free from government intrusion. But, do we want personal privacy to shrink to the space between your ears, as smart refrigerators, TVs, cars, lights, and so on become ever present life companions. There will be no expectation of privacy because it will have been sacrificed long ago in exchange for the innocuous promise of convenience and ease. This, then, is the risk: to be lulled into the complacency of convenience.

Some may argue that backdoors are the price of security in an increasingly dangerous world. Access to powerful tools of secrecy and deception have given some nefarious people too much power, and the playing field needs to be rebalanced in favor of law enforcement. I would argue that we merely are reverting to the status quo, and this is not so much a new battle as much as a familiar conflict between individual autonomy and state control in pursuit of security.

Some argue that the stakes are higher than ever because of the threats of modern terrorism, global crime syndicates, rogue nations and other modern phenomena. I’m not so sure. History is replete with successive generations of hostile invaders, mass enslavement, savage conflicts and global pandemics. That said, I have no interest revisiting the Middle Ages either.

These issues require significant reasoned discourse with an understanding that technology will not stop and is accelerating at an ever-quickening pace. The ultimate question will be in whose hand or hands this awesome power will sit. I find no more comfort in Apple or Alphabet guarding privacy than good old Uncle Sam. Between them, I would bet on the one that has the greatest guarantee of human freedom in history. Ultimately, it will fall upon those in black robes covetously protecting our freedom; otherwise I don’t think we would stand a chance against technology.

Whereas Apple seeks to preserve and grow its profits, and government bureaucracies seek to preserve and expand power, it is the acolytes of the Constitution, unencumbered by neither, that can best preserve liberty. Let’s jealously guard liberty and understand there is more to privacy than mere expectation by custom. Privacy is inherently human, and our machines cannot be allowed to make us less so.

This article originally appeared in the May 2016 issue of Security Today.

Featured

  • The Need for a Comprehensive Strategy Addressing Cybersecurity and Quantum Technology

    The Need for a Comprehensive Strategy Addressing Cybersecurity and Quantum Technology

    Over the past two years, the Biden Administration has taken a series of steps centered on quantum and cybersecurity. Read Now

  • IoT Saves the Day

    IoT Saves the Day

    Today, creating a safe environment across schools, hotels, office buildings, housing complexes and other facilities has become a necessity. There are so many dangers lurking in buildings of all sizes and shapes from fire hazards, vaping issues, chemical/air quality issues, intruders and so much more. Read Now

  • One Pane, Less Pain

    One Pane, Less Pain

    Just because a solution is built on an open-standards platform doesn’t ensure that all the vendors’ systems will work together as promised. Some features may not be supported, or not supported to their fullest potential. Read Now

  • Revamping Wrigley Field

    Revamping Wrigley Field

    When talking about baseball in the United States, it’s hard not to think of the Chicago Cubs and Wrigley Field. With a history spanning more than 100 years, the Chicago Cubs are one of the most recognized teams in professional sports. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unique Oversized ID Card Printer

    Unique Oversized ID Card Printer

    Idesco Corp. is announcing its card printer – the XCR100 2.0 printer- that allows customers to personalize oversized ID cards on demand. The printer is ideal for assisting healthcare organizations find the right badging solution. As healthcare facilities continue to combat the spread of COVID-19, issuing oversized ID cards has helped identify staff clearly while adding an extra layer of security. The XCR100 2.0 printer is the only dye-sublimation printer on the market that can personalize CR100 cards (3.88" x 2.63"). The cards that are 42% larger than the standard credit card size. The printer can produce up to 180 full cards per hour in color, and up to 1,400 cards per hour in monochrome. An optional flipper is available to print dual-sided badges in one pass. Contactless encoding comes as an option to help healthcare facilities produce secure access badges on demand and the card printer features a 2-year warranty. 3

  • VideoEdge 2U High Capacity Network Video Recorder

    VideoEdge 2U High Capacity Network Video Recorder

    Johnson Controls announces a powerful recording solution to meet demanding requirements with its VideoEdge 2U High Capacity Network Video Recorder. This solution combines the powerful capabilities of victor with the intelligence of VideoEdge NVRs, fueled by Tyco Artificial Intelligence, for video management that provides actionable insights to save time, money and lives. 3

  • PDK IO Access Control Software

    PDK.IO Access Control Software

    ProdataKey now allows for "custom fields" within the interface of its pdk.io software. Custom fields increase PDK's solutions' overall functionality by allowing administrators to include a wide range of pertinent data associated with each user. 3