An Apple A Day
Keeps security at bay
- By Joseph Mazzarella
- May 01, 2016
Apple’s refusal to unlock the San Bernardino
terrorists’ smartphones has generated
a heated debate in security, technology
and legal circles nationwide. To many,
Apple seems more interested in protecting
its brand than cooperating to protect our
national interests. As a practical matter, it
would seem highly unlikely that Apple would adopt a position
contrary to its financial self-interests, so the assumption that
there is an underlying business motivation has some merit.
Bigger Issues
Apple has staked its flag upon privacy issues. As Tim Cook,
Apple’s CEO’s, explains it, the issue is not about unlocking one
phone. There are bigger issues afoot.
Beyond the immediate, the Apple controversy has raised
policy discussions about the need for government agencies to
have formal backdoors to encrypted communications and data.
The basic argument is that criminals and terrorists can operate
in the dark by using commonly available encryption like AES
256 ciphers, and there is no practical way for authorities to deencrypt
and access information critical to thwarting serious
criminal activities.
The arguments for backdoors are compelling, but before we
rush headlong down backdoor paths, I would suggest we understand
where they could lead, and in order to do so we first must
uncover the substance of the issue.
Encryption Through the Ages
Nobody would assume the Navajo language, while virtually undecipherable
and used during World War II for secret communications,
would require a government back door. For that matter,
whether it is undecipherable ancient Linear A script or modern
English, language itself is a form of encoded information. So why
does the government believe a backdoor is required for modern
encrypted communications and stored data?
Is there something different about encrypted information than
any other undecipherable or obscure human language? Perhaps,
it is the ease of deciphering an encoded communication that is
the essential difference. While on the surface this seems to be a
distinction without substance, it could be rightfully argued that
machine-generated unbreakable encryption is sufficiently nonhuman
in origin to be different. In other words, unbreakable encryption
exceeds the natural human capacity to devise and initiate
such as a form of expression in the absence of a machine.
Thus, it is not a form of protected human speech.
Yet, ciphers have been used since antiquity, for good and bad,
precisely for secrecy communications. Even in more recent precomputer
times, anyone could employ a relatively simple, mathematically
unbreakable Vigenere cipher scheme. So, we again are
left with the question of, “What is the real difference?” Whereas
a Vigenere cipher requires only paper, pencil and a random passage
from a secret book, modern encryption achieves these ends
in a much more efficient and pervasive way. Even the Vigenere
cipher itself is available as one-time pad software, albeit grossly
inefficient for real-time communications. So, it would seem the
real difference is that it is too easy, too accessible and too quick.
With any “too” controversy, the basic contention is that something
is too advantageous. Government security agencies argue
that they don’t want criminals to enjoy an advantage, because
modern encryption is too good, too available and too uncontrolled.
Of course, unfair advantage is a matter perspective. I
hope that law enforcement enjoys every possible advantage over
criminals, but I also don’t want criminals accessing my sensitive
private data either.
The problem with backdoors is just that. It is another way in
for everyone. But insofar as law enforcement and national security
are concerned, for most of human history, crafty criminals
enjoyed the advantage when it came to secret communications.
It was not until the communications age that phone tapping and
eavesdropping came about and gave law enforcement a leg up.
Phone networks became the places where most communications
occurred, and intercepting communications became an essential
part of the law enforcement’s repertoire.
In today’s cloud-based, Internet world, we are leaving “digital
footprints” everywhere that we go well beyond transient phone
calls and it provides law enforcement with a wealth of investigative
advantages. This is offered up as a social good that helps
make our communities more secure than ever before. But, we
would be wise to be aware of its potential costs so as to avoid being
short-changed on liberty.
Man vs. Machine
As we trek along the evolutionary path of man and machine,
questions around encryption will continually arise. Yet, the root
conflict goes beyond encryption. It is about the role of society
versus the individual in relation to who really governs a new form
of emerging intelligence that can increasingly see, record, and
analyze the most trivial aspects of our daily lives. Every large city
is populated with cameras monitoring public places, automatic
license plate readers innocuously record passersby, and your mobile
phone tracks your every movement. The fundamental question
becomes: What are the limits of government access to the
communications between mind and personal machine?
The brain, with all its memories, recollections and thoughts,
is free from government intrusion. But, do we want personal privacy
to shrink to the space between your ears, as smart refrigerators,
TVs, cars, lights, and so on become ever present life companions.
There will be no expectation of privacy because it will have
been sacrificed long ago in exchange for the innocuous promise
of convenience and ease. This, then, is the risk: to be lulled into
the complacency of convenience.
Some may argue that backdoors are the price of security in
an increasingly dangerous world. Access to powerful tools of secrecy
and deception have given some nefarious people too much
power, and the playing field needs to be rebalanced in favor of
law enforcement. I would argue that we merely are reverting to
the status quo, and this is not so much a new battle as much as a
familiar conflict between individual autonomy and state control
in pursuit of security.
Some argue that the stakes are higher than ever because of
the threats of modern terrorism, global crime syndicates, rogue
nations and other modern phenomena. I’m not so sure. History
is replete with successive generations of hostile invaders, mass
enslavement, savage conflicts and global pandemics. That said, I
have no interest revisiting the Middle Ages either.
These issues require significant reasoned discourse with an understanding
that technology will not stop and is accelerating at an
ever-quickening pace. The ultimate question will be in whose hand
or hands this awesome power will sit. I find no more comfort in
Apple or Alphabet guarding privacy than good old Uncle Sam. Between
them, I would bet on the one that has the greatest guarantee
of human freedom in history. Ultimately, it will fall upon those in
black robes covetously protecting our freedom; otherwise I don’t
think we would stand a chance against technology.
Whereas Apple seeks to preserve and grow its profits, and government
bureaucracies seek to preserve and expand power, it is
the acolytes of the Constitution, unencumbered by neither, that
can best preserve liberty. Let’s jealously guard liberty and understand
there is more to privacy than mere expectation by custom.
Privacy is inherently human, and our machines cannot be allowed
to make us less so.
This article originally appeared in the May 2016 issue of Security Today.