Apple has just announced end-to-end encryption for iCloud storage. Privacy proponents are praising it, and the FBI is panning it.
Continue readingDon’t Let Encryption Push Your Data off the Cliff
We seem to value our data so much, that we’ll encrypt it to protect it from anyone who might steal it. But if we don’t handle encryption and backup properly, our data can be irretrievably lost.
Continue readingBackdoor Blues Need Legal Lyrics
The FBI’s request for Apple to unlock the iPhone used by the San Bernardino shooters has led to a far-reaching controversy in the United States. Parties on both sides of the issue have valid concerns, and we believe resolutions will need to come in the forms of a Supreme Court ruling (probably first) and federal legislation to better align technology and the law.
In our opinion, this collision was bound to happen because the push and pull between national security and privacy have gotten stronger as technology has made us part of a global society. Looking just at the United States, technology has advanced at a far greater pace than our legal system’s ability to keep up with it. Further, no matter how tightly our laws are written, there are always differing interpretations, and in our legal system, differences are resolved (in theory) through the courts and the appeal process. Even if Congress were to pass a law now to resolve the issue, one side would contest it.
Thus, the likelihood is that any legal decision will be based on a law that is already on the books, and it could wind up before a deadlocked Supreme Court. That’s a possibility, given our political environment.
This is where opinion ends. Here are the issues to consider.
There is no end. Once this specific cell phone is unlocked, the genie is out of the bottle – and the genie has the key to Pandora’s box. As we understand the legal world in practical, lay terms, there will be other legal cases in this country to justify unlocking a phone or any other access point to data, and arguments will be based on rulings that involve this phone. If a party in a lawsuit can successfully make the case that another request justifies unlocking a phone – with an argument made on a very fine point of law – a local or state government, in addition to our federal government, could gain access to data.
Knowing that a backdoor or master key is available, a foreign government could force a US technology company doing business in its country to unlock data. US businesses and citizens could be put between the old rock and hard place without the same legal protections that we have in this country.
There are no secrets. As the saying goes, “a secret is only secret when one person knows it.” Any solution to unlock the password and data on this particular phone will be a team effort. The greater the size of the team, the greater the chance a hacker will find a way to uncover the secret.
The defenses will need to be massive. If Apple and Google have software to unlock encrypted phones, they will be subject to massive “attacks” by parties interested in getting the code. Cyberwar is fought all the time by governments, corporations and hackers of all stripes. Who is going to keep the code, and who is going to have access to it? Defending against attacks burdens the tech companies.
Nobody’s data will be secure. This is the heart of the technology companies’ argument. They tout the security of their customers’ information, whether it be personal identification, health records and financial records. Corporations depend on security and access to how products are manufactured and how products and services are priced. We have already seen how a weakness in a contractor’s IT system opened a door to Target’s records. If someone can get into your phone, how safe will your life’s savings be? Could somebody use your healthcare and identity information to obtain services fraudulently and stick you with the bill?
The tech companies believe they have a responsibility to protect their customers’ data. There are very few issues that bring Apple, Google, Microsoft and others together like this one. It goes beyond mobile phones and tablets. Businesses, institutions and governments collect and store huge amounts of sensitive or proprietary data in “the cloud,” a global system of secure servers, routers and hard drives. These same organizations make extensive use of mobile phones and tablets. The tech companies argue that they must not do anything to violate the trust their customers place in them to protect the data.
What’s the greater risk? Is it a terrorist attack or somebody wiping out the life’s savings of millions of people in a matter of seconds?
Society needs to decide the privacy vs. security issue. It’s not right to make businesses the arbiters of public policy. We need an open, honest discussion of all the ramifications of possible laws, including the unintended consequences that always arise, and we need laws that do the right thing. There will never be complete agreement, and the right thing may not be the popular thing.
You can read many of the arguments from Apple and other tech companies here – as well as support from various privacy groups. There are no easy answers to the questions surrounding the issue.
Our call to action here is to speak up. We invite you to leave a comment below, and we encourage you to contact your government representatives to let them know what you think. We can sing the blues about privacy vs. security, but at the end of the day, our lyrics need to lead to laws.