It took the upheaval of the Edward Snowden revelations to make clear to everyone that we need protection from snooping, governmental and otherwise. Snowden illustrated the capabilities of determined spies, and said what security experts have preached for years: Strong encryption of our data is a basic necessity, not a luxury. <\/p>\n
And now Apple, that quintessential mass-market supplier of technology, seems to have gotten the message. With an eye to market demand, the company has taken a bold step to the side of privacy, making strong crypto the default for the wealth of personal information stored on the iPhone. And the backlash has been as swift and fevered as it is wrongheaded. <\/p>\n
At issue is the improved iPhone encryption built into iOS 8. For the first time, all the important data on your phonephotos, messages, contacts, reminders, call historyare encrypted by default. Nobody but you can access the iPhones contents, unless your passcode is compromised, something you can make nearly impossible by changing your settings to replace your four-digit PIN with an alphanumeric password. <\/p>\n
Rather than welcome this sea change, which makes consumers more secure, top law enforcement officials, including US Attorney General Eric Holder and FBI director James Comey, are leading a charge to maintain the insecure status quo. They warn that without the ability to crack the security on seized smartphones, police will be hamstrung in critical investigations. John Escalante, chief of detectives for Chicagos police department, predicts the iPhone will become the phone of choice for the pedophile. <\/p>\n
The issue for law enforcement is that, as with all strong crypto, the encryption on the iPhone is secure even from the maker of the device. Apple itself cant access your files, which means, unlike in the past, the company cant help law enforcement officials access your files, even if presented with a valid search warrant. <\/p>\n
That has lead to a revival of a debate many of us thought resolved long ago, in the crypto wars of the 1990s. Back then, the Clinton administration fought hard to include trapdoor keys in consumer encryption products, so law enforcement and intelligence officialsNSA being a chief proponentcould access your data with proper legal authority. Critics argued such backdoors are inherently insecure. Trapdoor keys would be an irresistible target for corrupt insiders or third-party hackers, and would thus make Americans more vulnerable to criminals, foreign intelligence services, corrupt government officials, and other threats. Additionally, foreign technology companies would gain a competitive advantage over the US, since theyd have no obligation to weaken their crypto. <\/p>\n
The feds lost the crypto wars, but without serious consumer demand, strong encryption has crept onto our gadgets only for narrow purposes, like protecting Internet transactions. The iPhone encrypted email and calendar entries, but little else. Now that Snowdens revelations have reinforced just how vulnerable our data is, companies like Apple and Google, who were painted as NSA collaborators in the earliest Snowden leaks, are newly motivated to demonstrate their independence and to compete with each other on privacy. <\/p>\n
However it got there, Apple has come to the right place. Its a basic axiom of information security that data at rest should be encrypted. Apple should be lauded for reaching that state with the iPhone. Google should be praised for announcing it will follow suit in a future Android release. <\/p>\n
And yet, the argument for encryption backdoors has risen like the undead. In a much-discussed editorial that ran Friday, The Washington Post sided with law enforcement. Bizarrely, the Post acknowledges backdoors are a bad ideaa back door can and will be exploited by bad guys, tooand then proposes one in the very next sentence: Apple and Google, the paper says, should invent a secure golden key that would let police decrypt a smartphone with a warrant. <\/p>\n
The paper doesnt explain why this golden key would be less vulnerable to abuse than any other backdoor. Maybe its the name, which seems a product of the same branding workshop that led the Chinese government to name its Internet censorship system the golden shield. Whats not to like? Everyone loves gold! <\/p>\n
<\/p>\n