Jake Savin Posts

Published February 29, 2016 by

Why Apple is Right: Privacy Is Important

Apple vs. FBI

Syed Farook, the perpetrator in the San Bernardino attack last December, had an iPhone which is now in the FBI’s possession. Despite their attempts, the FBI has been unable to unlock the phone and unable to bypass the device’s privacy and encryption features.

Apple has long taken the stance that protecting the privacy and security of their users’ data is hugely important, and they have implemented strong encryption on the iPhone in order to protect this sensitive information.

Now a court order requested by the FBI is demanding that Apple build a custom version of iOS that circumvents these security features. This would, in the words of Tim Cook, “undeniably create a backdoor” to the iPhone that “would have the potential to unlock any iPhone in someone’s physical possession”.

Apple’s public refusal to comply, along with supporting statements made by some other high-profile technology companies including Google and Microsoft, has rekindled the fierce debate over the value of strong data encryption, and whether the government has the authority to demand that companies disable or defeat it.

The case is even becoming an issue in the presidential race, as candidates weigh in with their positions on encryption and privacy.

Our Digital Privacy Is Important

With the increasing pervasiveness of smartphones and other Internet-enabled devices, we rely on technology more every day for nearly everything we do. From seemingly mundane personal communications like text messaging, to business and financial activities like signing documents, searching and applying for jobs, and online banking– creating, storing, and sending our information digitally is nearly unavoidable.

When our trust that information we believe to be private is violated, the consequences can be severe. It should be no surprise to anyone involved in designing software products today that software involved in critical business communications and transactions must preserve security and privacy.

But what’s less well understood is that our personal interactions online can make us vulnerable, and personal information is increasingly the target of so-called “bad actors” who want to compromise our privacy in order to commit crimes from identity theft and fraud to stalking and burglary.

As makers of software products, we have an obligation to design and build our products to embody the principle of protecting the privacy and security of our users and customers. This is true regardless of whether the products we make are used for business or finance where security is an obvious concern, or for entertainment, gaming, or social networking where the privacy risks are either less obvious or seemingly less important.

What is Strong Encryption and What Is It Used For?

The most widely used strong encryption technologies are free, open source technologies that anyone can use. They provide key functions that protect your privacy and security, and they are integrated into many products from web browsers and mobile apps, to enterprise email systems, stock trading networks, and cellular phone communications. Encryption is everywhere.

Some of the uses of strong encryption include:

  • Preventing unauthorized third-parties from accessing information in storage devices like hard disks, smart phones and “cloud” services.
  • Protecting data from snooping in transit on the Internet or cellular data networks.
  • Verifying authenticity of messages and documents, and ensuring they have not been tampered with.
  • Proving the identity of a person or company, and preventing imposters from impersonating them in order to attack others.

Of course the same encryption technologies can also be used by criminals to hide information and communication from law enforcement. This is why the FBI wants Apple (and other companies) to provide tools that work around or remove the encryption technologies integrated into their software and devices.

Why Apple is Right to Fight the FBI Order

On February 16, Apple chose to take a public stand against the FBI’s order to make software that enables decrypting data on iPhones, so they can collect evidence in their investigation of the San Bernardino shooting case.

To some, Apple’s opposition to the FBI may seem wrong or even immoral. After all, why would we want to prevent law enforcement from bringing criminals and their accomplices to justice? Of course we wouldn’t.

By supplying software that decrypts data stored on the iPhone in the case, Apple would also be supplying the FBI with tools that could be used to undermine the privacy and security of any Apple device, and therefore anyone who uses one.

Here are some of the specific problems that would arise, which are too important to ignore:

As Apple CEO Tim Cook points out, and as Apple’s follow-up FAQ reiterates, making tools that subvert or remove encryption creates a real risk that criminals or other “bad actors” could steal these tools directly or replicate the methods they employ. This puts everyone at risk, including law-abiding people who uses these devices to store their most personal information.

Once these tools are in the FBI’s hands, there could be tens, hundreds, or even thousands of individual people who gain access to them over time, possibly even extending to other agencies outside the FBI. Even if decryption tools could only be used on FBI premises by authorized personnel, there is no way that the government could honestly guarantee to the public that no person with access to these tools would ever violate their privacy for criminal or political purposes.

There is also a real danger that hackers or organized criminals could get access to these tools through technical means, bribery, or extortion. Criminals could sell or even “weaponize” decryption tools for identity theft, fraud, or other criminal activities, even possibly cyber terrorism.

What’s At Stake

We’ve seen over and over again in recent years, the damage caused to individuals and businesses when criminal hackers steal credit card numbers, social security numbers, and other personal information. But in addition to personal information like contacts and phone numbers, the information we routinely store on our devices can be easily used to gain access to other accounts and systems.

The consequences of a widespread privacy breach on the scale of all smartphone users, or even all iPhone users, could be dire, not just for Apple and the individuals directly affected, but also for the companies and agencies they work for. The potential damage that could be caused by widespread cyber-security breaches puts our economy and our national security on the line.

The erosion of our personal privacy – which strong encryption is designed to protect – could also lead to misuse by private organizations. Imagine your health insurance provider data-mining your location, your driving habits, or who you associate with. Imagine mortgage lenders monitoring your location and discovering you enjoy casinos. What if you went to interview for a job, and they knew every other company you’d sent your resume to, and every other job you’d been turned down for.

Safeguarding our digital privacy and security is critically important. Sacrificing it in the interest of a single case, even with good intentions, is a trade-off that’s not worth making. Allowing this precedent to be set would be to sacrifice constitutional rights that our country’s founders fought fiercely to obtain, and which we should also fight to protect.

 

 

This post originally appeared on the L4 Digital blog on February 25, 2016.

Apple Security

Leave a Comment

Published August 30, 2015 by

Katrina

I was living in Dallas when Katrina hit. I was infuriated that so many people were left stranded in such a desperate situation, and baffled by the seeming total lack of urgency to help them.

I still remember vividly welling up with tears of anger and sadness while driving down I-35, at a first-hand report I heard on This American Life shortly after the hurricane while the city was still under water. I considered trying to go to New Orleans myself to help, but realizing how futile and possibly even foolhardy that would have likely been, I stayed put.

Like many others, I gave money to the Red Cross, and we prepared to accept strangers into our home if that opportunity presented itself. I even got involved in state politics, but the candidate I supported was ousted by Delay’s (probably illegal) gerrymandering.

That was around the time we decided it was time to get the heck out of Texas. (No offense to friends and family in Texas: There’s a lot to like, but for us the Pacific Northwest is a better fit.)

Originally written as a comment on a Facebook post by Dave Winer.

Uncategorized

Leave a Comment

Published July 5, 2015 by

Cautious Optimism on July 4, 2015

To me, it feels like there’s some kind of inflection point being reached, but I base this on not much more than my own subjective, albeit at least somewhat informed experience.

The obviously important recent SCOTUS decisions are out there of course, but we have multiple justices over age 80, going into a presidential election with a big potential for a backlash, leading to a potential for appointments that could reverse a lot of positive progress.

We had a huge financial meltdown and now 6+ years later a lot more of the general public is well aware that real justice has yet to be served to many of those responsible. Some of the changes we’re seeing may be a result of this.

Some Evangelicals are aligning more and more with liberals and progressives on protecting the Earth and the environment, and are deeply concerned about limiting the impending damage that will be caused by climate change.

And we have generational changes in social norms coming to a head around the world, at a time when mass communication over most of the globe has never been more accessible, in spite of corporate and government attempts to control or curtail it—at least so far.

Look at how many videos are going online all over the country and the world, of police misconduct, racism, and brutally. That this is happening is far from new. That neither the media nor many governments can really control who knows about it is new. The information has been becoming more available for decades, but the visceral reality in these videos has only been widely visible for the last few years.

In Arthur C. Clarke’s world of 2010, wars between nations ended after the abolition of long distance phone charges, which led to many average people having friends all over the world. You can’t attack a country filled with so many people that are loved by your own citizens—that was the thinking. While it’s not working out in quite the way that Clarke envisioned, there is still huge potential in making information from primary sources available globally, at massive scale, and for such little cost.

At the same time the Internet has also led some (many perhaps) into isolated enclaves—information deserts (borrowing from the idea of food deserts in American urban areas), where the only ideas that flow freely are the ones that a clique agrees with, along with a few refrains that they abhor and can use as foils and straw men, to “argue” about how wrong or even evil the other side is.

I for one am cautiously optimistic.

Ps. This post is in response to an online discussion about a Kevin Garcia piece on bedlammag.com.

Uncategorized

Leave a Comment