Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The encryption quicksand into which Apple is sinking

Evan Schuman | March 2, 2016
As the encryption argument takes center stage in the ongoing Apple vs. the U.S. Government squabbles, a very important—and potentially destructive—change is taking place in security strategy.

Rasch's position: A court-ordered search warrant only applies to law enforcement. A search warrant to search a suspect's home allows law enforcement to search but does not require the homeowner to cooperate. The homeowner, Rasch argues, is fully within his rights to say, "Thanks, but I choose to not let you into my house." Law enforcement then has the right to smash the door in, but that order doesn't obligate the homeowner to do anything. A court order to a civilian would have to happen under the All Writs Act. The question then goes to whether the court has that power.

"Not cooperating and obstruction are different things. Obstruction in advance doesn't exist," Rasch said. "Nor does 'aiding and abetting a crime by not making it easy for me to solve crime.'" The closest Apple analogy would be if police had a valid search warrant and were trying to break into a suspect's home, Rasch said. The suspect in this scenario had so expertly reinforced all of the doors, windows and walls that police equipment—including battering rams—were ineffective.

What if police turned to a construction worker walking down the street and said "We want you to spend as many weeks as it takes to figure out a way to break into this house"? Even if the police offered to pay the worker a fair rate, does he have the obligation to comply? What if he doesn't want to spend weeks doing this? "The government wants to take the labor of Apple engineers without just compensation," Rasch said. And even getting just compensation—which is irrelevant in this case because "Apple doesn't want to get paid to do this"—is tricky.

"Apple doesn't want to take invading a customer's privacy and to turn it into a profit center," Rasch said. "And the government doesn't want to establish the precedent of having to pay people to comply with a court order." In short, as long as Apple doesn't do this to circumvent the search for a specific criminal act that they know about in advance (and no one has suggested that they are), crafting a way to lock themselves out permanently is legally sound.

Alas, it's not that simple. Consumers are maddeningly self-contradictory. They love the idea of Apple not having access, so that they Apple cannot violate their privacy even with a search warrant. But they hate the idea of Apple not having access if the consumer forgets his/her password and can't simply reset it. They want access to all of those photos and messages and videos no matter what and they expect Apple to be able to do that.

The typical response to sidestepping forgotten passwords is to go for biometric authentication. In theory, a consumer can't "forget" their retinas or their fingerprints. That is also not a perfect solution. What if the phone suffers some corruption and the phone can no longer match the consumer's biometric self with the phone's file? Again, they expect Apple to be able to swoop in and help.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.