Thursday, March 10, 2016

Safe Place


Much has been written and discussed regarding the iPhone 5C used by Sayed Farook, one of the San Bernardino shooters, and Apple Inc.’s refusal to comply with a federal judge’s order to allow investigators access to the data on the phone by creating a new operating system that circumvents several security features and installing it on the 5C.  Apple CEO Tim Cook details his company’s position in this eloquent open letter.

I support Apple’s stand in this case, basically for the reasons enumerated by Mr. Cook.   However, I think the fundamental issue at stake, which will probably not be resolved by this particular case, is fascinating: are we, as United States citizens, entitled to a space totally impenetrable to law enforcement?  

Everything that we own, and all of our communications, are accessible to government, provided (in theory) probable cause and a warrant.  Our homes, cars, places of business, safe deposit boxes, etc., are subject to search.  Our telephone conversations are subject to wiretaps.  Our bank accounts and financial records are fair game as well.  As long as law enforcement provides a judge with probable cause and obtains a warrant, there is nothing we can legally keep away from them.  There is only one exception to this.

The content of our mind.

Thanks to the Fifth Amendment to the United States Constitution, we cannot be legally compelled to answer questions that may incriminate us.  Our brain is effectively out of the government’s reach.  So, for example, while law enforcement can compel me to use my  fingerprint to unlock my phone, they cannot compel me to hand over my password, since the password resides in my memory.

The question then becomes, should our digital devices be considered extensions of our mind, and therefore also out of the government’s reach?  Nothing of this sort has been the case in the past.  If you write things down on paper in case you forget them, the paper is subject to search.  Why should digital devices be different?  Philosophically, maybe they shouldn’t.  But digital devices have brought on a fundamental game-changer: encryption.

In the case of the San Bernardino shooter’s iPhone (or, more accurately, the iPhone owned by San Bernardino County and issued to and used by Syed Farook), Apple has the capability of creating a compromised operating system and installing it on the phone, thus allowing law enforcement to use a “brute-force attack” to crack it’s 4-digit, numeric passcode and thus decrypt the data on the phone.  Even though newer iPhones use their “Secure Enclave,” instead of iOS, to enforce the security features that the FBI wants Apple to weaken in the San Bernardino case, in theory the Secure Enclave could be hacked in a similar way.  The precedent that would be set is one of the reasons why Apple is so adamant in its refusal to comply in the San Bernardino case.  

But that will not always be the case.  In fact, it is already not the case.  It’s no secret that Apple is working hard to develop encryption technology that even Apple itself cannot hack, but, more to the point, encryption that is virtually unbreakable is already available elsewhere to whomever wants it.  The math is out there, and there’s nothing anyone can do about that.  As many in the tech community have pointed out, you can’t outlaw math.

Many in U.S. law enforcement argue that companies that develop encryption technology should be forced to leave a “back door” for potential government access.  However, that argument is woefully misguided, because if that were the case then not only would the privacy and security of U.S. technology consumers be compromised, the bad actors out there would still be able to obtain unbreakable encryption; just not from U.S. companies.  So the “good” guys and gals would be insecure, the “bad” guys and gals would still be able to prevent government access to their nefarious data, and U.S. tech companies would lose all credibility in the world market.  And, of course, thanks to American hero Edward Snowden we know that the government has quite a tendency to overreach, trampling the Fourth Amendment in the process, so who is to say they wouldn’t abuse any back doors they are given?  

Going back to our original question, are we entitled to a space totally impenetrable to law enforcement?  Well, the availability of unbreakable encryption deems the question moot.  Whether or not we should have the ability to store information in a place the government can’t access, for the first time ever, we do.  

So, is this a good thing?