Apple Chief Executive Officer Tim Cook has provoked a much-needed conversation about strong consumer privacy versus national security in the Digital Age. But the terms of this debate shouldn't be set by Mr. Cook, head of world's wealthiest tech company, because for him strong cryptography is just business.
In his message to Apple customers, Cook frames Apple's decision to fight the FBI's use of the All Writs Act to compel the circumvention of iOS security as a move to guard consumers against government overreach. But making the argument about the proper use of encryption solely about consumer protection is a mistake. The eventual outcome of that debate could actually weaken privacy protections at a crucial time, and possibly bar legal investigation and surveillance at other times. Neither result is acceptable.
Instead, this public discussion should focus on solutions that include responsible government involvement and ensures robust privacy protections that will not shift with the winds of Apple's business model.
First, the government isn't asking for a backdoor in Apple's products. On Feb. 16, the FBI's legal council used the All Writs Act to request assistance from Apple to circumvent the security protections on an iPhone recovered from one of the alleged San Bernardino attackers. Cook said investigators wanted Apple to build a dangerous "backdoor."
A cryptographic backdoor is a hidden weakness or access point in all devices. Security experts and government officials (including President Obama and FBI Director James Comey) agree that backdoors are inadvisable and technically impossible to implement free of security holes.
Moreover, a backdoor affects everyone, and can be accessed at any time, without prior knowledge. The FBI's proposal is limited to a single device, and a single instance of use (until the next court order, that is).
Because Apple used strong cryptographic protections in iOS, the FBI wants Apple to create a special version of iOS that speeds up brute-force searching and turns off the phone's automatic erase functionality for this particular device. The FBI seems to have come up with a powerful legal tool that avoids legislation, but gets some of the post-facto surveillance capabilities the FBI wants.
But if it helps the FBI, Apple could face backlash around the world. Apple's strong cryptography and historically secure operating system is a sales differentiator. If the All Writs Act is applied as a routine matter of intelligence gathering strategy, trust in Apple’s security will be eroded.
Apple knows that this time it must fight the FBI's court order to ensure consumer confidence, but I am concerned that framing discussions about the use of cryptography in narrow commercial terms will exclude the public's best interest.
On balance, robust cryptographic protections haven't been in the economic interest of most companies. More often than not, consumer privacy protections merely have the appearance of security, without any real desire to implement the functionality.
Harvard University's Berkman Center for Internet and Society recently released a report entitled "Don't Panic" that responded to worries by government officials that the increasing use of strong cryptography will lead to terrorists and criminals "going dark" under the veil of cryptography.
The report pointed out that corporate access to consumers' information is usually needed to process and mine data, serve ads, and offer functionality that would otherwise be impossible if all data was encrypted locally by a private key. For most consumer products this means data is encrypted only in transit, to appease privacy advocates, but stored on company servers without any cryptographic protections. This typical configuration leaves data accessible to legal search and surveillance, providing a kind of ad-hoc balance of powers between personal privacy and legal access.
In the case of whole disk iOS encryption, however, Apple has implemented something like zero-knowledge cryptography, where even they cannot access the data. This should worry the authors of the "Don't Panic" report, since it provides a tangible example of terrorists "going dark."
The reason the San Bernardino attackers were able to go dark is because Apple's other economic incentives outweighed those that encourage access. In this case, the balance of ad-hoc protections tipped to the side of personal privacy, leaving legal government searches in the dark. A win for privacy advocates, but not for legal criminal investigations.
This points to a fundamental problem with the discussion, and shows why Apple’s decision to fight the FBI should not be supported, even by privacy advocates. Leaving these decisions up to market forces will always result in these kinds of ad-hoc situations, where sometimes the advantage falls to the consumer, but other times falls to intelligence organizations, or even hackers.
We have already seen examples of the free market of cybersecurity acting in ways that disadvantage personal privacy. RSA Security, one of the most influential cybersecurity companies today, appears to have taken money to support an encryption protocol that, some have accused, contained known weaknesses. We can also look to newer examples. For example, Adblock Plus will white list websites from its ad-blocking software for a fee. The balance of protection is entirely dependent on economic decisions, which are unlikely to consistently align with personal privacy or government surveillance.
Even for those individuals that dogmatically believe in total privacy from state surveillance (a mistake in my book), leaving these kinds of decisions up to the free market will occasionally or, in some circumstances, frequently result in weakened privacy protections. Because of these powerful economic interests, it is shortsighted for privacy advocates to resist government intervention at every step. When important privacy protections are left up to the free market there is no guarantee that those protections will be there when needed. The government can help to ensure that privacy protections are in place.
If you believe there is a genuine reason for some government intervention in the private sphere, then the government should also have a role in crafting the solution. Either way, framing the discussion in terms of market solutions is to the advantage of Apple’s bottom line, and the disadvantage of any civic debate trying to find a solution.
There are at least two approaches that are better than the narrow market solution Apple is proposing.
The most immediate solution is the one that Apple is opposing: legislation and legal orders. The law is often slow (especially with technological issues), and sometimes works in strange ways, but it might just be the best mechanism we have. Sometimes the fact that law slows the pace of innovation is an obviously good thing for society (human cloning and bioengineering comes to mind).
A slow law gives society a little time to catch its breath, and time for sober reflection. The implementation of strong cryptography in recent years has occurred at breakneck speeds, driven entirely by consumer demand following the Edward Snowden leaks. Perhaps now is time for sober reflection and responsible government involvement.
The second solution would require a more fundamental reorientation of how we think about cybersecurity. Instead of imagining a utopian cyberspace of the public sphere were all voices are unimpeded and heard equally, we should start to think seriously about how the Internet and its cryptographic protections are forms of infrastructure.
There are many examples of civic successes that occurred outside of the free market – everything from roads and schools to the early funding and control of the Internet. I can think of two examples for potential guides to understanding cybersecurity in terms of infrastructure.
In response to a general economic downturn in the Asian region, at the end of the 1990s South Korea developed a robust system of public key infrastructure (PKI) to spur e-commerce and streamline government services. This infrastructure was developed and implemented by the government. In the interest of standardization and control, the Korean government even went so far as to ban private authentication systems and to mandate the use of PKI for all medium to large monetary transactions.
Despite this heavy-handed approach, according to Dongoh Park, Korean PKI "has played a critical role in building reliable Internet services by providing a state-government certified, promoted, and mandated authentication mechanism."
Korean PKI certainly has issues, and should not be seen as an easy technical solution. Importantly, however, Korean PKI offers a model for thinking about these decisions in terms of infrastructure, which includes a broad government role.
Another example is the use of blockchain technology. Blockchain technology is a distributed digital ledger system that contains transactions, a kind of double-entry bookkeeping for the 21st century.
Originally built for use with the cryptocurrency Bitcoin, blockchain technologies are now developed for a range of services, including banking, government ID and services, insurance, stocks and shares, and even corporate bylaws. So far, blockchain technologies have largely been deployed for private, commercial use, but government involvement is possible.
Recently, Canadian and British governments have issued reports encouraging the adoption of cryptographic blockchain technologies to implement government services. The blockchain, like the Korean PKI system, is fundamentally a kind of infrastructure.
Unlike the narrow, individual-focused zero-knowledge cryptography implemented in Apple's iOS, however, the blockchain is all about a balance of control, access, and visibility. Such a system is not without its challenges, and its hype is still about profit maximization, but it offers a different way to start to think about these issues.
Quinn DuPont studies cryptography and technoculture at the University of Toronto’s Faculty of Information. Previously, he worked at IBM. Follow him on Twitter @quinndupont.