Apple vs. The Panopticon: The War on Privacy Rights Affects us All, on All Platforms
Smartphone encryption has become an increasingly popular topic in the public space. Just recently, the United States FBI has asked Apple for help with a passcode-locked deceased criminal’s iPhone 5C. Apple has, commendably, thus far resisted. You can read Apple’s letter to customers here.
It’s worth noting that the EFF and Google have both sided with Apple in this debate. There’s no doubt that some of this grandstanding is in fact a good PR move and in the company’s best financial interests. If Apple and Google can just obviate the need to deal with any individual phone “hacking” request; they can save a sizeable amount of manpower and money. Regardless, this is one of those times where The Bottom Line, good PR, and what’s best for customers all line up with each other.
“Apple’s reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.”
In light of this case and the questions it raises, it’s worth having some understanding of the need for encryption in our daily lives. Our entire lives (bank accounts, photos, notes, agendas, contacts, etc) are contained on our portable pocket computers – privacy and security is more important than ever. The issues are well-known to computer enthusiasts, but if you want to get informed, arstechnica has a good write-up with some reasons why users should encrypt a smartphone.
Thankfully, both Android and iOS have offered device encryption in various ways for a while now. In the US, Android and iOS combined make up >95% of devices consumers are using. Apple alone commands a 43.1% share of mobile devices in the US. It seems obvious that the results of this latest demand on Apple could have potentially far reaching consequences for consumers in the country. Regardless of personal feelings and Mobile OS preferences; what happens with Apple and this one phone matters.
Currently the FBI is asking for Apple to create a custom iOS build that would allow them more than 10 tries at unlocking the encrypted phone. This custom iOS would allow the FBI to brute-force their way into the phone and bypass the automatic phone wipe that occurs after 10 incorrect password attempts.
Apple explains iOS encryption thusly:
For all devices running iOS 8.0 and later versions, Apple will not perform iOS data extractions as data extraction tools are no longer effective. The files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.
This is similar to Google’s policy: Beginning in Marshmallow, vanilla Android devices have encryption enabled by default. The encryption keys are, like Apple iOS devices, not stored off of the device. This means Google cannot share them with law enforcement (or other parties.) In Android Marshmallow users can simply head to Settings -> Security to view their device’s encryption status. Encryption itself isn’t without a few drawbacks however, there is a somewhat sizeable performance hit. There is also the complete loss of data if one were to forget their passcode.
However, even with any potential drawbacks, encryption remains a wise choice. Losing or having a device taken is never a good thing. Losing one with the knowledge that your data is protected by encryption and a strong pass code is a little bit better for your mental sanity, but infinitely better for your privacy.
Privacy is more than just pictures on your phone or the text messages you send to your friends. Even if you did nothing wrong, or have nothing to hide, your privacy is still a matter of concern to you whether you know it or not — even if it isn’t with the government. Encryption protects privacy in the digital space much like whispers protect privacy at crowded events. You are unconsciously making use of your privacy right through conscious limits on your everyday speech — you don’t tell others what you are uncomfortable with, often citing that it’s “none of their business”. And that very same message is the one we should be sending to monolithic governments: to violate privacy rights is not their business anymore than the physical analogous scenario of having a master key for every lock in town. And this example is not arbitrary; in the same way that locks arguably allowed the transition to big societies and businesses by securing an individual’s goods from potential thieves, encryption has an analogous function in today’s Information Age, as a foundation for the safety of our virtual life and economy.
That’s also why fending off attempts at breaching privacy is so important. But as Cook noted, that’s what such precedent would allow them to do; if we go down this route, we might see the day where no manufacturer is safe from the authoritarian mandates of the US government and its battle against privacy rights; and consequently, no particular individual would be able to rest safe and free, not when they’d know that Big Brother is always watching.