20.2.16

Apple and ‘exceptional access’ to crypto protection


Apple is the latest in a host of technology players to be requested to allow exceptional access, that is, access in exceptional cases where it would be deemed to have high value relative to an active investigation. But they are certainly neither the first nor the last.
We recently wrote about ProtonMail’s attempt to curtail government pressure to allow backdoor access to email content, to which they’ve rallied the privacy advocates to force a public vote in Switzerland. They are not alone in the email space either – a host of other providers have been asked to defend similar positions both domestically and abroad.
“Seemingly all facets of digital communications are coming under scrutiny in exceptional access cases.”
Seemingly all facets of digital communications are coming under scrutiny in exceptional access cases. And while EFF and a host of others continue to wave the banner of privacy, it’s easy to understand why governments are interested.
After all, that’s where all the details that describe our daily activities reside. Open up our smartphones and you have access to an increasingly accurate dossier of who we consider ourselves to be. If you’ve had a smartphone for years, a timeline suggesting a personal narrative can easily be inferred.
The same is true of many of the stalwart digital activities that pepper our daily lives, like Skype, instant messaging, email and a host of others. It’s getting harder to find a single place where we don’t leave a digital footprint. Car perhaps? Not if it’s a new one – they’re wired, too.
Well over a hundred years ago, polite society had long debates about what level of legal access was deemed appropriate in public versus private spaces. But if it came down to it, the cops could break down the doors of your residence if they believed there was sufficient reason and a judge agreed to let them by issuing a warrant or similar process.
But what if you had a door that couldn’t be broken? Should law enforcement lean on the manufacture to provide a master key? Now we’re having that same conversation in a digital format.
Recent years have taught us that few digital strongholds are safe from cybercriminals. If they – or others with ill intent – were to gain access to that master key, nasty people may run amuck by unlocking doors as they see fit.
So that’s the argument. If you design a door with a lock that can’t be broken by anyone, including the manufacturer, it can certainly be argued it’s more secure. And in the marketplace, especially if you are in the security space, that trust and confidence is hard to win and maintain. Knowing you were quietly producing master locks for your security systems could suddenly and quite unceremoniously blacklist you in the market – something you can rare afford to do in a fiercely competitive marketplace.
So Apple is in a quandary, along with a host of other technology companies. Rebuild your doors with a master key, hope bad people don’t get it and the market doesn’t excoriate you when it finds out, or just say no altogether. Companies like ProtonMail are resisting. ESET has weighed in on the issue in response to questions, and now Apple joins their ranks. We’ll see who gives.