The debate over encryption, privacy and security won't be won in 140 characters. We deserve more from those with whom we entrust our data.
When Apple CEO Tim Cook published his "message to our customers" Wednesday morning — laying out the company's opposition to a federal judge's order to aid in the unlocking of an iPhone used by one of the two San Bernardino terrorists — reaction was fairly swift. We read it over breakfast and shared it before our oatmeal grew cold. We did precisely what the more security-conscious among us have been trying to make happen for far too long.
We began the next chapter of public debate of privacy, security and encryption.
And there have been any number of more thoughtful pieces. Our own Rene Ritchie waxed philosophic on iMore.
Make no mistake, what is being asked of Apple should horrify not just those in the U.S. but around the world. Nothing made can be unmade. Nothing used once will only ever be used once. The moment after an easy way to brute-force passcodes exists we, none of us, will be safe.
Stratechery's Ben Thompson stands out, as usual, with an excellent breakdown of exactly what the government is asking, the technical issues at hand, and he dips a toe into the greater pool of the future of privacy and security.
This solution is, frankly, unacceptable, and it's not simply an issue of privacy: it's one of security. A master key, contrary to conventional wisdom, is not guessable, but it can be stolen; worse, if it is stolen, no one would ever know. It would be a silent failure allowing whoever captured it to break into any device secured by the algorithm in question without those relying on it knowing anything was amiss. I can't stress enough what a problem this is: World War II, especially in the Pacific, turned on this sort of silent cryptographic failure.
Thompson mostly limits his analysis to the scope of Apple and the iPhone — "I just hope that this San Bernardino case doesn't become a rallying cry for (helping to) break into not only an iPhone 5C but, in the long run, all iPhones" — but the far-reaching potential of the government compelling a private company to provide access to a private individual's phone is certainly evident.
Googler Kirill Grouchnikov elegantly wrote of the parallels to what he saw in the Soviet Union:
What is going to stop other governments from demanding access to the same special system build? How many countries can a multi-national corporation withdraw their business from before it has no more places to do business in? How do you as a supporter of lawful information "extraction" decide on which laws you agree with and which step over "the line" that separates the good guys from the bad guys?
There's not a single line in Tim Cook's letter that is a gratuitous exaggeration of the dangers that lie ahead. I've spent the first twenty years of my life living in the communist USSR, where it was pretty safe to assume that the state had the capabilities and the means to do mass surveillance of anybody and everybody.
As I said, this isn't just about the iPhone.
Other major players, however, were silent. We heard not a public word from Google until CEO Sundar Pichai let loose a string of five tweets — not even on Google+ — somewhere around 12 hours later. Not a blog post. Not an open letter from the chief executive of one of the few companies than can rival Apple.
Five tweets on a micro-blogging service that limits posts to 140 characters.
And five tweets that go no further than saying the government's order "could be a troubling precedent."
1/5 Important post by @tim_cook. Forcing companies to enable hacking could compromise users' privacy— sundarpichai (@sundarpichai) February 17, 2016
2/5 We know that law enforcement and intelligence agencies face significant challenges in protecting the public against crime and terrorism— sundarpichai (@sundarpichai) February 17, 2016
3/5 We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders— sundarpichai (@sundarpichai) February 17, 2016
4/5 But that's wholly different than requiring companies to enable hacking of customer devices & data. Could be a troubling precedent— sundarpichai (@sundarpichai) February 17, 2016
5/5 Looking forward to a thoughtful and open discussion on this important issue— sundarpichai (@sundarpichai) February 17, 2016
Perhaps logistical reasons precluded a greater response. (Facebook's Mark Zuckerberg apparently was engrossed in a rousing ping pong match — on Oculus Rift — with Indonesian President Joko Widodo today.) Perhaps the lawyers did their thing — this was on Pichai's Twitter feed, after all, and not on an official Google feed. (Though I'd argue any line between the two is very thin.) We can only hope (and probably safely assume) that more is coming from Google, and its CEO, in the coming days and weeks ahead. But the initial response from Google's new CEO was lukewarm —at best — on a day in which Apple's chief executive poured a cup full of molten 7000 series aluminum on the idea that his company can be compelled to make it easier for anyone to hack into the devices it sells. Our devices.
We have to ensure that the the debate isn't lost among the flotsam and jetsam of our current throwaway culture.
We will have a long and spirited debate about encryption and privacy and security and whether criminals are entitled to any of those things. (Spoiler: They most certainly are, until convicted. That's how this works.) The debate has been going on for as long as computers have existed. It's just now really starting to spill over into the general populous. And those of us who help bridge the cap between consumer and company need to ensure that the the debate isn't lost among the flotsam and jetsam of a culture that's all-too-obsessed over whatever the next throwaway sensation is.
Apple is fighting the government's order to aid in the unlocking of a phone that very much is evidence in a legitimate criminal investigation is a matter of principle. Others are lining up behind Cook. And many of us common folk are lining up with them.
But Google. Facebook. Microsoft (which addressed copyright later today) — we expect more than tweets from them. We deserve more than tweets from them.
For the vigorous public debate over encryption, privacy and security will not be won 140 characters at a time.