{"id":1751,"date":"2014-10-05T15:16:53","date_gmt":"2014-10-05T14:16:53","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=1751"},"modified":"2021-06-12T09:22:35","modified_gmt":"2021-06-12T07:22:35","slug":"apple-v-the-united-states-whose-side-are-you-on","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=1751","title":{"rendered":"It doesn’t matter that much that Apple and Google encrypts your phone"},"content":{"rendered":"

\"Cybercrime\"<\/a>At the Internet Engineering Task Force<\/a> we have taken a very strong stand that pervasive surveillance is a form of attack.\u00a0 This is not a matter of lack of trust of any one organization, but rather a statement that if one organization can snoop on your information, others will be able to do so as well, and they may not be so nice as the NSA<\/a>.\u00a0 The worst you can say about the NSA is that a few analysts got carried away and spied on their partners.\u00a0 With real criminals it’s another matter.\u00a0 As we have seen with Target,<\/a> other large department stores, and now JP Morgan<\/a>, theirs is a business, and you are their commodity, in the form of private information and credit card numbers.<\/p>\n

So now here comes Apple, saying that they will protect you from the government.\u00a0 Like all technology, this \u201cadvance\u201d has its pluses and minuses.\u00a0 To paraphrase a leader in the law enforcement community, everyone wants their privacy until it’s their child at risk.\u00a0 However, in the United States, at least, we have a standard that the director of the FBI seems to have forgotten- it’s called probable cause.\u00a0 It’s based on a dingy pesky old amendment to the Constitution<\/a> which states:<\/p>\n

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.<\/p><\/blockquote>\n

So what happens if one does<\/strong> have probable cause?\u00a0 This is where things get interesting.\u00a0 If one has probable cause to believe that there is an imminent threat to life or property and they can’t break into a phone, then something bad may<\/strong> happen.\u00a0 Someone could get hurt, for instance.\u00a0 Is that Apple’s fault?\u00a0 And who has the right to interpret and enforce the fourth amendment?\u00a0 If Apple has a right to do so, then do I have the right to interpret what laws I will?\u00a0 On the other hand, Apple might respond that it has no responsibility to provide law enforcement anything, and all it is doing is exercising the right of free speech to deliver a product that others use to communicate with.\u00a0 Cryptographer and Professor Daniel Bernstein successfully argued this case in the 9th Circuit<\/a> in the 1990s.\u00a0 And he was right to do so, because going back to the beginning of this polemic, even if you believe your government to be benevolent, if it can access your information, so can a bad guy, and there are far more bad guys out there.<\/p>\n

Apple hasn’t simply made this change because it doesn’t like the government.\u00a0 Rather, the company has recognized that for consumers to put private information into their phone, they must trust the device to not be mishandled by others.\u00a0 At the same time, Apple has said through their public statements that information that goes into their cloud is still subject to lawful seizure.\u00a0 And this brings us back to the point that President Obama made at the beginning of the year: government risk isn’t the only form of risk.\u00a0 The risk remains that private aggregators of information \u2013 like Apple and Google or worse, Facebook\u2013 will continue to use your information for whatever purposes they see fit.\u00a0 If you don’t think this is the case, ask how much you pay for their services?<\/p>\n

And since most of the data about your or that you own is either in the cloud or heading to the cloud, you might want to worry less about the phone or tablet, and more about where your data actually resides.\u00a0 If you’re really concerned about governments, then you might also want to ask this question:\u00a0 which governments can seize your data?\u00a0 The answer to that question is not straight forward, but there are three major factors:<\/p>\n

    \n
  1. Where the data resides;<\/li>\n
  2. Where you reside;<\/li>\n
  3. Where the company that controls the data resides.<\/li>\n<\/ol>\n

    For instance, If you reside in the European Union, then nominally you should receive some protection from the Data Privacy Directive<\/a>.\u00a0 Any company that serves European residents has to respect the rights specified in that.\u00a0 On the other hand, there are of course exceptions for law enforcement.\u00a0 If a server resides in some random country, however, like the Duchy of Grand Fenwick<\/a>, perhaps there is a secret law that states that operators must provide the government all sorts of data and must not tell anyone they are doing so.\u00a0 That’s really not so far from what the U.S. government did with National Security Letters<\/a>.There’s a new service that Cisco<\/a> has rolled out, called the Intercloud<\/a> that neatly addresses this matter for large enterprises, providing a framework to keep some data local, and some data in the cloud, and the enterprise has some control over which.\u00a0 Whether that benefit will extend to consumers is unclear.In the end I conclude that people who are truly worried about their data need to consider what online services they use, including Facebook, this blog you are reading right now, Google, Amazon, or anyone else.\u00a0 They also have to consider how if at all they are using the cloud.\u00a0 I personally think they have to worry less about physical devices, and that largely speaking Apple’s announcement is but a modest improvement in overall security.\u00a0 The same could be said for IETF efforts.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Apple’s and Google’s announcements that they will encrypt information on your phone are nice, but won’t help much. Most data is in the cloud, these days; and your protections in the cloud are governed by laws of numerous countries, almost all of which have quite large exceptions.<\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[87,4,9],"tags":[57,32,486,274],"class_list":["post-1751","post","type-post","status-publish","format-standard","hentry","category-internet","category-politics","category-security","tag-apple","tag-cybercrime","tag-data-privacy-directive","tag-google"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1751"}],"version-history":[{"count":4,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1751\/revisions"}],"predecessor-version":[{"id":2990,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1751\/revisions\/2990"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}