by Dan Moren
Apple’s legal encryption responsibiltiies
Matthew Green at Lawfare has an interesting analysis of Apple’s responsibilities (or lack thereof) to the government in terms of letting law enforcement access secure communications:
Apple does not provide the encryption keys for iMessage, thus there is no current legal obligation for Apple to redesign the system to provide law enforcement access. In fact, it’s exactly these explicit limitations of CALEA that apparently have been driving law enforcement to push for new legislation (which has in the past been referred to as “CALEA II”). That effort has not yet born fruit, despite a number of high-profile speeches.
Most interesting here is Green’s contention that Apple doesn’t go far enough to secure its communications, leaving open the technical possibility for man-in-the-middle wiretapping. That’s a hole that should be closed, and Apple should expand its efforts to bring secure communications to other avenues—email, for example—as well.