By Dan Moren
December 22, 2015 8:16 AM PT
Apple sticks to its guns on encryption
Apple’s come out strongly against a proposed UK regulation to weaken encryption. That follows on the heels of Tim Cook saying to 60 Minutes that the company is against compromising encryption for the benefit of intelligence agencies.
The reasons for this aren’t hard to understand, and one wishes that candidates and politicians on both sides would avail themselves of some basic technical and mathematical knowledge before proposing solutions like backdoors or “Golden Keys.” This excellent piece from former Apple exec Jean-Louis Gassée last week lays out the issues in pretty easy-to-understand fashion:
…Golden Keys are vulnerable. They’ll have to be shared between a number of agencies — meaning people — who need to access suspect communications. Even assuming “acceptable” diligence by their keepers, the keys can still be stolen by determined hackers working for other governments, terrorist organizations, or even domestic corporations who want a leg up on the competition. If banks and other financial organizations are forced to abandon unbreakable encryption, motivated criminals will go to great lengths to steal a Golden Key.
My cardinal rule of technology is “never bet against the hackers.”1 There’s already enough difficulty in making sure that the implementation of encryption is solid and secure, why in the name of all that is good would you introduce a deliberate vulnerability?
In the past, the U.S. has regulated the export of strong encryption, which it considered a munition. As a result, there was a separate version of the Netscape browser with a weaker version of SSL that was easily cracked. It wasn’t until the export rules were relaxed in the mid-90s that the feasibility of implementations like e-commerce finally started to take off, in part because you could actually trust that your financial information would remain safe and secure when you did business online.
So what happens when companies provide a backdoor to encryption? Well, if some services compromise their security, then the very people that the government is trying to catch will simply switch to the services that haven’t. If all encryption is weakened, then the public’s trust level goes into the basement, which could have a pretty counterproductive effect on things like online commerce or technological progress. Either way, we lose.
Keeping encryption strong and secure is the right call, and while Apple and most other technology companies are not acting purely out of altruism—after all, they have customers that rely on that security—I’m glad they’re on the right side of this issue.
This came up largely in the context of continuing efforts at DRM, but it applies just as much—if not mores—in cases like these. ↩
[If you appreciate articles like this one, help us continue doing Six Colors (and get some fun benefits) by becoming a Six Colors subscriber.]