The Encryption Wars, Revisited

Once again, law enforcement is calling for weakened consumer-grade encryption.

In this case, the Manhattan District Attorney, Cyrus Vance, is asking Apple to change their device encryption strategy so that Apple holds some kind of master key. Basically, Vance would like to revert iOS security to what we had with iOS 7.x.

Vance claims that, today, he has on the order of 400 Apple devices that they have acquired via various arrests that they can't access. The implication, of course, is that there's data in these devices that will in some way incrimnate the owner. There's no way Vance can know this without accessing the device, of course.

In general, I'm against designing systems that are deliberately less secure than they can be. That said, I understand Vance's perspective, and I don't think anybody wants the kinds of criminals he's prosecuting to be released, if they are in fact guilty. In the United States, after all, your home can be searched with a warrant. I don't see why your phone should be more protected than your home.

From Apple's perspective however, should they deliberately design devices with backdoors? even if the backdoor requires physical access of the device, is this something they should do? after all, they sell their devices all over the world.

Well, I'm sure Apple doesn't want to. What kind of liability would this incur? they do business everywhere - if this is used in another country to break into a device, is Apple liable in some way? And if they use some kind of key-based scheme to secure a bootable ramdisk, or something similar, how are they going to protect it? That particular key is going to be coveted, belive me. And how many different cities, states, and countries will they need to support in this way? I can see this adding up quickly.

Today, iOS devices can use security as a strong selling point. I honestly don't expect apple to sacrifice this without firm legal direction, if then. And if they do, I expect they'll charge quite a bit for the service.