Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

The Encryption Wars, Revisited

DZone's Guide to

The Encryption Wars, Revisited

Once again, law enforcement is calling for weakened consumer-grade encryption.

· Security Zone
Free Resource

Address your unique security needs at every stage of the software development life cycle. Brought to you in partnership with Synopsys.

Once again, law enforcement is calling for weakened consumer-grade encryption.

In this case, the Manhattan District Attorney, Cyrus Vance, is asking Apple to change their device encryption strategy so that Apple holds some kind of master key. Basically, Vance would like to revert iOS security to what we had with iOS 7.x.

Vance claims that, today, he has on the order of 400 Apple devices that they have acquired via various arrests that they can't access. The implication, of course, is that there's data in these devices that will in some way incrimnate the owner. There's no way Vance can know this without accessing the device, of course.

In general, I'm against designing systems that are deliberately less secure than they can be. That said, I understand Vance's perspective, and I don't think anybody wants the kinds of criminals he's prosecuting to be released, if they are in fact guilty. In the United States, after all, your home can be searched with a warrant. I don't see why your phone should be more protected than your home.

From Apple's perspective however, should they deliberately design devices with backdoors? even if the backdoor requires physical access of the device, is this something they should do? after all, they sell their devices all over the world.

Well, I'm sure Apple doesn't want to. What kind of liability would this incur? they do business everywhere - if this is used in another country to break into a device, is Apple liable in some way? And if they use some kind of key-based scheme to secure a bootable ramdisk, or something similar, how are they going to protect it? That particular key is going to be coveted, belive me. And how many different cities, states, and countries will they need to support in this way? I can see this adding up quickly.

Today, iOS devices can use security as a strong selling point. I honestly don't expect apple to sacrifice this without firm legal direction, if then. And if they do, I expect they'll charge quite a bit for the service.

Find out how Synopsys can help you build security and quality into your SDLC and supply chain. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Topics:
encryption ,security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}