Apple have recently found themselves in a tricky situation regarding data security and user privacy. Even president Trump has weighed in with an opinion and is putting pressure on Apple.
First, let’s take a look at data security and how encryption works to keep you safe. Encryption is a method used to secure data by making it unreadable. We’ll use the example of an online banking website. When you type your username and password into the website, you want to be sure that nobody else can see it. Your password has to be sent from your computer to the bank to be verified, but before it gets there it has to pass through lots of other points on the internet. If it’s not encrypted, any of these points could potentially read your password. So instead, your computer scrambles the password using a mathematical algorithm and a key. Only someone with the same key can unlock (decrypt) the password at the other end. To everyone else, the password looks like unintelligible garbage!
Similar techniques were used in the war to secure secret instructions being sent to the battlefront. Algorithms and keys were used to keep transmissions secure, and at the same time, teams of code breakers were desperately trying to break the codes and read the secret messages. These days, computers have made the algorithms much more secure by using keys that are hundreds of characters long and making the data impossible to decrypt.
So, let’s go back to Apple and why they’re in trouble. Apple use encryption in their products to protect your data. Information sent from your phone to Apple is encrypted to protect it from hackers on the Internet.
There are two types of encryption here though – one where you know the key, and one where Apple knows the key. When you have the key, information is encrypted on the phone and only you can access it. Even though Apple can see the data, they can do nothing with it as to them it’s just random garbage and means nothing without your key.
When they have the key, your data is protected between you and Apple, but when it reaches their network, they can now read it as they have the key necessary to unlock it.
There are reasons why each approach makes sense though. For example, photos you take on your iPhone are securely copied to Apple’s servers and you can log into www.icloud.com to view them from any computer. If your photos were encrypted and only you had the key, this wouldn’t work as the iCloud.com website wouldn’t be able to show them.
These two approaches to encryption are known as “Fail-Safe” and “Fail-Secure”. With “Fail-Safe”, if you forget your password, Apple still has access to your data as they know the key and can potentially still give you access. However, with “Fail-Secure”, only you know your password – if you forget it, your data is encrypted on Apple’s servers – they don’t know the key and can’t help.
So, you can see there are pros and cons to each approach. Fail-Secure is more secure, but, means that the data can’t be used by Apple, and if you lose your password – you lose the data.
A while back Apple announced that they were working towards a “Fail-Secure” method of backing up your devices. iPhones and iPads use iCloud to safely store backups of your devices online. This way, if your device fails, you can fix it or buy a new one and easily restore the backup to get up and running again. These backups were stored unencrypted (Fail -Safe) on Apple’s servers, but Tim Cook, CEO of Apple announced that they would be moving to Fail-Secure, which makes sense as there’s no reason Apple would need access to this data.
However, someone else “does” want access to this data and have allegedly forced Apple into reversing this decision. This someone else is the FBI. To the FBI, this data is a potential gold-mine! When investigating a serious crime, they can subpoena Apple for access to this data – giving them access to emails, messages, photos and more, that could provide essential to an investigation.
Great – so Apple should be providing access to this information for the sake of National Security? Well what works in the US also applies to other countries that use Apple’s devices. Take China as an example, they can use access to the same information against their population. Likewise, should Russia be able to force Apple into providing access to the data of potentially any Apple user. It’s an extreme example, but could Putin ask to see the data on Trump’s iPhone?
It’s a really tricky situation for Apple to be in, with no easy answer. They’re damned if they do and damned if they don’t. I’d be interested in hearing your opinions!