Friday, September 19, 2014

Apple, Data Privacy, And Law Enforcement

Here a few stories that came out recently on Apple's new approach to data privacy and law enforcement:
Washington Post: "Apple will no longer unlock most iPhones, iPads for police, even with search warrants".

Ars Technica: "Apple expands data encryption under iOS 8, making handover to cops moot".

Wired: "How Cops Can Still Pull Data Off Your Locked iPhone, In Spite Of Apple".
Plus this online comment from Jeff Yoak (reposted here with his permission).
If anyone took that announcement to mean that a determined government with broad access to your electronics can't get data from them, that was a bit naive. It is good to have that cleared up, but we should be careful in doing so not to undermine the importance of what has been done.

The vast majority of most our electronic lives is susceptible to broad, passive snooping by the government. Warrantless snooping that is done without your knowledge that it even happened is the rule. It isn't a little better that they can get your goodies with physical access to all of your devices -- it is immeasurably better.

Apple Pay is an even bigger deal, and for some reason that isn't being talked about. You can't get account numbers or personally identifying information out of that, or so it seems from subtle aspects of the description. It is one-time pay codes, and two-factor security with the goodies remaining strongly encrypted in its own chip on the physical device. Of course, the government still has pretty perfect, immediate access to all banking info, including all the credit cards you're actually using to pay for stuff, so it doesn't get any better on day one, but it makes Apple Pay an incredibly strong link in the chain. Combine that with, say, bitcoin or more likely whatever follows bitcoin learning from its strengths and weaknesses, and it could be a staggering win for privacy.