August 15, 2012
Security experts consider Apple’s most recent generation of products to be some of the most secure communications devices currently available for mass market consumers. Some of those same experts, however, have begun to wonder if making that level of strong security widely available necessarily serves the public interest.
Early versions of Apple devices were not nearly as secure as the current generation. Faced with criticism for perceived security weaknesses, Apple made strong security a point of emphasis for each new generation of products.
A key aspect of Apple’s iPhone and iPad products is their use of the very strong Advanced Encryption Standard (AES). This is the same encryption standard used by the U.S. government to secure its communications.
Apple products embed the AES encryption system in their hardware, instead of relying solely on software-based cryptography.
Apple equipment combines the embedded AES encryption with software based “PIN locks” controlled by the owners of the devices. This combined hardware and software security process makes it extremely difficult to access data stored on those devices after the device has been powered-down.
Although other popular communications devices also provide levels of security for their users, none balance strength of security with ease of use quite as effectively as the Apple equipment. The Blackberry uses encryption embedded in the hardware, but the system is not generally as user-friendly as Apple’s. Android equipment provides security, but that security is not as strong as Apple’s.
Thanks to its focus on security, Apple products are now the product of choice for security-conscious consumers. Unfortunately, that class of consumers also includes criminals and other parties with malicious intent.
A Justice Department official recently described a powered-down iPhone as law enforcement’s “worst nightmare.” For the authorities, the Apple devices are nightmares because they are widely available, easy to use, and very difficult to hack.
Apple’s products illustrate the complex nature of the relationship between computer security and information privacy. Consumers value privacy.
To protect that privacy, they increasingly demand and use products that are highly secure. Yet, as those products become more secure, they also become more of a potential threat to public safety to the extent that they fall into the hands of malicious individuals.
The continuing challenge is the need to balance effectively personal and collective security.
Devices such as Apple’s which provide greater security for individual users enhance their privacy, but often do so at the potential expense of collective security. In contrast, actions which limit or restrict the personal security and privacy of the individual pose dire potential threats to the fundamental civil liberties upon which democratic societies rely.
For the foreseeable future, our laws and public policies will be evolving as we continue to strive for an appropriate balance between protecting the privacy of the individual and pursuing collective security.