How many times have you forgotten the password you used for some computer program?
Security experts advise you have a constantly shifting series of passwords, not just one for everything. That's like making your password "123456", they say. But how many times have you forgotten a password, and been unable to access the data you needed? How many passwords have you reset, or entrusted to your OS or browser's memory?
And now some say eventually Apple or somebody will produce a security system no one can engineer a "back door" for. All because the FBI wants to conduct a criminal investigation of a dead man's phone that belongs, still, to his employer.
Henry Kuttner wrote a story, "Piggy Bank," about a man who wanted perfect security for his possessions. The story involves some industrial espionage and a valuable formula which the owner of the "piggy bank" wants kept secret. He has the perfect security system designed by a man who also knows this formula (the details are sketchy in my memory, and I don't want to get too far into the weeds). The perfect security? A robot, plated in gold, covered with the jewels and precious stones that are the fortune. What good are jewels if they can't be seen, right?
The robot treads the grounds of the owner's estate, flashing in the sunlight. But without the password to disable it, it cannot be approached. This becomes the crux of the story: the creator of the robot dies without revealing the password (skullduggery is involved, IIRC), and then it turns out the password is the formula, which must be shouted at the robot for anyone nearby to hear. Someone, of course, is always nearby, because a wealthy rival knows this much of the secret. So the owner of the robot tries a number of methods to contain the robot long enough to disable it. None, of course, work. The robot manages to escape every attempt to contain it, until finally the exasperate owner must use the password. The robot halts, but his most valuable secret is lost.
Be careful what you wish for. Be careful, especially, when you wish for a perfect security system, one that no one can open. That no one might be you. The information that opens it might be of greater value to others than the information being protected.
The problem with absolute security is that it is absolute. The problem with security is that it can render useless the idea of security; when it becomes a fetish; when we think we can create the perfect set of circumstances. What good is a safe for storing valuables, if it can never be opened?*
*And part of the problem here is whether or not we really understand what is under discussion. Is Apple's security truly of a nature that any key will be a key to all Apple devices? Do words like "lock" really mean something different in this digital age than they did in the 18th century? Were words really once material things connected inextricably to physical objects, and now they are simply metaphors, quarks replacing atoms, "charm" replacing electro-magnetics? We're back to the idea of absolute security. Your personal records are accessible to anyone with the determination to have at them: alarm systems can be circumvented, safes opened, locks defeated. Who has a safe that destroys the contents if the combination is not correctly entered within 10 tries? While we are supposed to be afraid of hackers chasing down our cell phone, the real problem has been data storage by third parties. If my cell phone is so valuable it contains information I dare not lose, I am a fool to carry it around with me, and risk losing it. Maybe the problem isn't with our "archaic" laws, or with our metaphors; maybe the problem is with our ideas about what can be "secure," and how free we are to conduct ourselves in this digital world we have created.
The irony of arguments in favor of Apple is that it presumes the digital world is as inalterable as the natural world, and that we have no choice but to live in it entirely. But we're back to the question of security and privacy that was fought out over issues like Facebook and those pictures you posted in college that suddenly don't look so smart when your employer finds them. Maybe the issue is not security, and absolute security at that; maybe the issue is how we behave. And whether or not we can expect someone to save us from ourselves.
Same, in other words, as it ever was. We have met the enemy; once again, he is us.
**And it occurs to me, if we shift the facts here ever so slightly, do we want a different outcome? Instead of the FBI trying to crack this phone, what if it is the widow trying to probate her husband's estate, and information on the phone might prove valuable in a will contest case? If Apple tells the widow "Tough shit, there are larger principles involved here!," do we feel as much sympathy for Apple? Because the claim here is not government intrusion, but providing a skeleton key to the world. Change the facts, change the outcome?
Ted Olson told NPR this morning the issue is about China, and Apple's huge customer base there. Although it doesn't affect the legal arguments in this country, Apple is conducting a PR campaign portraying itself as a champion of civil rights in America (what civil rights exist in China? Does Apple care?). Mr. Olson's argument exposes the cynicism of Apple's PR argument. In this country Apple is using the legal system properly to challenge a court order. Could they use the same system in China? Would they defy a Chinese government order without such a system?
The idea that there is any, real privacy protection online is a fantasy that corporations like Apple promote as part of their branding. Back during the Snowden-Greenwald-Poitras wars the point that e-mails and other communications passed through servers in countries without any intention of being held to the romantic view of privacy held here never got addressed.
ReplyDeleteAnyone who doesn't figure that lots of what they're told is secure is vulnerable to governments, corporations, gangsters (in the rare cases when there is a distinction to be made) are chumps.
There is a way to have secure privacy, that's to keep it off line and out of the hands of people who will put it online. These days unless you are really careful and scrupulous in doing that, you're living in a fantasy land if you think you can depend on that. I stopped sharing family pictures with people, even the ones who promised not to post them online because they don't take the privacy of the people in the pictures seriously. And I'll bet they'd be the first people to get up on their high horse about protecting the posthumous privacy of mass murderers.
The idea that there is any, real privacy protection online is a fantasy that corporations like Apple promote as part of their branding. Back during the Snowden-Greenwald-Poitras wars the point that e-mails and other communications passed through servers in countries without any intention of being held to the romantic view of privacy held here never got addressed.
ReplyDeleteAnyone who doesn't figure that lots of what they're told is secure is vulnerable to governments, corporations, gangsters (in the rare cases when there is a distinction to be made) are chumps.
There is a way to have secure privacy, that's to keep it off line and out of the hands of people who will put it online. These days unless you are really careful and scrupulous in doing that, you're living in a fantasy land if you think you can depend on that. I stopped sharing family pictures with people, even the ones who promised not to post them online because they don't take the privacy of the people in the pictures seriously. And I'll bet they'd be the first people to get up on their high horse about protecting the posthumous privacy of mass murderers.
The on-line privacy argument now applies to the cell phone privacy argument: if my cell phone contains information so valuable to me even in death it must not be revealed, then what am I doing carrying the thing around with me?
ReplyDeleteIf I forget my Apple password, my phone (no, I don't have an iPhone, but stay with me) will eat my valuable data which I don't want anyone else to read (which presumably would happen if I lost my phone. If hackers can access my phone from China, maybe I don't want any data on it at all.).
But if I use one password for everything (making it hard to forget), I've defeated the purpose of having passwords, because I've basically put all my "valuables" on one key, and anyone who gets that key gets me.
So the solution is to back Apple in its fight with the FBI?