Apple is Considering the Government as Part of their iOS Security Threat Model & Will Act Accordingly
Yesterday we posted a report titled "Malware on Android Continues to Embarrassingly Grow Exponentially in Comparison to iOS," wherein we showed the number of cases of malware that have been found on Android vs. iOS. The contrast was amazing. Apple's security team is obviously doing a great job and yesterday they spent time talking to a limited number in the press about the depth of their security. What was the trigger for this speedy need to talk to the press? While that wasn't made clear, it appears that this week's official release of the 'Compliance with Court Orders Act of 2016,' or Anti-Encryption Bill, might have rung Apple's bell. In fact, Apple used specific language in their press call that would basically confirm that – though those covering it, such as The Verge and TechCrunch oddly never used official quotes as if to say it was off the record … but not.
Tech Crunch: "One thing that bears consideration is how long any tech company, including Apple, can afford not to view government intrusion as part of its threat model. Apple's engineers do not currently do that, but any tech company that is the steward of huge stores of user information (or that manufactures those stores in the form of devices) has to at least be considering the 'GovtOS' vector.
Fighting government demands to unlock phones puts Apple in a tough position — if investigators continue to demand Apple modify its iOS to allow decryption, the company will eventually have to decide whether or not to up its security even further and enable itself to refuse all government requests for data.
It's not something that Apple wants to do — engineers say they don't want to be viewed as government adversaries, and building in tougher encryption to the iPhone and services like iCloud might also mean abandoning some of the design and simplicity that is essential to Apple's brand — but it may soon be time to include the government in Apple's threat model, right alongside the hackers."
Overall, engineers reviewed the features highlighted in the company's Security White Paper today to explain to reporters how Apple secures its customers' data. In particular, Apple emphasized its unique ability to build security into the iPhone starting at the silicon level — although other smartphone manufacturers sometimes outsource their chip production, Apple likes to keep everything in-house. Its latest phones ship with the Secure Enclave, a portion of the phone's hardware that manages the keys used to encrypt the device, as part of the chip.
Although Apple has worked to build encryption into the iPhone from the beginning — it introduced end-to-end encryption in the earliest versions of iMessage and strengthened device encryption with the Secure Enclave — the iPhone's security features have only begun to play a large factor in Apple's marketing in recent years.
Consumer interest in encryption and security has risen in the post-Snowden era and spiked in the wake of the San Bernardino attack, which has influenced Apple to speak more publicly about the design and implementation of its security. For more on this story see the reports by The Verge and TechCrunch.
In the end, the official first draft of the 'Compliance with Court Orders Act of 2016' was sent to members of the Senate for review this week that implies that the government wants consumer electronics like the iPhone to have a means for Apple and other OEM's to be able to decrypt messages and other information on phones of criminals and terrorists when a court order is issued to them or face a penalty. It's basically saying that today's end-to-end encryption for smartphones has to be outlawed. I don't know how else you're to interpret the bill's objectives.
Apple's response is that if this is the direction the government is going, they'll gladly view the government as an enemy or threat and go down the rabbit hole deeper on the encryption front. Even though Apple doesn't want to do that, they're making it clear they will and damn the consequences.
In its Q&A yesterday, Apple said that the government should "form a commission or other panel of experts on intelligence, technology, and civil liberties to discuss the implications for law enforcement, national security, privacy, and personal freedoms."
That was said to make their threats seem more palatable to the public. Both sides are apparently digging in for what's going to be a very long war ahead and Apple will keep pounding the drum that the new enemy on the block isn't terrorists or hackers, it's the U.S. Government.
About Making Comments on our Site:
Patently Apple reserves the right to post, dismiss or edit any comments.