A company invested in securing client data should begin with prohibiting internal access to that data, consider the recent open letter from Apple CEO, Tim Cook (emphasis mine):
Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.
All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.
Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.
For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.
When you expressly design a secure system to which your own engineers and architects do not have access, it protects the company and its engineers as much as your system users. It renders the power of a normal warrant useless, it would be the same as presenting me with a writ to open a house that only has walls, we are both in the same boat, because there is no key, in fact there is no door.
What the FBI appears to have requested in the San Bernardino case, is a warrant that gives it the authority to conscript Apple developers into finding a practical way around a pillar of its security apparatus, thereby giving the FBI the ability to circumvent encryption via brute force.
For the individual, recent interpretations of the Fifth Amendment does indeed protect you from being compelled "to disclose the contents of his own mind," against themselves, referred to as "testimonial" evidence. The court can compel you to give up "non-testimonial" evidence, which includes things like handwriting, voice samples, and DNA.
I genuinely believe you can and should be compelled to hand over any physical information and/or data requested in a legal warrant, I disagree with the idea that you can compel people (or companies) to complete some arbitrary unit of engineering and design work (or passwords) in order to make accessing data easier or even practical. In this narrow regard encrypted information takes on the legal form "of the mind".
However, if a backdoor exists … then shame on your company … and your engineers, because that backdoor will indeed have to be surrendered to authorities.
Comments are closed.