When I was in college, a friend taught me how to pick locks.
It was a great weekend pastime, and we’d often challenge one another to sneak in to different rooms on and around campus just to prove it was possible. Some of our friends even gave us permission to bypass the locks on their dorm rooms to borrow videos or CDs when they were out of town.
Knowing how to pick a lock opened the world to us. Locked doors were no longer obstacles; they were mere inconveniences.
Coming in handy
After my grandmother passed away, we took a good long time going through her belongings before selling her house. Everyone knew she had a life insurance policy, and we were pretty sure we knew where it was, but it still took time to find the locked strongbox in her basement.
A locked strongbox for which we didn’t have a key.
I showed off some skills and bypassed the lock for my parents. We found the insurance policy and took care of business.[ref]My parents also upgraded their own locks to combinations rather than keys. Having a curious son with lock picking abilities made them a bit uncomfortable.[/ref]
In one of my first jobs, we purchased a wall full of filing cabinets so we could properly archive and maintain client portfolio work. Unfortunately, the cabinets came without keys, and were delivered locked. My boss walked into our open office and asked, “can anyone here pick locks?”
I spoke up before realizing what exactly it was I was admitting to.
Shocked, he handed me a paper clip and told me to go at it. It took some forum research and a few minutes with multiple paper clips, but we got in to the filing cabinets just fine.
If I can get in …
I learned very early in my career how to gauge the security of a system. If I can get in, then there is a chance that someone else can get in, too. The security of a system is measured by how easily that third party can get in.
When it comes to dorm rooms, you can pick the lock. You can also use the master key locked in the basement for staff use.
When it comes to filing cabinets, you can pick the lock. You can also just kick the drawer really hard and force it open.
If I can get in legitimately, then someone else can either spoof my legitimate access or attempt to bypass my access mechanism (pick the lock, force the drawer, etc). The who of this bypass is also interesting. Is it a friend trying to borrow a DVD? A staff member trying to check on health and welfare by checking on my room? A customer trying to make a filing cabinet more accessible?
A government organization serving a secret warrant to look at information I’ve intentionally hidden from the world behind lock and key?
Apple and Security
Apple made waves when they explained how iOS 8 was designed specifically to protect user data from being unlocked by a third party:
Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant[ref]Apple will no longer unlock most iPhones, iPads for police, even with search warrants[/ref]
This decision has been met with very mixed reviews. On the one hand, it’s been praised as a major step forward in data security. On the other hand, it’s also been criticized as an intentional act meant to thwart legal search warrants.
Apple’s design change one it is legally authorized to make, to be clear. Apple can’t intentionally obstruct justice in a specific case, but it is generally up to Apple to design its operating system as it pleases. So it’s lawful on Apple’s part. But here’s the question to consider: How is the public interest served by a policy that only thwarts lawful search warrants?[ref]Apple’s dangerous game[/ref]
I find this a ridiculous statement, question, and concern for many reasons. But I’m only going to address one.
Under the old system – iOS 7 and earlier – Apple retained a way to bypass your password. If Apple had your phone, and a legitimate reason to do so (i.e. a warrant), they could unlock your phone without you present and without knowing your password in the first place.
Apple had a master key to your phone.
Under the new system, Apple is giving up their master key. Even if served with a search warrant, the only way Apple would be able to unlock your phone is by knowing your password. This isn’t a policy change, it’s a technical change – turning off a hidden master key and allowing you the consumer to really be secure in the data you put behind your password.
Frankly, that Apple could unlock older phones without the customer’s presence or permission terrifies me. When I lock my door, log out of my computer, or encrypt my phone I’m doing so under the assumption that I am the only person who can open it. That said, someone could still pick the lock, break my computer password, or untangle the encryption on my phone – but there isn’t a third party somewhere who can just straight-up bypass my protections.
Skeleton keys can get lost. Passwords can be guessed. Hackers can break their way in to seemingly secure infrastructure and, if the access to customer phone data lies behind that infrastructure, force their way into new systems they shouldn’t have access to. I’m less worried about the impact of Apple’s new software on “the public interest” than I am the fact that rogue Apple employees or hackers can use some sort of Apple master system to break into pre-iOS 8 devices.
A secure system with a built-in administrative bypass is far less secure than one without it. Apple has built a more secure system, which in turn serves the public interest and makes the world a safer, more secure place. That journalists and technologists would question this advance makes me extremely worried about our current state of data security.