THE TRUE COST OF ENCRYPTION
Yesterday, Apple CEO Tim Cook released a public letter to customers where he very eloquently laid out his opposition to a court order requiring his company to create a backdoor in the operating system on a phone of the San Bernardino terrorists. This is just the latest event in a string of clashes between the technology industry and governments regarding encryption.
ENCRYPTION DEMYSTIFIED
Encryption is an often confusing and misunderstood technology. For many, it is the thing of Hollywood movies: dark rooms with multiple screens of code flowing down and some spectacled brainiac furiously typing away to crack into an encrypted file. This could not be farther from the truth. In reality encryption is a fundamentally simple process, though complex in action.
Think of encryption as a lock that you secure with a key, as if you would your front door. Everyone has data (anything from your website content to personal financial data) worth protecting, that piece of data is ‘locked-up’ with encryption by transforming it into an undecipherable mess of code through a process secured by a unique password (called the encryption key). This “lock” though cannot be picked like a normal house lock. In fact if you do the math, which some have done, with state of the art encryption (and a maximum length key) it would take more energy than is contained in a supernova, with a cost of about $8 octodecillion dollars, and more time than the universe has been in existence, even using the fastest computer known to man, to pick this lock. In other words, without the key the chances of someone getting the data are as close to zero as one can get.
NO LONGER A ‘NICE TO HAVE’
Now you can begin to understand why this technology is so often misunderstood, the numbers behind it are incomprehensible. So then why is it important for us to use such powerful encryption in our daily lives? Just ask the almost 170 Million people who had records stolen during 2015 in data breaches. Encryption isn’t a nice to have anymore, it’s an absolute necessity in our increasingly online existence. The privacy you expect and deserve while online is built on the fundamentally strong and impenetrable nature of encryption.
APPLE VS. THE FBI: OPENING PANDORA’S BOX
So, what happens then if this unbreakable lock is given a weakness, a backdoor that when exploited gives access to all that is inside? Why would you go about the hassle of installing a lock like this on your front door, only to leave a window open around back of your house or the key taped to the door?
The FBI is not asking Apple to provide a backdoor to the encryption itself, even Apple cannot do that. Instead they are requesting that a special version of the operating system be created and installed on the device to remove safeguards around how the key to the encrypted data is created and used. iOS devices have a simpler key structure, especially an older device such as the one at the center of this case. Apple gets around this limitation by creating a setting that allows the device to be wiped (all data destroyed) after 10 unsuccessful attempts at entering the key and by limiting the time in which you can make guesses as to what they key is. It is this “nuclear option” of wiping the device that the FBI is asking Apple to bypass in order to allow a brute force effort to guess the key.
The basis for Apple’s opposition to the court order is simple: by creating a backdoor into their operating system, they open a Pandora’s box that cannot be closed. This weakness is ripe for exploitation by others looking to do harm and it cannot be controlled once created. This puts at risk the over 1 billion active iOS devices in the world. Once created, a vulnerability in the operating system cannot be trusted by anyone to keep out of harm, even in the hands of the government. Not only would this lessen the security and privacy of current Apple customers, it would set a dangerous precedent for other U.S. businesses. Google’s CEO Sundar Pichai has also come out in support of Apple, and it seems likely there will be many more to come.
LOCKS KEEP US SAFE
The widespread use of encryption does not weaken our society, or make us less secure. Instead, the opposite is true; encryption is what allows us to retain our last bit of privacy as more and more of our lives go online. It also protects the intellectual property our businesses need to remain competitive.
This lies at the heart of why we created Lockr. We believe encryption should be easy to implement and inexpensive to do correctly. We’ve made technology that was traditionally only available to the large enterprises and governments available to every website creator no matter their size or budget. Lockr maintains the keys to your encrypted data and connected services, providing the security necessary to keep your data away from those that mean you harm. We layer encryption in such a way that Lockr cannot know of or obtain the keys to unlock your data. We feel that by doing this, no one, not hackers, the government or anyone else, can get to your data through our system.
We will watch how this continues to unfold, and support those who stand up for keeping encryption and keys secure. If you want to learn more about what Lockr does to keep your data safe, drop us a line or try using Lockr for free. Stay tuned here on this blog for more tips and tricks to easily secure your data.
–Lockr