Apple's Encryption “Announcement”
Posted by Aaron Massey on 17 Nov 2014.
A couple months ago, as a part of the rollout plan for iOS 8, Apple announced a new encryption policy: devices with iOS 8 would be encrypted in such a way that only the user would have access to the information on those devices. Apple would no longer be able to access it because they would no longer store an encryption key.
This announcement made waves in the technology and technology policy communities. Shortly after Apple’s announcement, Google announced that a similar feature will be enabled by default in future versions of Android, their competitor to iOS. Within a month, FBI Director James Comey blasted these decisions and called on Congress to prevent the FBI from “going dark” by requiring these companies provide access to law enforcement. The second major crypto war has officially begun. Great posts on both sides of this debate are available wherever technology punditry is sold.
Most recently, like within the last few hours, the New America Foundation’s Open Technology Institute hosted a debate on this topic featuring former FBI General Counsel Andrew Weissmann arguing in favor of law enforcement and former White House tech policy adviser Peter Swire arguing in favor of strong encryption.
Though Weissmann and Swire took opposite sides of the debate, they both agreed on one thing: Apple’s announcement was inartfully worded. In essence, they felt it was a bit too direct and perhaps needlessly aggressive regarding requests from law enforcement. I disagree. Apple’s announcement was very carefully crafted, and it fits deeply within Apple’s company culture and history.
I’m going to walk through a couple of sections of the statement, but if you want to read the message from Tim Cook of the section on government information requests before continuing, that would be better. (I don’t want anything taken out of context, but I’m not going to quote the whole statement.)
Perhaps the first thing to notice is that the “announcement” portion of this news is a bit of a misnomer. This isn’t an announcement; it’s an update to their privacy policy. As someone who has read and studied hundreds of privacy policies, I can say definitely that the best ones provide clear and direct detailed information regarding what information is collected, how it is maintained, and who it is shared with. A critical piece of this is whether and how law enforcement gets access. Thus, I’m not sure it makes sense to be indirect in the slightest about what happens with requests from law enforcement. Whatever the reason, the writing is direct and personal:
On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.
They aren’t writing their privacy policy for law enforcement; they are writing it for you, the consumer. Apple does not have an obligation to ensure law enforcement has a route to access your communications. To call Apple’s wording indelicate implies that Apple “owed” the government something, whether a tip of the cap or a heads-up or something. Apple has no such obligation. Whatever good will the government may have had with Apple in this area was likely obliterated by the NSA’s slow and mostly bad public relations after the Snowden leaks implicated Apple as complicit in a massive government spying scandal. Add Apple’s recent celebrity photo scandal to the mix, and I believe Apple needed to be aggressively pro-consumer. Apple needs their privacy policy to clearly state for their consumers what Apple’s obligations and priorities really are.
The next thing to notice is that the policy starts with a “A message from Tim Cook.” Some of my favorite Apple commentators compared this statement to Steve Job’s Thoughts on Flash, and it’s an apt comparison. Both statements read more like personal messages than corporate press releases. This is intentional. Corporate press releases are bland, soulless pieces of writing that will drain the passion from not only a customer base but perhaps more importantly the company’s employees. Both messages also provide a business case for Apple’s actions, and they are similar in their aggressive stance against their competitors. Here’s Steve Jobs taking a shot at Adobe:
Flash was created during the PC era – for PCs and mice. Flash is a successful business for Adobe, and we can understand why they want to push it beyond PCs. But the mobile era is about low power devices, touch interfaces and open web standards – all areas where Flash falls short.
The avalanche of media outlets offering their content for Apple’s mobile devices demonstrates that Flash is no longer necessary to watch video or consume any kind of web content. And the 250,000 apps on Apple’s App Store proves that Flash isn’t necessary for tens of thousands of developers to create graphically rich applications, including games.
Flash is no longer the dominant force for multimedia content on the web. Since Steve Jobs posted his “Thoughts on Flash,” HTML5 took off like a rocket, and Flash has steadily declined in both influence and install base.
Now here’s Tim Cook taking a shot a Google:
A few years ago, users of Internet services began to realize that when an online service is free, you’re not the customer. You’re the product. But at Apple, we believe a great customer experience shouldn’t come at the expense of your privacy.
Our business model is very straightforward: We sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t “monetize” the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple.
Don’t forget that shortly after this statement went live Google announced, in classic little-brother-me-too fashion that they were enabling encryption by default on Android. Apple’s statements on encryption in iOS 8 were not inartfully worded; they were worded exactly the way Apple wanted them worded.
Finally, I want to mention something that is perhaps controversial. I don’t believe that what I’m about to mention is necessary to come to the conclusion that Apple’s statements were very carefully worded or that they accurately represent the company’s position. Still, I want to mention this because it’s too plausible and too compelling an explanation to omit altogether.
I believe Tim Cook’s homosexuality may have influenced his company’s decision regarding encryption. The encryption “announcement” was September 18th. Comey’s plea for Congress to get involved and prevent companies like Apple from doing this was about a month later on October 17th. Less than two weeks after that Tim Cook announced in Bloomberg Businessweek that he is a proud homosexual. Tim Cook carefully crafted his essay in Bloomberg Businessweek, and in some circles, it was far more important than Apple’s updated privacy policy.
Now, I don’t think there’s a direct, causal connection to these announcements. I know Cook didn’t decide on a spur of the moment to publicly come out as gay right after Comey’s plea to Congress. However, Tim Cook’s experience growing up and living as a homosexual affects his worldview. How could it not? He believes he has a societal responsibility as a public homosexual. Here’s how he puts it in his essay:
I believe deeply in the words of Dr. Martin Luther King, who said: “Life’s most persistent and urgent question is, ‘What are you doing for others?’ ” I often challenge myself with that question, and I’ve come to realize that my desire for personal privacy has been holding me back from doing something more important. That’s what has led me to today.
For years, I’ve been open with many people about my sexual orientation. Plenty of colleagues at Apple know I’m gay, and it doesn’t seem to make a difference in the way they treat me. Of course, I’ve had the good fortune to work at a company that loves creativity and innovation and knows it can only flourish when you embrace people’s differences. Not everyone is so lucky.
There are countries in the world today where homosexuality is illegal. There are cultures, including in parts of the United States, where homosexuality is an anathema. This changes the nature of a government request for information. If Tim Cook was thinking about publicly announcing his homosexuality and also thinking about updating Apple’s encryption policies around the same time frame, then that would go a long way to explaining why this was something that Apple chose to do now.
I don’t want to draw a direct conclusion about this, but it hasn’t even been mentioned as a possible factor in Tim Cook’s thinking, which is somewhat astonishing when you read these two statements from Tim Cook back-to-back. I’m also surprised I haven’t seen anyone mention this simply based on the sheer volume of stuff I’ve read about this announcement.1 It’s valuable to take a moment and put yourself in Tim Cook’s shoes. He’s in a position to guarantee the privacy and intimacy of conversations for millions of people around the world. And he’s acutely aware of how valuable that privacy might be. I find it challenging to believe that he wouldn’t have thought about it at all. By all accounts, he’s an extremely thoughtful, deliberative person, and he’s led Apple in an extremely thoughtful and deliberative fashion.
It’s also valuable to imagine yourself as Craig Federighi, Jony Ive, or anyone else in Apple’s executive leadership. You have known personally for years that Tim Cook was gay. If someone close to you comes out as a homosexual, it affects the way you think about the world. While I don’t want to in any way imply that there’s a direct, causal relationship, I simply can’t imagine that Tim Cook’s homosexuality had utterly no effect whatsoever on anyone’s position regarding privacy on iOS 8.
-
If you know of someone else who has mentioned this, please contact me so that I can give them credit. ↩