Apple's Encryption “Announcement”
Posted by Aaron Massey on 17 Nov 2014.
A couple months ago, as a part of the rollout plan for iOS 8, Apple announced a new encryption policy: devices with iOS 8 would be encrypted in such a way that only the user would have access to the information on those devices. Apple would no longer be able to access it because they would no longer store an encryption key.
This announcement made waves in the technology and technology policy communities. Shortly after Apple’s announcement, Google announced that a similar feature will be enabled by default in future versions of Android, their competitor to iOS. Within a month, FBI Director James Comey blasted these decisions and called on Congress to prevent the FBI from “going dark” by requiring these companies provide access to law enforcement. The second major crypto war has officially begun. Great posts on both sides of this debate are available wherever technology punditry is sold.
Most recently, like within the last few hours, the New America Foundation’s Open Technology Institute hosted a debate on this topic featuring former FBI General Counsel Andrew Weissmann arguing in favor of law enforcement and former White House tech policy adviser Peter Swire arguing in favor of strong encryption.
Though Weissmann and Swire took opposite sides of the debate, they both agreed on one thing: Apple’s announcement was inartfully worded. In essence, they felt it was a bit too direct and perhaps needlessly aggressive regarding requests from law enforcement. I disagree. Apple’s announcement was very carefully crafted, and it fits deeply within Apple’s company culture and history.
I’m going to walk through a couple of sections of the statement, but if you want to read the message from Tim Cook of the section on government information requests before continuing, that would be better. (I don’t want anything taken out of context, but I’m not going to quote the whole statement.)
On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.
The next thing to notice is that the policy starts with a “A message from Tim Cook.” Some of my favorite Apple commentators compared this statement to Steve Job’s Thoughts on Flash, and it’s an apt comparison. Both statements read more like personal messages than corporate press releases. This is intentional. Corporate press releases are bland, soulless pieces of writing that will drain the passion from not only a customer base but perhaps more importantly the company’s employees. Both messages also provide a business case for Apple’s actions, and they are similar in their aggressive stance against their competitors. Here’s Steve Jobs taking a shot at Adobe:
Flash was created during the PC era – for PCs and mice. Flash is a successful business for Adobe, and we can understand why they want to push it beyond PCs. But the mobile era is about low power devices, touch interfaces and open web standards – all areas where Flash falls short.
The avalanche of media outlets offering their content for Apple’s mobile devices demonstrates that Flash is no longer necessary to watch video or consume any kind of web content. And the 250,000 apps on Apple’s App Store proves that Flash isn’t necessary for tens of thousands of developers to create graphically rich applications, including games.
Flash is no longer the dominant force for multimedia content on the web. Since Steve Jobs posted his “Thoughts on Flash,” HTML5 took off like a rocket, and Flash has steadily declined in both influence and install base.
Now here’s Tim Cook taking a shot a Google:
A few years ago, users of Internet services began to realize that when an online service is free, you’re not the customer. You’re the product. But at Apple, we believe a great customer experience shouldn’t come at the expense of your privacy.
Our business model is very straightforward: We sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t “monetize” the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple.
Don’t forget that shortly after this statement went live Google announced, in classic little-brother-me-too fashion that they were enabling encryption by default on Android. Apple’s statements on encryption in iOS 8 were not inartfully worded; they were worded exactly the way Apple wanted them worded.
Finally, I want to mention something that is perhaps controversial. I don’t believe that what I’m about to mention is necessary to come to the conclusion that Apple’s statements were very carefully worded or that they accurately represent the company’s position. Still, I want to mention this because it’s too plausible and too compelling an explanation to omit altogether.
Now, I don’t think there’s a direct, causal connection to these announcements. I know Cook didn’t decide on a spur of the moment to publicly come out as gay right after Comey’s plea to Congress. However, Tim Cook’s experience growing up and living as a homosexual affects his worldview. How could it not? He believes he has a societal responsibility as a public homosexual. Here’s how he puts it in his essay:
I believe deeply in the words of Dr. Martin Luther King, who said: “Life’s most persistent and urgent question is, ‘What are you doing for others?’ ” I often challenge myself with that question, and I’ve come to realize that my desire for personal privacy has been holding me back from doing something more important. That’s what has led me to today.
For years, I’ve been open with many people about my sexual orientation. Plenty of colleagues at Apple know I’m gay, and it doesn’t seem to make a difference in the way they treat me. Of course, I’ve had the good fortune to work at a company that loves creativity and innovation and knows it can only flourish when you embrace people’s differences. Not everyone is so lucky.
There are countries in the world today where homosexuality is illegal. There are cultures, including in parts of the United States, where homosexuality is an anathema. This changes the nature of a government request for information. If Tim Cook was thinking about publicly announcing his homosexuality and also thinking about updating Apple’s encryption policies around the same time frame, then that would go a long way to explaining why this was something that Apple chose to do now.
I don’t want to draw a direct conclusion about this, but it hasn’t even been mentioned as a possible factor in Tim Cook’s thinking, which is somewhat astonishing when you read these two statements from Tim Cook back-to-back. I’m also surprised I haven’t seen anyone mention this simply based on the sheer volume of stuff I’ve read about this announcement.1 It’s valuable to take a moment and put yourself in Tim Cook’s shoes. He’s in a position to guarantee the privacy and intimacy of conversations for millions of people around the world. And he’s acutely aware of how valuable that privacy might be. I find it challenging to believe that he wouldn’t have thought about it at all. By all accounts, he’s an extremely thoughtful, deliberative person, and he’s led Apple in an extremely thoughtful and deliberative fashion.
It’s also valuable to imagine yourself as Craig Federighi, Jony Ive, or anyone else in Apple’s executive leadership. You have known personally for years that Tim Cook was gay. If someone close to you comes out as a homosexual, it affects the way you think about the world. While I don’t want to in any way imply that there’s a direct, causal relationship, I simply can’t imagine that Tim Cook’s homosexuality had utterly no effect whatsoever on anyone’s position regarding privacy on iOS 8.
If you know of someone else who has mentioned this, please contact me so that I can give them credit. ↩