Can of Worms? – Apple Updates Security
Apple (AAPL) has been a leader in promoting customer privacy and back in 2014 moved from a security system that had a master key to one where a user passcode was combined with a unique encrypted key that was not accessible to Apple. The thought was that this would remove Apple form situations where the previous master key was being requested by local or governmental authorities to unlock phones owned by lawbreakers, terrorists, or serious felons. By championing privacy, the company hoped to sidestep controversies involving the collection of private data by the government, such as those leaked by Edward Snowden, and moved the responsibility for personal data security to the consumer who became the responsible party for individual data security.
Apple has made continued improvements to its personal information security over the years and the controversies flared again during the early days of the COVID-19 pandemic when health officials wanted to use Apple devices for contract tracing, particularly location data, which was again refused by Apple. In recent months Apple has added options such as ‘lockdown mode’, which can be implemented if a user suspects that his data security has been compromised. The system limits areas where attacks might occur, blocking many functions, particularly shared functions, to limit access from outside penetration.
Apple has just added a number of new security functions, some of which are for those in sensitive positions, such as journalists, politicians, or other government officials, but all can be implemented if a user wants another layer of security.
Apple is right in assuming that corporations should not be the ones making personal security decisions, but at the same time, putting it in the hands of the government is not a wonderful alternative, and while personal data and information security should be controlled by the user, it is easy to see how that can also be abused. We certainly don’t have the answer, but this battle is really over the value of individual rights and that has been an ongoing question in the US since way before 1776 so a few moves by Apple are unfortunately not going to answer any questions or change minds, but they should make users more cognizant of how their personal data is stored, if nothing else.
Apple has made continued improvements to its personal information security over the years and the controversies flared again during the early days of the COVID-19 pandemic when health officials wanted to use Apple devices for contract tracing, particularly location data, which was again refused by Apple. In recent months Apple has added options such as ‘lockdown mode’, which can be implemented if a user suspects that his data security has been compromised. The system limits areas where attacks might occur, blocking many functions, particularly shared functions, to limit access from outside penetration.
Apple has just added a number of new security functions, some of which are for those in sensitive positions, such as journalists, politicians, or other government officials, but all can be implemented if a user wants another layer of security.
- Message Contact Key Verification – This option automatically alerts the user if an ‘adversary’ breeches cloud servers, even though the server data is encrypted. The service can also be used to verify a contact code through a 2nd secure call, in order to make sure the primary contact is valid.
- Security keys for Apple IDs – This service adds 3rd party hardware to the 2 factor authentication already in place, to ensure that an attacker who is able to phish the 2 factor security, will face an additional hardware device, such as a plug-in fob or NFC device held by the user that would be impossible to phish unless physically stolen.
- Advanced data protection for iCloud – Apple adds end-to-end encryption to nine more categories of data stored on iCloud servers, including device backups, message backups, notes, photos, and voice memos, as a default, but there are still a number of iCloud storage types that are not fully encrypted. iCloud mail, contacts, and calendars are not fully encrypted as they need to operate with global systems that would not be able to work through such security protocols.
Apple is right in assuming that corporations should not be the ones making personal security decisions, but at the same time, putting it in the hands of the government is not a wonderful alternative, and while personal data and information security should be controlled by the user, it is easy to see how that can also be abused. We certainly don’t have the answer, but this battle is really over the value of individual rights and that has been an ongoing question in the US since way before 1776 so a few moves by Apple are unfortunately not going to answer any questions or change minds, but they should make users more cognizant of how their personal data is stored, if nothing else.
RSS Feed