| | | Effective PR

USA v Apple: the core of the argument

Publication: 
Nigel Morris-Co...
chiefofficersnet

Much political capital is being made of the USA's dispute with Apple over encryption of its iPhone and of Google's support for Apple. But the fact is that we've all got peel in this game and the arguments on both sides are insufficiently made.

There is a significant issue with the iGeneration: it's not that it has a short collective memory, it's that it's too young to remember much that is of signal importance in the world of technology. But they are not that young: according to AdWeek (1) in the USA in 2011 the average iPhone user would be more than 35 years while the average Android user would be 18 to 24 years. Why? Without empiracal data, there are two things that may account for this. First, the significant difference in price between iPhones and Android devices. While substantial today (ignoring the egotistical pricing of Samsung), the difference was even more marked 5 years ago. Secondly, 2011 was in the middle of the spat of Apple v The World on the basis of what Apple called its EcoSystem and the rest of the world called the "walled garden." Using Android was an act of rebellion. Windows Phone then, as now, was so far behind as to barely qualify as an also ran and Blackberry was not quite ready to fall into the pit that it has struggled to climb out of. Even Symbian was ahead of Windows, it appears. There was another interesting figure, which may feed back into the pricing point: 37% of Apple users had a degree. 80% of Android users finished high school but did not go onto university.

However, speaking with those who left Apple to go to Android in the following few months, they universally quoted one thing: Apple, and especially iTunes, was too restrictive. In short, being locked into Apple's encryption system was a problem not a solution.

But Apple's encryption system was not universally unpopular. In 2012, several US government departments and agencies migrated, on mass, from Blackberry to iPhone. The attraction of Blackberry to US government agencies was its secure communications, including encryption of messages and even images. As ordinary BBM users found the automatic encryption of files made communicating outside the BBM network difficult, the US Government found that the system provided it with a global infrastructure for secure communications - even the CIA routinely used BBM.

But the use of BBM in cases of civil unrest in the Middle East and in the UK brought the system into conflict with governments. No such mass misbehaviour hit the USA so it paid little or no attention. However, a crash of the BBM server network in October 2011 was widely reported as having sent shock-waves through the US Civil Service: in particular the Secret Service found that its messaging for protecting the President went down - and there was no immediate Plan B.

By late 2012 a substantial number of operations personnel across the US government were re-equipped - with iPhones. A year after the crash, more than 17,000 Immigration and Customs Enforcement Agency staff were waiting for their polished new Apples (2)

Telling amongst the reasons that Infoworld.Com found amongst the US Government's documents relating to the decision were what the newspaper called "Apple's strict control of the hardware platform and operating system, independent of the telecommunication service provider, provides ICE, the principal investigative arm of the Department of Homeland Security, with the greatest degree of control and management to ensure reliable services to its mission users." The rest of the document seeks to focus on the commercial viablilty of the providers seemingly oblivious to the fact that the US Government was making a self-fulfiling prophesy.

But there was another reason, not widely recognised and certainly not made widely public behind the US Government's decision: BBM was under attack by governments in the Middle East: In August 2010, Saudi Arabi and The UAE (which includes, amongst others, Dubai and Abu Dhabi) announced that they would block access to the secure, encrypted BBM network.

The BBC reported (3) "Abdulrahman Mazi, a board member of state-controlled Saudi Telecom, has admitted that the decision is intended to put pressure on Blackberry's Canadian owner, Research in Motion (RIM), to release data from users' communications "when needed". The UAE's telecoms regulator, TRA, said the lack of compliance with local laws raised "judicial, social and national security concerns"."

Although there was some watering down of the initial proposals, and the calls for all new Blackberries sold in the region to have a special operating system which did not have access to secure and encrypted messages, the shock waves from the threats were palpable. When governments such as Indonesia, where BBM had (and still has) a huge market penetration primarily because of reliability, made similar calls for access, there was a noteable turning away from Blackberry which was already under a cloud after it was discovered that the government of the UAE had attempted to push and to install spyware onto Blackberries connected to Telcos in its jurisdiction. News that India was planning an outright ban if Blackberry did not allow access to data was a further blow to Blackberry.

From a US government perspective, the last thing it wanted was Middle Eastern or Indian agents gaining access to their phone traffic. And they would have more leverage over a US headquartered company than over the Canadian Research in Motion which renamed itself RIM.

The USA was surprisingly quiet about these arguments: it did not jump up and proclaim freedom. Nor did it raise any public fuss when the UK Government shut down the BBM service during widespread riots in late summer 2011. MI5, the domestic security service, was given the task of hacking into BBM to identify those primarily responsible for the flash-mob like riots that engulfed parts of England. The arguments rumble on, most recently in Pakistan (4) where brinkmanship resulted in Blackberry announcing, then rescinding, a decision to cease operations in the country.

Now the US government is trying to bit its own bum. Cyrus Vance, the Manhattan District Attorney has weighed in heavily: he considers that encrypted messages should not be in the hands of anyone other than law enforcement, or so it appears from his frequent and increasingly strident tweets on this subject.

Vance published the following graphic:

What it shows is clear. What it does not show is the total number of phones included in the survey relative to the number of phones that did not have encryption nor does it show the number of phones use by criminals compared to the total number of phones in use. In short, the data is selective in order to present a shocking but misleading impression of the importance of phones in crime. Note, in particular, that by far the largest group of offences are financial crimes and the next are drugs related.

A long battle against encryption

This is not the US Government's first fight against encryption. Those that don't remember the early days of the smartphone will not, for sure, remember the early days of the internet. Then we were all engaged in a different battle over encryption. Then it was Microsoft, and other US software houses that found themselves before various Committees justifying their actions. The USA imposed a blanket ban on "strong encryption" which, as is the way of things, was nowhere near as strong as the encryption we have today. Microsoft found that it was to be in breach of the rules by exporting its then version of - wait for this - Internet Explorer. The authors of PGP read the law and realised that the ban related to the electronic export and so they printed out their entire code, mailed it out of the USA, and someone re-keyed it. Only the French complained.

Everyone, including the USA and France, has more or less given up the fight against encryption on the 'net. The question arises, to what extent is the USA's action against Apple an attempt to re-open that issue by pushing against another door?

Conclusions

There are no conclusions to be drawn from the above as to who is right and who is wrong: that's an argument for another day. It is however important to understand that there is a context that has, so far, been largely ignored.

In the meantime, the UK is taking a different approach in its Investigatory Powers Bill. It takes the question of whether a warrant is required out of the equation by making it clear that law enforcement will be entitled to access to secure data. The warrant would still be needed but the principle of whether such a warrant should be available will be settled in primary legislation. That's a sensible course of action, in so many ways. But in a global world, it's hard to see how it will work.

(1) http://www.adweek.com/socialti...
(2) http://www.infoworld.com/artic...
(3) http://www.bbc.com/news/world-...
(4) http://blogs.blackberry.com/20...

Nigel Morris-Cotterill is Head, The Anti Money Laundering Network, ultimate owner of Vortex Centrum Limited, and is author of Cleaning up the 'Net the first end to end review of methods designed to combat the use and abuse of the internet for criminal purposes.