It’s common for security experts to regard themselves as necessary critics, guardians against malpractice, and raisers of worst-case scenarios. While there is a very present fear of insecurity these days, it’s rare that we celebrate security. But on the tenth anniversary of a revolutionary technology, we’d like to do just that: happy birthday to the iPhone, first released in June 2007.
Ten years ago, a computer was something that hurt your foot if you accidentally dropped it. Mobile phones were devices that were chiefly used for making phone calls. Today, the idea that we can’t use these palm-sized pocket computers to command all our digital communications, and also as a camera, games console, torch, and a hundred other things, is quite unthinkable.
There is no such thing as complete security, and the iPhone is not perfect. Like many other technologies, the iPhone’s security relies on a user’s ability to choose and protect a strong password, which is a pragmatic rather than ideal basis for security. Researchers have also uncovered weaknesses in the protection of messages stored on the iPhone. Nonetheless, in an era when the rush to market has resulted in far too many insecure technologies, the iPhone stands out as an exemplar for how it’s possible to do things right.
A benevolent dictatorship
The internet, in case you hadn’t noticed yet, can be a dangerous place. Apple has often been criticised for its restrictions on what programs its users can and cannot load onto an iPhone. Users are required to download apps from the well-marshalled Apple App Store, which provides a secure gated compound within which software has been scrutinised by Apple before being made available for download.
While this may be seen as nannying, in a world of ruthless ransomware and untold other malicious programs that can ruin both our computers, our bank accounts, and even our lives – what’s wrong with a benign governess? The Android app store by comparison allows users to install any software of their choice, not all of which has been closely inspected for vulnerabilities or malicious intent.
Getting cryptography right
The iPhone makes extensive use of state-of-the-art cryptography to protect data on the device. Cryptography provides mathematical tools to ensure secret data is kept secret, ensuring data is not maliciously altered or deleted, and identifies the source of data. Cryptography is easy to get wrong when used in a computer, but the iPhone mostly gets cryptography right. Everything from photos, messages, email and app data is protected using strong cryptography. The iPhone also supports innovative applications of cryptography, such as the contactless payment system ApplePay.
Cryptography relies on cryptographic keys, which are secret components critical to providing secure services, and security. Many of the spectacular past failures of security technology, for example the infamous Diginotar hack, have resulted from careless management of keys. There is no point, after all, in using the best lock to lock your front door, only to leave the key under the doormat. The iPhone has a secure hardware vault known as the Secure Enclave within which its critical keys are safely stored. In fact the keys are so safe that they are inaccessible even to Apple or any other companies involved in manufacturing iPhones.
Standing up for privacy
Which brings us to the matter of Apple’s skirmish with the FBI. Apple has been at the forefront of a much wider and more fundamental debate about security and privacy on the internet.
In one corner stand national security agencies and law enforcement. They have been demanding the means to access data secured on mobile phones, including encrypted messaging services like WhatsApp and emails, in order to defend the realm. In the other corner stand proponents of digital freedom. They argue that building “backdoors” into strong encryption even for legitimate use by investigators would become a potential weakness for cybercriminals to exploit.
Apple has not shied away from taking a strong stance in favour of privacy. Apple does not know the keys on your iPhone, or the PIN needed to unlock it, by design. That protects you from Apple, just as much as it prevents Apple handing them over to law enforcement. The iPhone was designed to be secure, so why make it insecure just because bad guys sometimes use them?
Keith Martin, Professor, Information Security Group, Royal Holloway and Kenny Paterson, Professor of Information Security, Royal Holloway
This article was originally published on The Conversation. Read the original article.
To read the full story, Subscribe Now at just Rs 249 a month
Already a subscriber? Log in
Subscribe To BS Premium
₹249
Renews automatically
₹1699₹1999
Opt for auto renewal and save Rs. 300 Renews automatically
₹1999
What you get on BS Premium?
- Unlock 30+ premium stories daily hand-picked by our editors, across devices on browser and app.
- Pick your 5 favourite companies, get a daily email with all news updates on them.
- Full access to our intuitive epaper - clip, save, share articles from any device; newspaper archives from 2006.
- Preferential invites to Business Standard events.
- Curated newsletters on markets, personal finance, policy & politics, start-ups, technology, and more.
Need More Information - write to us at assist@bsmail.in