security

LawKit: How Apple Can Engineer A Secure Legal Backdoor
LawKit: How Apple Can Engineer A Secure Legal Backdoor 1024 519 Raymond Blijd

In my previous post, I pleaded my case why creating a backdoor would be fair. I suggested a solution to Apple’s predicament: hire legal engineers to build ethic’s into the iOS platform. Here’s an explanation how legal engineers would approach creating a secure and fair system to handle requests for access.

Trias Politica

In 1748, Baron de Montesquieu published:  The Spirit of the Laws. He described the separation of political power among a legislature, an executive, and a judiciary. The moral of the story: there needs to be a Separation of Powers to balance and create a fair society. Fast forward to now: in our current legal construct, the balancing of powers reside with the courts: a hopelessly archaic system where 18th-century laws can still rule.

From Courts to Code

The two most common types of judiciary systems are Judge or Jury. Both are extremely limited and thus flawed in the sense that they rely on just one or a few minds to determine justice. Now, with modern technology (and some ingenuity) this power can be separated and distributed to more minds and systems.

On slide 22 in the Future of Law deck, I provided the eBay example: 60 million disputes each year being settled by their built-in Online Dispute Resolution platform. If we count Alibaba, it would not surprise me if that number would triple. Google received over 100.000 requests for user data or accounts from governments last year. In addition, they also received 74 million copyrights removal request just last month as published in its Transparency report.

In order to manage these unprecedented numbers, most online service providers include arbitration clauses in their terms of service. The fairness is debatable but the principle remains: the digital realm is inconspicuously moving away from the traditional institutions and towards a more open distributed form of justice.

 

Apple

Now that Apple clashed with a judicial opinion from a single soul, it may want to consider how its products balance fairness. Here’s the main issue: Apple is perceived to be having the power to unlock an iPhone, whereas Apple has engineered the iPhone in such a way that it does NOT have that power. This perception should change and Apple needs to clearly separate that power. With a simple technical shift: when the User is incapacitated, a Crowd, not Apple, must have the power to decide to provide levels of access.

Apple has already provided levels of access to the iPhone that do not need the user’s fingerprint or passcode: Calendar, Reminders, and Notifications are accessible on your locked screen. You can even use it as a normal phone and make emergency calls.

By simply extending this design, Apple can provide emergency access to various levels of data.

Emergency Access

Here it gets tricky so stick with me: When tapping on the emergency button in lock screen mode, you could make a call or request emergency access. When you request Emergency Location Data you are presented with a choice:

  1. Missing Relative
  2. Law Enforcement

As a relative, you can retrieve location data from your loved ones if they have set you up as an emergency contact. Law enforcement request is handled differently. Requests are deposited in a distributed network of 20.000 randomly selected iOS users. They would then need to review your request and vote on giving access.

Why 20.000? Again, brighter minds must prevail but I’m assuming it is representative sample set which can make a fair judgement. It may prove to be statistically better than an experienced panel of judges or 12 random strangers.

The tricky part is how to relay your emergency request to 20.000 users in such a manner that they would be able to clearly and consciously judge a request?

The randomly selected users come from a pool of users that opt into the system just like jury duty. The vetting process would be similar to the way Uber drivers are vetted or how apps are approved in the App store.

The most difficult part is proving your request is legitimate but that is where technologies like Blockchain may assist. Touch ID, Family Sharing, Find my Friends also come to mind for assisting the validation process.

Law Kit

Is this system unique for Apple? Well actually, they already hired ‘Health Engineers’ to help set up a similar system called Health Kit: a platform where users can safely and securely donate sensitive and personal health metrics via iOS. It has been an unprecedented success and probably saved countless lives. Apple has all the ingredients and experience to create a similar framework on top of iOS. Law Kit would help Apple achieve 3 goals:

  • Separation
  • Transparency
  • FairnessLawKit-text

Separation + Transparency = Fairness

If Apple implements LawKit, it can separate the power to police from the core of iOS. It can, therefore, comply with any number of requests, at any scale and distribute these accordingly. By using its large user base as a judiciary system, Apple can provide a level of unprecedented transparency. It will need some getting used to and may even require some legislation to back it up. But in all fairness, no one conglomerate can wield this much power without it becoming maleficent.

Ultimately, it may prove to be good business if Apple helps me Find my Angel, not just their iPhone.

Apple’s Backdoor is Unlawful…with One Exception & One Solution
Apple’s Backdoor is Unlawful…with One Exception & One Solution 1024 576 Raymond Blijd

I was quick to condemn the courts forcing Apple to create a backdoor. I couldn’t imagine any situation where it would be justified…or maybe I could?


Yesterday I drove home thinking: there really are no legitimate circumstances where this judgement could stand. And many are siding with Apple but one provided a balanced response which gave me pause:

 

Exception

It suddenly flashed through my mind that there may be one exception: If one of my little girls had gone missing and her iPhone contained the only clue to her whereabouts. Let me first pray 🙏🏽  and knock on wood ✊🏽 that it will never happen. But if it did, I would move heaven and earth … and most likely beg Apple to unlock her phone.

I’m a big proponent of privacy because it creates trust. When Apple introduced Touch ID, I was hoping for the end of password tyranny and the dawn of a more considerate and secure digital age. Any large institution, with the power to invade my privacy at any given time, must honor my basic human rights.

That’s easy to say when it is just my life. Amber alerts set a precedent that gave authorities extraordinary powers including the ability to send everyone’s an SMS, even if their number was private. It might be worth considering alternate ways to provide access to, at the very least, loved ones to retrieve critical information under certain conditions.

Solution

In his Message to customers, Apple’s CEO Tim Cook eloquently explains why their smartest engineers designed security into the iPhone. In that same spirit and passion, I hope Apple have Legal engineers design ways to resolve ethical issues into its products. Coding security is possible, now let us give morality encryption a try.  Inevitably, the Future of Law should have us moving from Courts to Code and Apple can lead the way.

I hope brighter minds than mine will ponder and prevail in this dilemma. So while Apple’s backdoor may seem unlawful, having no exception will feel as awful.

Meanwhile, I’ll work on creating enough trust between me and my angels, that they’ll let me know their password.

The Power of Privacy and The Value of Confidentiality
The Power of Privacy and The Value of Confidentiality 453 276 Raymond Blijd

Google’s Vint Cerf, who is recognized as one of “the fathers of the Internet,” stated “Privacy May Be An Anomaly.” Historically, he is right in some context. We used to bathe in the open and wore less and more revealing clothes in the past. Some won’t mind going back to those days but ever since humans acquired the ability to communicate it always had the option to do it in private. Moreover, confidentiality is the corner-stone of several business sectors such as Health, Legal and Finance. So the question is: as a professional, who will you trust?

 

Privacy

Snapchat – a service that provides self destruct photo messaging – turned down a reported$3 billion offer from Facebook. Whatsapp claims to have more users than Twitter and handles more messages than Facebook. Bear in mind that Twitter and Facebook are free and Whatsapp is not*. In Asia, Wechat and QQ combined rule the messaging airwaves with more than a billion users. All these social messaging services enable users to communicate much in the same way we use email and SMS. Better yet, social messaging challenges the connections we make by phone, email or SMS. A recent study by industry-analysts Informa indicated that by the end of 2013 OTT (Over The Top) messaging traffic should be twice that of traditional SMS texts, topping out at around 41 billion messages sent every day (compared to 19.5 billion sent via SMS). More importantly: I believe services like Snapchat are popular because they simulate a sense of privacy traditional communication use to provide.

 

trust3Confidentiality

One might suspect that the push for more privacy is driven by an older more conservative demographic. Actually, it is quite the opposite. Recent studies revealed teens are fleeing social networks while elders, the only growing group, are encouraging them to stay on and broadcast. So if those who share scatter, but the spectators multiply, it is likely that privacy backlash will lead a ‘Trust Revolution’. This is already evident in the legal industry were legal tech experts predict ‘security awareness’ to be among the top priorities for law firms in 2014. To be specific: maintaining confidentiality of client information will be the top priority for law firms according to this article. This is especially more pertinent where professionals rush to the clouds out of convenience. Thus the question is: who can you trust?

Trust

In a previous post, I touched upon Apple’s fingerprint technology as a valuable breakthrough which might have far-reaching implications in how we communicate. Imagine securing not only your phone but all your documents with a fingerprint instead of passwords orproperly identify parties you communicate with and have them sign with their hands instead of a John Hancock. While I’m truly grateful I’m still hesitant to completely place my faith in any one company that either needs to lock me in or lure me to reveal information for ads. Free is very attractive but my soul is priceless and I value a whisper among the trees as much as shouting from the rooftop. As a legal professional, I can imagine doing business with a company that understands my needs. As a Wolters Kluwer employee, I will always strive to secure the trust our customers place in us.

 

*Whatsapp is a subscription service.