On Tuesday, Apple’s CEO Tim Cook released an open letter explaining that Apple will oppose an order from a US judge demanding that they assist the FBI hack into an iPhone that was owned by one of the perpetrators of the San Bernadino shooting in December last year. In the letter, Cook explains that the FBI is asking them to create a modified version of iOS that would allow for encryption to be bypased, essentially creating a ‘backdoor’ into the software.
Cook notes agreeing to this order could set a dangerous precedent and could easily allow for government agencies to request that Apple build “surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.” Cook also stresses the importance and value of encryption technology saying: “For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data.”
It seems as though Apple is on the front foot regarding this issue, as evidenced by their refusal to comply with this latest court order and also by the fact that since iOS 8, all smartphone and tablet devices encrypt the users storage by default. Apple has also stopped storing encryption keys that would allow for 3rd party access. Meaning that if Apple received a warrant requesting access to a user’s data, they wouldn’t be able to decrypt the information, even if they wanted to. All fine and dandy for Apple users but what are Google and Microsoft up to?
While Google’s Android operating system does have an encryption feature, is it not turned on by default, meaning the user has to enable this feature manually. And despite the fact that Google announced with much fanfare that Lollipop OS would have this feature on by default, it appears Google has now quietly backed down from this due to the encryption causing performance issues, particularly with third party phone manufacturers. However like Apple, the encryption keys are not stored off the device itself and Google does not have access to them. It has been reported that encryption will be mandatory on Marshmallow OS.
On the Microsoft front, devices running Windows 8.1 OS also have device encryption enabled by default, however the encryption key is empty. When the user signs in with their Microsoft account, the encryption is activated and a recovery key is uploaded to Microsoft’s servers. This means that government agencies can request this information from Microsoft and they have no choice but to comply. This isn’t to say that this feature is only for this purpose. Most commonly it would be for user’s to perform an account recovery procedure if they have forgotten their password. However, even if we set aside law enforcement access, this makes the encryption less secure. Hackers can easily utilise social engineering tricks to go through the password reset process for someone else’s Microsoft account and gain access to your encrypted files.
When considering which platform is right for your business, the main points to keep in mind here can be summarised by the following questions:
– How sensitive is information stored on the device?
– What level of security and encryption is required to secure your data?
– How many people need access to sensitive data?
– Will the data need to be stored in the cloud or on physical hard drives?
– Is there a contigency plan if a device is lost or stolen?
Taking these points into consideration will allow you to make better and informed choices about which devices and operating systems are going to suit you and your business needs. For more advice or information contact us at The Mac Mechanic.