Apple’s Stance on Encryption Puts It on an Inevitable Collision Course

David Sparks, commenting on the FBI’s latest challenge to encryption:

I sympathize with law enforcement for wanting access to this data. I worked briefly in the criminal justice system and I know how maddening it would be to know you have a magic envelope with evidence in it and no way to open that envelope. I just think the sacrifice involved with creating a back door is too much to ask.

I do think this discussion isn’t over though. Apple sells into a lot of countries. Any one of them could require they install a back door as a condition of access to the market. Apple’s principals are on a collision course with a massive loss of income. Is it just a question of time before governmental regulation and market pressures make this period of time, where all citizens have relatively secured data and communications, only a temporary phase? I sure hope not.

Apple has proved itself somewhat amenable to compromise. It stores iCloud data for Chinese and Russian users on servers located in those countries. In the case of China, the data centre provider is a state-run company. Apple maintains that it holds the encryption keys, that it won’t disclose user data without legal authorization, and that the governments of both countries have no way of getting users’ data without going through legal proceedings. But, still, the legal systems of both countries are notoriously favourable to authoritarian policies, so it’s hard not to assume that Apple’s control is anything greater than theoretical.

Notably, both China and Russia have extreme restrictions on end-to-end encryption. In Russia, telecom and software companies are required to retain messages and encryption data for months; but, as Telegram offers messaging that’s encrypted end-to-end, they have no encryption keys to retain, resulting in its ban in the country. A similar law recently came into effect in China. Yet, iMessage remains available in both countries and, presumably, Apple has made no concessions on its end-to-end encryption. In 2018, meanwhile, the Australian government passed a law requiring tech companies to assist in decrypting users’ data. Apple has continued to sell products and services encrypted by default in all three countries.

Sparks is right: there will come a time that Apple will need to choose whether it will stand behind strong privacy and security, or if the monetary cost of doing so is simply too high.