Privacy and the New Math

The funny thing about the Apple iPhone security debate is the extent to which people, even the smartest people on both sides, are so caught up in the specifics of the case that they fail to understand the greater issue. It boils down to two things and they really are quite simple:

  • Should it be our policy that citizens of any country have no privacy from their government? That’s zero privacy, as in “we trust the government to know everything possible to know about us excepting only the unexpressed thoughts in our head.”
  • Should it be our policy to remove checks and balances and allow government to operate with absolute power and zero accountability?

Framing the discussion in terms of a specific terror threat provides wonderful cover for the real issues. We focus in on the details of a single case and those details are horrifying. We have a chance to prevent commission of further atrocities and breaking the crypto on a single device achieves that. It’s immediate and intensely emotional. Big win, no downside.

But only because we choose to believe there’s no down side. Everything we know about human cognitive bias confirms that pretty much every ordinary human on the planet (and indeed chimps according to studies)…

  • Prioritizes short term over long term.
  • Vastly overestimates immediate risk and underestimates future risk.
  • Moved more by details of individual cases than by broad statistics over populations.

So it makes perfect sense that the threat of terrorism invoked in the Apple phone debate overshadows the greater and longer term issues. That doesn’t mean we should decide according to our biases though, especially considering what’s at stake.

Of course my argument assumes people understand and agree as to what’s at stake and based on my limited sampling I’d say most people would DISagree with my claims above. I assume that this is because most people don’t understand math.

When our governments talk about “the going dark problem” their proposed solution is based on an asymmetry of power. Anyone with even casual knowledge of the Internet knows that crypto has to continue to work for commerce or else the world’s economy collapses. But at the same time crypto has to be transparent for government or — to hear them tell it — the world’s economy collapses after terrorists attack all our national infrastructure targets.

  • For both of these cases to be true, math has to work differently for government than it does for everyone else.
  • Since math works the same for everyone, achieving these goals requires an asymmetry of power to enforce government’s secrecy at the point of a gun.
  • Absent of checks and balances, asymmetrical social power accumulates in positive feedback loops until it is absolute.
  • The ability to keep an expressed thought secret is one of those checks and balances that nudges the power differential toward homeostasis somewhere below Citizens 0, Government 100.
  • Breaking crypto in commercial products eliminates the ability of citizens to keep their expressed thoughts secret as well as eliminating a basic constraint on power escalation.
  • The phone is the most intimate personal data repository in widespread use on the planet.
  • If the checks and balances fail to protect the phone, the power differential is from a very practical standpoint already at 0:100.

So this isn’t about breaking a phone. It’s about breaking a system and once its broken its broken. For everyone. Because that’s how math works.

Tangential to this is the argument that cracking this one phone doesn’t compromise all the others. That too is provably false, and quite easily reasoned from first principles.

  • A security model includes not just the crypto but all of the trust anchors and controls in the system.
  • Resilience against brute force attack is a critical control in the iPhone’s security model.
  • What the US government is asking for fundamentally breaks the security model.
  • For this to be OK requires math to work differently for this phone than for all others.
  • Or for the math to work differently for government than for everyone else.
  • Since math works the same for everyone, the only effective way to keep this manufactured vulnerability contained is to preserve the power asymmetry at all costs, including escalation to a 0:100 differential if necessary. It would, after all, be a national security interest to do so and that phrase grants carte blanche.

The entire Star Wars franchise depends on our suspension of disbelief about security. When R2D2 needs to do some research, the physical data ports are compatible, the protocols are all compatible, the access is unlogged, the systems involved provide sensitive confidential details to anonymous queries, and the queries an commands are never alarmed. Even my worst consulting clients are 10x better than The Empire when it comes to security. Apparently in order to invent FTL space travel we had to wipe our collective memory of lots of mundane stuff like basic information security.

In this iPhone case the US government is requesting suspension of disbelief much greater than that which George Lucas required of us. Mainly because Lucas didn’t didn’t want to ruin the movie by asking us to believe that math works differently for the Empire than it does for the rebels.