LawKit: How Apple Can Engineer A Secure Legal Backdoor
In my previous post, I pleaded my case why creating a backdoor would be fair. I suggested a solution to Apple’s predicament: hire legal engineers to build ethic’s into the iOS platform. Here’s an explanation how legal engineers would approach creating a secure and fair system to handle requests for access.
In 1748, Baron de Montesquieu published: The Spirit of the Laws. He described the separation of political power among a legislature, an executive, and a judiciary. The moral of the story: there needs to be a Separation of Powers to balance and create a fair society. Fast forward to now: in our current legal construct, the balancing of powers reside with the courts: a hopelessly archaic system where 18th-century laws can still rule.
From Courts to Code
The two most common types of judiciary systems are Judge or Jury. Both are extremely limited and thus flawed in the sense that they rely on just one or a few minds to determine justice. Now, with modern technology (and some ingenuity) this power can be separated and distributed to more minds and systems.
On slide 22 in the Future of Law deck, I provided the eBay example: 60 million disputes each year being settled by their built-in Online Dispute Resolution platform. If we count Alibaba, it would not surprise me if that number would triple. Google received over 100.000 requests for user data or accounts from governments last year. In addition, they also received 74 million copyrights removal request just last month as published in its Transparency report.
In order to manage these unprecedented numbers, most online service providers include arbitration clauses in their terms of service. The fairness is debatable but the principle remains: the digital realm is inconspicuously moving away from the traditional institutions and towards a more open distributed form of justice.
Now that Apple clashed with a judicial opinion from a single soul, it may want to consider how its products balance fairness. Here’s the main issue: Apple is perceived to be having the power to unlock an iPhone, whereas Apple has engineered the iPhone in such a way that it does NOT have that power. This perception should change and Apple needs to clearly separate that power. With a simple technical shift: when the User is incapacitated, a Crowd, not Apple, must have the power to decide to provide levels of access.
Apple has already provided levels of access to the iPhone that do not need the user’s fingerprint or passcode: Calendar, Reminders and Notifications are accessible on your locked screen. You can even use it as a normal phone and make emergency calls.
By simply extending this design, Apple can provide emergency access to various levels of data.
Here it gets tricky so stick with me: When tapping on the emergency button in lock screen mode, you could make a call or request emergency access. When you request Emergency Location Data you are presented with a choice:
- Missing Relative
- Law Enforcement
As a relative, you can retrieve location data from your loved ones if they have set you up as an emergency contact. Law enforcement request is handled differently. Requests are deposited in a distributed network of 20.000 randomly selected iOS users. They would then need to review your request and vote on giving access.
Why 20.000? Again, brighter minds must prevail but I’m assuming it is representative sample set which can make a fair judgement. It may prove to be statistically better than an experienced panel of judges or 12 random strangers.
The tricky part is how to relay your emergency request to 20.000 users in such a manner that they would be able to clearly and consciously judge a request?
The randomly selected users come from a pool of users that opt into the system just like jury duty. The vetting process would be similar to the way Uber drivers are vetted or how apps are approved in the App store.
The most difficult part is proving your request is legitimate but that is where technologies like Blockchain may assist. Touch ID, Family Sharing, Find my Friends also come to mind for assisting the validation process.
Is this system unique for Apple? Well actually, they already hired ‘Health Engineers’ to help set up a similar system called Health Kit: a platform where users can safely and securely donate sensitive and personal health metrics via iOS. It has been an unprecedented success and probably saved countless lives. Apple has all the ingredients and experience to create a similar framework on top of iOS. Law Kit would help Apple achieve 3 goals:
Separation + Transparency = Fairness
If Apple implements LawKit, it can separate the power to police from the core of iOS. It can, therefore, comply with any number of requests, at any scale and distribute these accordingly. By using its large user base as a judiciary system, Apple can provide a level of unprecedented transparency. It will need some getting used to and may even require some legislation to back it up. But in all fairness, no one conglomerate can wield this much power without it becoming maleficent.
Originally published at www.legalcomplex.com on February 24, 2016.