If you feel like we’ve been here before, it’s because
we have. Back in 2016, the FBI wanted Apple to
unlock a phone belonging to the San Bernardino
shooter; Apple declined to help, as doing so would
have potentially compromised the security of all of its
devices. Eventually, the bureau sought help from an
Israeli-based cybersecurity firm who was able to hack
into phone in question.
Leaving aside the dangers inherent in the creation of
back doors into the technology we all rely upon, I think
this is as good a time as any for Apple to double down
on its (already pretty solid) security focus. Because
when it comes to digital information and our devices,
what we need is not less security, but more.It’s MIME time
Apple has long touted the end-to-end encryption of
its iMessage and FaceTime systems, but when it comes
to email, the company hasn’t made any commensurate
moves. Apple’s iCloud security overview states that
though traffic between your Apple devices and the
iCloud Mail system is encrypted, the data stored on
the mail server is not encrypted, which the company
describes as “consistent with standard industry
practice”. And, of course, when your email message
goes out to a recipient, the security is only as strong
as the weakest link in the chain.
With social media, Slack, and other messaging
apps, we might feel like we’re over email, but the fact
remains that so much of our online lives still rely on
it. Beyond just communicating with people, tools like
password resets, user accounts, and other means ofIfyoufeellikewe’vebeenherebefore,it’sbecause
wehave.Backin2016,theFBIwantedAppleto
unlockaphonebelongingtotheSanBernardino
shooter;Appledeclinedtohelp,asdoingsowould
havepotentiallycompromisedthesecurityofallofits
devices.Eventually,thebureausoughthelpfroman
Israeli-basedcybersecurityfirmwhowasabletohack
intophoneinquestion.
Leavingasidethedangersinherentinthecreationof
backdoorsintothetechnologyweallrelyupon,Ithink
thisisasgoodatimeasanyforAppletodoubledown
onits(alreadyprettysolid)securityfocus.Because
whenitcomestodigitalinformationandourdevices,
whatweneedisnotlesssecurity,butmore.
It’s MIMEtime
Applehaslongtoutedtheend-to-endencryptionof
itsiMessageandFaceTimesystems,butwhenitcomes
toemail,thecompanyhasn’tmadeanycommensurate
moves.Apple’siCloudsecurityoverviewstatesthat
thoughtrafficbetweenyourAppledevicesandthe
iCloudMailsystemisencrypted,thedatastoredon
themailserverisnotencrypted,whichthecompany
describesas“consistentwithstandardindustry
practice”.And,ofcourse,whenyouremailmessage
goesouttoarecipient,thesecurityisonlyasstrong
as theweakestlinkinthechain.
Withsocialmedia,Slack,andothermessaging
apps,wemightfeellikewe’reoveremail,butthefact
remainsthatsomuchofouronlinelivesstillrelyon
it.Beyondjustcommunicatingwithpeople,toolslike
passwordresets,useraccounts,andothermeansof