Apple has a problem. The government is demanding it crack its own encryption and deliver data from a phone encrypted by one of the San Bernardino terrorists.
Hollywood Presbyterian also has a problem. Hackers pushed an encryption key on the hospital, through malware, and now won’t give the hospital access to its own patient files unless it pays them an enormous ransom. Vendors like MedAssets and RelayHealth McKesson have been unable to solve the problem. (On Wednesday the hospital paid the ransom.)
These are two sides of the same coin. Encryption is an arms race. Solve problems with a 40-digit key, using any technique, and those who want to keep secrets create a 256-digit key. Or a 1,024-digit key. Wash, rinse, repeat.
Ever since the Web was spun, activists have advertised this as a good thing. Encryption assures privacy. Encryption can assure security.
But it can’t, because this isn’t a one-way street. Bad guys can use the same encryption techniques used to guarantee security into a tool that destroys it. Government, in seeking greater security, thus demands encryption keys. But as Phil Zimmerman and PGP Software have demonstrated, you can also create encryption without readily-available keys. This has made Zimmerman a hero of privacy, a member of the Internet Hall of Fame, even a revered figure.
It has also enabled the Hollywood Presbyterian ransomware and given Apple an ethical dilemma which now has it appealing a valid court order and on the bad side of Donald Trump’s wrath.
Once Apple delivers a solution to the FBI for cracking encryption under a court order, however, how do you secure it? A slippery slope has been demonstrated in government rights granted under the Patriot Act, not only through the mass collection of meta-data, but government using its power to go after drug dealers, even ordinary criminals. You want to be safe, right? Yes, but safe from whom?
Once a key is available to break the Apple encryption, it is only a matter of time before technology to overcome that key is produced, which leaves us right back at the Hollywood Presbyterian problem. The difference in these cases is that the government has no throat it can choke to demand the key – vendors are just as powerless as the hospital itself, and the law enforcement agencies working to help it.
Computers remain binary. No matter how complex we make them, so that analog signals can be analyzed by them in real-time, they are not analog machines, and the key decisions we must make around them remain binary ones.
So demand the Apple keys and become absolutely subject to government. Or fight the power and leave yourself subject to ransomware.
Were this an investment story, I would probably call this a great opportunity for Palo Alto Networks, Checkpoint or Intel , but computing history says that once encryption is broken new encryption will emerge, with a longer key, and we’ll be right back where we are now.