As Apple caves in on data protection, what price are we prepared to pay for global security?
When Apple announced this afternoon that it was caving in to British government demands to remove its highest-level security tool from UK customers’ devices, the announcement sent shockwaves through the international data community.
Apple’s Advanced Data Protection (ADP) has always been a key selling-point in Apple’s global marketing strategy. It enabled customers to encrypt their items and information on Apple’s iCloud virtual storage service in a manner that even Apple couldn’t access.
As early as 2015 Apple had been facing off attempts from the UK to gain access to its customers’ data. In November that year Apple contributed eight pages of written evidence to a proposed Investigatory Powers Bill that was intended to replace the 2000 Regulation of Investigatory Powers (RIP) Act, which many in global security considered to have become hopelessly outdated in the face of advances in the field of cyber-security and hacking.
A year before Prime Minister David Cameron had flagged up in parliament that a government incursion on protected public data was coming, when he said he did not want there to be “a means of communication … that we are not able to intercept”. The remark came in a number of answers he gave during a lengthy afternoon discussion in the House of Commons on 25th November 2014, in response to questions raised by members about the House of Commons Intelligence and Security Committee report into the murder of Royal Regiment of Fusiliers soldier Lee Rigby, which had just been published that morning.
On the afternoon of 22 May 2013, Rigby was attacked and hacked to death by Islamist terrorists near the Royal Artillery Barracks in Woolwich, southeast London. He was off duty and walking down the street when the appalling attack happened, which caused understandable public outrage.
The Intelligence and Security Committee report declared that his death could not have been prevented, even though his killers had appeared in seven intelligence investigations. Needless to say deep questions were asked, and continue to be asked, about the role of the security services in this case and in particular how our security services generally access, monitor and utilise online information.
“Let me be clear that this is a very serious report,” said Mr Cameron, “and there are significant areas of concern within it. I do not want anyone to be in any doubt that there are lessons to be learned and things that need to change.”
In many respects today’s decision by Apple is one direct result of concerns raised about the digital world in the wake of Fusilier Rigby’s murder.
It’s worth reiterating that a founding principle of the Apple empire was its approach to data security. When founder Steve Jobs launched the desktop publishing industry in 1985 with his breakthrough Apple Mac computers he believed that the future of data security lay in the open and uninhibited sharing of information.
Whereas organisations like Bill Gates’ Microsoft saw increased security and data protection as the fundamental requirements of robust computer networks, Job’s realised early on that any security programme created by human hand could be broken into, and the creation of ever greater security claims only presented irresistible challenges to unfriendly interlopers.
Jobs’ answer was to create the reverse environment, and he actually published the entire roadmaps for his operating systems. Many thought he was mad to do so, but Jobs understood that an open system not only presented no challenges to hackers, but gave you a whole global army of moderators who could instantly dive in and correct any issues. This radical philosophy quickly made Apple Mac computers the most robust and virus free machines on the market.
Of course times have changed, and the naive primordial computer landscape of Job is now long gone. Today we live in a far more uncertain and shadowy world where we have all come to place far too much of our trust in digital technologies, and those who would disrupt our lives are no longer lurking around darkened corners, but often inside the very devices we are using to conduct our everyday lives.
This too is now the world where global security agencies are having to concentrate their efforts, hence the UK government’s pressure to gain access to the stored data of Apple customers. Ironically, Apple has argued that this very insistence is a serious act of self harm, as many millions of Apple customers who previously enjoyed absolute digital seclusion and security will now have their devices prised open, and potential routes will be created from the outside world to their personal data.
Such is the concern about this move that two US lawmakers have even claimed that it could threaten US cyber-security, with all the consequences that could have for the fight against global crime and acts of terrorism.
Senator Ron Wyden and Congressman Andy Biggs have written to US national intelligence director Tulsi Gabbard urging her to give the UK an ultimatum: “Back down from this dangerous attack on US cybersecurity, or face serious consequences.”
“While the UK has been a trusted ally, the US government must not permit what is effectively a foreign cyberattack waged through political means”, the US politicians wrote.
They have said that say agreeing to the request would “undermine Americans’ privacy rights and expose them to espionage by China, Russia and other adversaries”.
If the UK does not back down Ms Gabbard has said the US should “reevaluate US-UK cybersecurity arrangements and programs as well as US intelligence sharing.”
The reason that this issue is of such profound importance is that the digital revolution has changed the way in which security services around the world work to protect us from those who would do us harm. The gathering of intelligence is these days no longer so much a human interaction but a vigorous and forensic analysis of digital communications. After the 9/11 attacks for instance, George Bush Junior’s promise to hunt down and eliminate Osama Bin Laden was achieved by monitoring the phone and computer traffic that surrounded and ultimately located the terrorist leader.
As it happens the fundamental mechanics of this digital strategy were laid down in Britain almost a century ago, in what is now known famously as Hut Six at Bletchley Park. The high security base of our World War Two Codebreakers. The popular story of how the highly gifted team of individuals broke the German’s ‘impossible’ Enigma code (with its 12 million, million combinations) centres on the brilliant mathematician Alan Turing, who is generally recognised as the father of computing.
Somewhat less well known is the figure of William Gordon Welchman, an equally brilliant mathematican who was the man at Bletchley who actually set up – and was the head of – the legendary Hut Six. Welchman was the antithesis of the introverted and intensely private Turing – he was a genuine James Bond character who loved hunting, shooting, womanising and driving fast cars.
The son of an Anglican country vicar, he had a unique gift for brilliantly lateral thinking and, whilst Turing and his team were toiling day and night to crack the actual messages sent by the Germans, Welchman took a step back and started to focus instead on the way the messages were being transmitted on the ground – where they were coming from, where they were going, and their frequency. Very quickly he created a huge wall map of Europe with pin flags for transmitters and threads joining them all together. Long before the actual Enigma messages were cracked, Welchman had delivered to the British military planners a highly detailed and accurate map of where the Germans were concentrated and where their troops, armour and planes were moving to. This information gave Britain a devastating strategic advantage – for instance Welchman’s information enabled tens of thousands of British troops to be evacuated safely at Dunkirk, and to return to Normandy on D-Day.
After the war, Welchman was recruited by the Americans – he taught the first computer programming course at the Massachusetts Institute of Technology in 1951, and by the early 1960s was working for US military intelligence with the very highest levels of security clearance. Noticing that many of his close friends at Bletchley Park were passing away, he decided to publish a book – The Hut Six Story – acknowledging their contribution to Britain’s war effort, but his gesture proved personally catastrophic. Those who has worked at Bletchley were – and are still today – bound by the Official Secrets Act and the book was seen by many – not least by then British PM Margaret Thatcher – as a profound act of national betrayal. Welchman died a broken man on 8th October 1965.
One might wonder why such things could still matter so deeply almost a century after the events occurred, after all we know so many other secret things about the Second World War. It’s because the precise mechanism invented by Gordon Welchman in 1939 – traffic analysis – is still the core technique at the heart of global security, and much of the detail of the mechanism that Welchman developed is still highly classified, because it is still highly usable. Indeed, in this digital age recognising and interpreting patterns of changes within digital communications networks are often key indicators that major events are being planned, and a great deal of terrorism prevention relies on concepts invented by Welshman. It’s not something that we tend to hear about, but at any one time many acts of domestic and global terrorism are being planned and prepared for execution, and thankfully most are still being thwarted.
It’s with this running and ever-increasing threat in mind that the UK government is seeking access to all Apple customers’ devices, and equally why US intelligence services are so deeply concerned about this demand. For Britain, totally security requires total access to all levels of human communication; for the Americans total access means potentially millions of us will become additionally vulnerable to criminal acts.
When theologians and religious commentators debate the internet, our focus tends to be on the direct effects of social media on the human person, versus the unlimited potential for communication that this new digital world could potentially offer. Whilst it’s important to debate these aspects of digital communication, it’s far more likely that the pressing moral and philosophical issue is going to be surveillance and manipulation, versus the freedom to communicate freely and openly – and just how much of our liberty we are prepared to sacrifice in order to remain safe in an increasingly uncertain and dangerous world.
Joseph Kelly is a Catholic writer and public theologian