Apple's warrant canary riddle: Cock-up, conspiracy, or anti-Google point-scoring

Please pick one, Tim

So there's still a chance Apple will protect us from the NSA?

The problem with this perspective is what the 19th Century biologist Thomas Huxley called the tragedy of the sciences – "the slaying of a beautiful hypothesis by an ugly fact," or in this case two of them.

Firstly, there's really no evidence that the warrant canary actually works as intended. In a paper published in April, the ACLU's legal assistant Naomi Gilens examined the use of warrant canaries and notes that while they would appear to be covered under First Amendment rights, that isn't guaranteed by any means.

There is case law to suggest that the US government could force companies to lie in their statements about surveillance if national security was involved. Since there has never been a legal challenge to warrant canaries, it remains to be seen if they will stand up in court if a company is prosecuted for taking one down in response to a secret surveillance order.

Secondly, and more importantly from a technical perspective, Apple's security still isn't good enough to provide total security. An analysis by security expert Jonathan Zdziarski shows that if the government got hold of a target's computer which is paired to an iPhone then that handset can be forced to give up a large amount of data, and the encryption isn't perfect, even if it's better than most.

"Their encryption is probably pretty sound so long as you’re either using a complex passphrase, or as long as nobody figures out how to get code execution to run a PIN brute forcer (or if the phone is already running, just copy off whatever data is unlocked)," he told The Reg.

"In all cases, it's probably 'safe enough' to where somebody would have to hack the phone (or confiscate your laptop’s pairing record) to get at your personal data."

As any infosec bod knows, there are any number of ways the NSA's Tailored Access Operations squad could hack an individual's systems if it really wanted to badly enough. But for mass surveillance to work, the government needs easier and cheaper methods than that.

In the end, we're not going to know the whole truth until Apple clarifies its position or Uncle Sam makes overt moves to force the company to buckle under. Even then the warrant canary could be a dead duck and Cupertino could be forced to lie.

But if Apple decides to try and woo the security conscious and fight its corner, the tactic could be a massive selling point for the firm and the ultimate justification for the high price it puts on its product. But that's a rather big if. ®

Biting the hand that feeds IT © 1998–2021