Apple is now embracing crypto-style security to protect your data
The challenges of privacy and protection for on-line data and assets is particularly relevant to us all as we increasingly rely on digital data to lead our lives.
The average daily time people spend on their mobile ‘phones is three and a quarter hours, with 20% of people spending over four hours ‘swiping and typing’. More unbelievable is that, on average, we look at our phone 58 times a day!
Similarly, like cash, we spend money yet many of us do not even have a purse/wallet. Many mobile ‘phone owners do not call, let alone leave a voicemail (so passe‘), but text, message, email, check the weather, bank account, etc – that is, we are switching to digital. Digital cash, digital messages and digital data are all either here for you now, or are likely to be soon.
The whole topic of digital data may sound boring and not relevant to you, but think again. Do you really aspire to have your messages, photos, data, etc, on your laptop/mobile ‘phone available for all to see? Is not encryption and privacy fundamentally important for the majority of us?
More recently, it seems that the crazy crypto sector is teaching the rest of the world a lesson or two in security and privacy, and big tech firms such as Apple (itself not yet overtly crypto) are embracing the cryptographic security that underpins cryptocurrencies. However, one of the barriers in preventing the public holding digital assets – that is, cryptocurrencies, NFTs, digital equities, digital funds, digital gold, digital $or £ or € – is the user experience, or as our techy friends refer to as the ‘UX’.
Quite frankly, it can be daunting not only to have to remember all the terminology but to then be required to invent 12-24 random words to act as your private key. Yes, you need a key to unlock to give you access to your digital assets your digital data, provided you can remember your 12-24 random string of words…..
Apple Advanced Data Protection
Source: Apple
Well, by the end of December 2022, Apple Inc. is to launch in the US and then globally its new Advanced Data Protection with the intention to encrypt almost all the data that its customers store on the Apple iCloud. This is hugely significant, bearing in mind that Apple has over 1.2 billion active iPhones. As an aside, the only data that Apple will not be encrypting is your mail, contacts and calendars due to these data sets being reliant older internet technology, but it will be ‘end to end’ encrypting its customers’ data as listed here:
- passwords and keychain
- health data
- home data
- payment information
- Apple card transactions
- maps
- QuickType keyboard learned vocabulary
- Safari
- screen Time
- Siri information
- Wi-Fi passwords
- W1 and H1 Bluetooth keys
- memoji
This all sounds like a vast improvement, but what happens if I cannot remember my private key i.e., my 12-24 random string of numbers? – a challenge that many crypto investors have faced.
Apple has reported that it will not be holding customers private keys (a nightmare for those of us who forget), but at least it means your data is well and truly protected. Protected so well that, in future, even if the FBI demands access to your digital data, Apple cannot help.
Apple did indeed have a court battle with the FBI in 2015 and were asked to hand over data, but its new Advanced Data Protection will mean it now cannot do so. This possibly explains why governments have reportedly pressured Apple for years not to release this new security feature. In many jurisdictions you have the right to remain silent, yet law enforcement agents appear to have attempted to run ‘rough shod’ in trying to force tech firms such as Apple to release customer data held by them.
Even when being interrogated by these agents, information is often disclosed by questionable means. Yet these days with facial recognition ID, all that is required is to hold someone’s phone to their face so as to unlock their phone and gain access their private personal information. Presently, it seems that the legislation and protection of physical assets differs from digital assets – but surely this is now not tenable in the long term?
Apple’s new security measure is a significant advancement regarding the privacy of personal information for its customers. It offers the possibility to create new ways in which trust can be built (that is, interaction remotely between people and organisations) and will introduce millions of users globally to security processes and procedures that hitherto had largely been only employed by crypto users.
In effect, it forces users of Apple’s Advance Data Protection service to not rely on a third-party custodians but to make them be responsible for their private key, and so be their own bank- i.e., because Apple will not be able to help reset your private key.
As mentioned before, if we think that previously remembering the letters of our password was a challenge, how will we now cope with remembering our 12-24 random passwords? Consequently, Apple has tried to negate this in two ways – either customers can have recovery keys i.e., print out their private words/key or, alternatively, they can access their Advanced Data Protected iCloud account by setting up a recovery contact which involves the help of another person with an Apple ID and Apple device.
Then there is the issue of trust. According to Vocabulary.com: “The word custodian comes from Latin custos, meaning “guardian,” and anyone who looks after something can be a custodian”. This is exactly what custodians do – i.e., look after other organisations’ assets and so, in effect, provide a level of trust and assurance.
But if you are in control of your assets, then potentially the role of a custodian is questioned? The three largest custodians, BNY Mellon, Euroclear and JP Morgan control almost $70 trillion of assets and yes, they charge a fee – a fee paid for ultimately by the public via the public’s savings and pension funds. One of the key factors concerning trust when buying and selling is to have comfort as regards the identity of the other party in a transaction.
Previously, identify was more straight forward if the transaction took place face to face but, as more transactions happen on-line and often globally, the topic of identity becomes of greater importance. In the past we have relied on various forms of identity such as signatures, of which the world’s oldest known signature is believed to be Sumerian (now Iraq) in 3100 BC. And the earliest use of fingerprints to help identify someone is thought to date back to China’s Qin Dynasty (221-206 BC) to help solve burglaries. In more recent times, fingerprints where used in 1901 in British courts as a means of identifying someone and have been used extensively since then by law enforcement agencies across the world.
A more modern and increasingly common identity method is facial recognition, pioneered by an American, Woody Bledsoe in the 1960s, who managed to program a computer to review photos of, and divide a face into, common features. In Japan in 1973, Takeo Kanade used a computer to extract facial features such as the nose, mouth and eyes, and so gave birth to what we now know as facial biometric identification.
As we glean more digital data and assets, a growing need for people to have a digital identity in order to be able to look after their data and privacy will no doubt develop. This type of identity offers us the potential to transact digitally – such as using central bank digital currencies (CBDC) – without allowing central bankers and governments to have privy to what we are spending, where, when and with whom.
As users become comfortable with employing private keys, it ought to make the transition to holding and managing other digital assets (whether that be their health data, digital stock or cash) much easier. So, whilst not embracing digital assets as such, Apple does appear to be educating and introducing the world to the technology and procedures that digital asset users have been utilising themselves for a while.
This could well be significant since Visa, Mastercard, PayPal and Apple Pay, to name just a few, already accept cryptocurrencies as a form of payment on their platforms. If we are to see more countries issue CBDCs, then digital £, $, €, Yen, etc, could well become common place and indeed will if the promises of faster, more efficient transactions become a reality. After all, why would users wish to continue relying on other less expensive ways to pay for goods and services?