Five Thoughts on Privacy and Security

Apple’s been in the news this week because hackers apparently forced their way into various celebrities’ iCloud accounts and stole photos, which have now been released to the public. It’s still not clear exactly how the hacks were perpetrated, although that hasn’t prevented plenty of clueless reporting on the topic. In the absence of clarity about exactly what happened, I think it’s useful to focus on a few general points about privacy and security that provide some context for this sort of news.

If Apple really is at fault, it needs to remedy the situation fast

If it becomes clear, as has been reported, Apple’s systems for securing accounts are inadequate in that they either lack rate limiters or are otherwise open to brute force attacks, they need to fix this ASAP. As others have pointed out, these are basic precautions any online service ought to put in place and if Apple hasn’t had them, that’s a massive oversight. There should be (and almost certainly is) an internal review under way at Apple right now looking at all the potential vulnerabilities in Apple’s online sign-on systems and patching them as soon as possible.

The impact to Apple will be very limited

Every time a story like this blows up, I get calls from journalists asking whether this will (A) damage the company concerned, (B) make people warier of similar services in future, (C) dramatically change behavior. And every time, I tell them no to all three questions, for one simple reason: people have extremely short memories when it comes to this sort of thing. Just look at the Google Trends data for the search term “privacy”:

Google Trends privacy

What you see is interest in the topic is actually declining over time, though there are periodical spikes in interest, usually triggered by specific news stories such as the one this week. Interestingly, there’s no spike this month even though the equivalent Trends data for the word “hack” has spiked enormously as a result of the news story. In other words, overall concerns about privacy as measured by this data remain low (and are in fact falling) and although there are brief spikes in interest, they don’t last. As such, this story will likely blow over like all the others before it, and there will be little to no lasting impact on Apple.

What is certain is that, if you were looking to orchestrate a campaign to hobble Apple’s announcements this coming week, this would be about as good an attack vector as you might conceive of. It hits Apple where it’s thought to be weakest (cloud services) ahead of what’s likely to be a series of announcements about particularly sensitive data sets (health, home and financial). But my guess is by this time next week it will be forgotten – the public has a very short memory when it comes to this sort of thing.

Privacy attacks are very targeted

One reason why these attacks tend to blow over so quickly is they affect so few people. This particular attack, like most of them, was very targeted – the Guardian reports only around a dozen celebrities were affected and a total of around 400 photographs and videos leaked so far. The overall scope of the hack may have affected “over 100 individuals” and their personal data. That’s a tiny, tiny fraction of the overall populace, and what all these people have in common is they’re famous.

All of these attacks require three things to be a threat: motive, means and opportunity. And, unlike the sort of financial hacking that has affected Target and others in recent months, all three simply don’t apply to most members of the general population. There’s little motive for hackers to access my personal photos or videos, because the market for images of my kids is non-existent outside my own family. These attacks take considerable time and it’s simply not worth the means required if there’s no payoff. There’s also little opportunity because the kind of personal data necessary to perform social engineering for someone who isn’t famous is hard to come by.

As such, though celebrity photos make for big news stories, most people can easily brush them off since they’re unlikely ever to be affected by them. Financial hacking stories, on the other hand, have far more wide-reaching effects, and the likelihood that many ordinary individuals will be affected is far higher. But that doesn’t apply to this sort of very targeted and therefore, limited, hacking.

The difference between careless and deliberate privacy invasions

Another thing to bear in mind is there’s a very important difference between personal information obtained by third parties despite the best efforts of a provider, and information actively shared with third parties by a provider. I’ve written previously about how business models either create alignment between users and those paying the bills or tensions between them, and the implications that has for security. What’s most damaging with these sorts of stories is when they start to create in people’s minds a pattern of breaches, and that’s far more likely to happen when a company’s business model depends on enabling sharing of personal data than when a company is doing everything it can to protect users’ data from third parties.

What no one is accusing Apple of here is deliberately pushing the boundary on sharing personal information with third parties, and in fact Apple has spent the past week clarifying developer guidelines around HealthKit, HomeKit, Extensions and other functions in iOS 8 which have the potential for privacy invasions and violations. One of the things I was most struck with as I watched some of the individual sessions from WWDC was how carefully Apple has thought through some of the privacy implications of HealthKit. One example I’ll highlight that’s representative: apps can check whether they have write permission for HealthKit data, but not whether they have read permission, because the very fact a user has denied an app read permission to their blood sugar data might be an indication they are storing such information and therefore they’re diabetic. That kind of attention to detail is critical if Apple is to gain the trust of its users around HealthKit, HomeKit and whatever payment solution it will launch next week. The details that have emerged this week about the limits placed on what developers can do with HealthKit and HomeKit data are further illustrations of how seriously Apple is taking all of this. I don’t know if the timing is a coincidence – if the iPhone launch weren’t next week, I’d say it might have been moved up, but I suspect it’s just fortuitous timing.

Both Apple and Microsoft have taken advantage of Google’s focus on advertising to hammer it over privacy invasions. Microsoft’s Scroogled campaign was a good example of this strategy and it works because it reminds users of the inherent tension that exists between the needs of users and advertisers. Both Apple and Microsoft have been highlighting their commitment to keeping user data private, as I mentioned in my business models piece. While this week’s iCloud story may hurt Apple for a few days, it’s in a fundamentally different category from the regular stories about Facebook and Google privacy invasions, because those are about deliberately shifting the boundaries between what’s personal and what’s not. While Apple bears responsibility if poor security precautions allowed the iCloud hack to take place, it’s certainly not leaking that data deliberately to third parties.

Users are always the weak point in security

Lastly, we as the end users are always the weak point in security. That’s not to absolve tech companies of blame: in fact, it’s a key challenge they should all be working to overcome, while managing the balance between removing the barriers to good security and maintaining strong protections for users. I’ve had good discussions on Twitter about this over the last few days, and several themes have emerged:

  • The vast majority of users will always seek the path of least resistance when it comes to security – this means simple, often reused passwords and an aversion to things like two-factor authentication which might strengthen security
  • TouchID and other new forms of authentication can be very helpful in this respect, but they only go so far, as long as PIN codes and passwords are used as alternatives, and as long as they’re only used for on-device security, leaving the web as a whole, and non-enabled devices back in the current username-password model
  • Two-factor authentication which automates one of the factors – e.g. by using a fingerprint sensor or iris scanner on a device to authenticate on the web, or for mobile payments, could be a significant step forward. Two-factor authentication is being held back by its sheer awkwardness: waiting for an SMS or opening an app, manually entering a code etc. and something which makes the second factor easier to confirm could increase adoption.

There are no easy solutions in security, which is characterized by constant tradeoffs between ease of use and prevention of breaches. But better security and privacy protections are essential focus areas for all technology companies, and we can do much better than we currently are.

How Apple Could Lead the Next Big Tech Trend–Security As A Service

Security is a hot topic in many countries at the moment. And it is going to be a hot topic for the foreseeable future, perhaps for reasons you may not even know yet. It is fascinating to listen to water cooler conversations from folks on the topic. Security, or a lack-there-of, is quickly becoming top of mind for many human beings and rightly so. The question that I think is interesting in all of this discussion is the role technology can play around the topic of security. More importantly, what can technology companies do with regard to security.

Computers come in all shapes and sizes these days. Some go in our pocket, some go in our bags, some sit in our desks and others in large cooled warehouses. Soon we will even have computers that we wear on our person. What comes with this new era of ‘personal electronics’ is new levels of intimacy with our devices. Our smart phones are very personal and more importantly heavily personalized. They contain quite a lot of data about us and are gathering more each and every day. We use them to communicate, participate in commerce, gather information, etc. As I look out at the markets I study and the technologies orienting themselves to serve them, I am becoming increasingly convinced that the idea of security and, more specifically the idea of security as a service, is about to get a lot of attention. And given Apple’s leadership role on a lot of digital things, I expect Apple to lead the charge in next generation of personal digital security too.

An Embedded and Integrated Experience

There are several reasons I think Apple will move the goal posts as it relates to security. The first is related to their acquisition of AuthenTec in 2012. We had been tracking AuthenTec at the time and they had many of the leading solutions for mobile security and biometric sensor technology. AuthenTec also conveniently holds the vast majority of patents in many key areas related to this type of security.

The second reason, which is why Apple bought AuthenTec rather than license the technology, is because Apple is a highly vertically oriented company. Meaning they own and control all the essential elements for them to create the Apple centric experience.

By owning all the key components from designing the system-on-chip, to the hardware and software security layers, the operating system, the hardware itself, and the underlying cloud framework, Apple is uniquely positioned to create a security solution unlike many others.

Security as a Service

Traditionally we think of security as a feature. I’m proposing we think of it as a service. This would include a set of features, when combined and continually implemented, it will be embedded into the fabric of the computing experience.

Earlier this year, in an article for MacWorld, Rich Mogull wrote a great piece. In this article he made many astute observations and comments. This one in particular:

Despite a rocky start, Apple now applies its impressive design sensibilities to security, playing the game its own way and in the process changing our expectations for security and technology.

Apple can afford to play the game their own way since they are the most vertically oriented personal electronics manufacturer on the planet. This will let them do things like bind elements of device security to their processor designs. This follows Intel’s logic with their purchase of McAfee to create new generations of secure silicon adding new levels of encryption to local data. Apple being in control of their hardware and software also would allow them to offer customers the ability to do a thumb scan or image recognition before engaging in a transaction, manage all our passwords in the cloud, etc, and ultimately give us more control of our own digital identity and security.

No Trivial Problem

What I find fascinating about what Apple and others in the industry moving in this direction is not only how complex this problem is but also how risky it is. On device security is one thing but securing data between the device and others as well as the cloud gets even more complex. But I’d argue that tightly integrated solutions stand the best chance to deliver.

Security is a big deal and any company touting the benefits of security as a service has just put a target on their back. But, that doesn’t change the fact that it is important and necessary for companies providing solutions to the consumer market to address this issue. That is what makes this discussion incredibly strategic to Apple as well as others. [pullquote]It is a battle field their core perceived competitor has no interest in playing on[/pullquote]

Security as a service could become a key differentiator for Apple products and a driving reason to choose Apple products over others. But even more interestingly, their competition (Google) doesn’t care about security. It is a battle field their core perceived competitor has no interest in playing on. And that makes it all the more important.

I’m not going to go speculate on how this is going to play out. I just feel the trend bubbling up in a way that makes me believe more security centric solutions are coming and it will be made a big deal. What’s more, only a few companies seem like they have it in their interests to offer this service to their customers as a part of the holistic computing experience.

Mountain Lion Gets Serious About OS X App Security

Apple’s attitude towards OS X security has always been a bit equivocal. On a technical level, it has done a good job. OS X out of the box is reasonably secure and Apple keeps it that way with regular, usually monthly, updates.

Mountain LionBut Apple’s marketers have long seen the Mac’s perceived security edge over Windows as a competitive advantage, which leads them to disparage the idea that Mac owners need to much to protect their systems. This worked for a long time mostly because Windows presented the bad guys with so much greater a target of opportunity that few attacks targeted Macs. (In fact, the inherent security of OS X and windows have been pretty much even since the launch of Windows Vista.)

But the surge in the popularity of Apple products makes Macs a much more tempting target and with Max OAS X Mountain Lion, Apple is moving to get ahead of the problem. One of the new features in the OS is Gatekeeper, an optional whitelisting approach that should help keep the unwary from loading bad applications onto their Macs. Apps (and their cousins, browser plug-ins) rather than the operating system itself have become the leading vector of attacks since the quality of app code varies widely and apps are generally not subject to the same sort of security scrutiny that the OS goes through.

Related content: My Experience With The OS X Mountain Lion Developer Preview

With iOS, Apple takes a draconian approach to  whitelisting. The only way to load an app onto an  non-jailbroken iPhone or iPad is to download it from the iTunes App Store, which only distributes code that has been vetted by Apple. There had been rumblings that a similar approach might be taken with the Mac and even the hint of such a move suggested that Apple would face a firestorm from the Mac faithful if it imposed such severe restrictions.  So in Mountain Lion, it is taking a more nuanced approach.

Gatekeeper dialog box

Gatekeeper offers users three levels of security of app downloads. At its strictest level, it will allow only apps downloaded from the Mac App Store to be installed. This adds two kinds of protection. First, apps most be approved by Apple to get into the store. Second, new developer rules for the App Store sharply restrict  the amount of damage an app can do, although potentially at a considerable loss of functionality. Starting March 1, all apps submitted to the App Store must run in a “sandbox,” a restriction similar to that imposed on iOS developers, that limits a program’s access to system resources.

That will be too much security for many Mac users, since it would cripple many applications that depend on extensive communication with other apps–often the case in programs used for content creation or software development.  So Mountain Lion offers a more expansive option that allows installation of App Store downloads plus any app signed with a valid Apple developer ID. Before installation, the signature is checked against an Apple database to make sure the app has not been identified as malware, that the developer is not known to have distributed malware, and that the code has not been tampered with.

If you attempt to install code that lacks a valid signature, Mountain Lion will throw up a dialog box warning you. If you choose to install it anyway,  you can control-click the app or its installer and use the context menu to override Gatekeeper.

Finally, for those who prefer to live dangerous, and “Anywhere” setting allows promiscuous downloads without any warnings (an administrative password is till required for installation.)

I think Apple has hit this one right. There has been a lot of doomsaying on blogs that Apple was going to take the same locked-down approach to Mac apps that it does to iOS. But Gatekeeper’s tiered system shows that Apple understands there is a big difference between Mac (and Mac users) and iOS. I think the great majority of users will go for the middle option (isn’t that always the case when you are given three choices) since it provides the best tradeoff between security and functionality. On the whole, this is a big step forward by Apple that Microsoft ought to give a serious look at for Windows 8.