Buckle up, because we’re poised for another battle on digital security. The FBI has reputedly asked for Apple’s help unlocking phones belonging of the alleged shooter from the Pensacola air base incident last year. Apple, for its part, claims it has already turned over to law enforcement all the information it has access to.
If you feel like we’ve been here before, it’s because we have. Back in 2016, the FBI wanted Apple to unlock a phone belonging to the San Bernardino shooter; Apple declined to help, as doing so would have potentially compromised the security of all of its devices. Eventually, the bureau sought help from an Israeli-based cyber security firm who was able to hack into phone in question.
Leaving aside the dangers inherent in the creation of backdoors into the technology we all rely upon, I think this is as good a time as any for Apple to double down on its (already pretty solid) security focus. Because when it comes to digital information and our devices, what we need is not less security, but more.
It’s MIME time
Apple has long touted the end-to-end encryption of its iMessage and FaceTime systems, but when it comes to email, the company hasn’t made any commensurate moves.
Apple’s iCloud security overview states that though traffic between your Apple devices and the iCloud Mail system is encrypted, the data stored on the mail server is not encrypted, which the company describes as “consistent with standard industry practice.” And, of course, when your email message goes out to a recipient, the security is only as strong as the weakest link in the chain.
With social media, Slack, and other messaging apps, we might feel like we’re over email, but the fact remains that so much of our online lives still rely on it. Beyond just communicating with people, tools like password resets, user accounts, and other means of proving one’s identity continue to depend on the infrastructure of email.
As it happens, Apple does support an email encryption standard called S/MIME on iOS and macOS, but it’s not enabled by default—and setting it up requires some fairly technical know-how involving certificate generation and installing profiles that’s frankly beyond the capabilities or interests of most average users.
It seems, though, that if Apple really wanted to push for more secure email, it certainly has the clout to do so—at least between users of its mail service and perhaps even, with some cooperation, between big mail providers like Google and Microsoft too. The basics of the tools are already there; they just need to be implemented.
Two factor awakens
For those intent upon securing their data, two-factor authentication has become a must-have. Apple’s done a pretty solid job of both implementing TFA for its own systems and of making it easier to use the system in its most common form, via SMS text message, by providing an autofill feature.
However, it’s become increasingly apparent…