By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Katie Benner and Paul Mozer, reporting for the NYT and revisiting the topic excised from a report earlier this week:
In China, for example, Apple — like any other foreign company selling smartphones — hands over devices for import checks by Chinese regulators. Apple also maintains server computers in China, but Apple has previously said that Beijing cannot view the data and that the keys to the servers are not stored in China. In practice and according to Chinese law, Beijing typically has access to any data stored in China.
If Apple accedes to American law enforcement demands for opening the iPhone in the San Bernardino case and Beijing asks for a similar tool, it is unlikely Apple would be able to control China’s use of it. Yet if Apple were to refuse Beijing, it would potentially face a battery of penalties.
Analysts said Chinese officials were pushing for greater control over the encryption and security of computers and phones sold in the country, though Beijing last year backed off on some proposals that would have required foreign companies to provide encryption keys for devices sold in the country after facing pressure from foreign trade groups.
“People tend to forget the global impact of this,” said Raman Jit Singh Chima, policy director at Access Now, a nonprofit that works for Internet freedoms. “The reality is the damage done when a democratic government does something like this is massive. It’s even more negative in places where there are fewer freedoms.”
Another way to look at this is a choice between the lesser of two evils. Is it a bad thing if law enforcement loses access to the contents of cell phones as state of the art for security increases? Yes. But it would be far, far worse — for entirely different reasons — if we eliminate true security by mandating back doors.
★ Saturday, 20 February 2016