There’s much in the news about Apple refusing a court order to assist the US FBI to unlock the pocket computer of a suspected terrorist. It’s pretty clear the perpetrators were terrorists of some description - they certainly instilled terror in the local population through their actions and in the wider population through the media reporting of the incident. I guess the only marginal question is did the authorities stop (kill) the real perpetrators or just some junior henchmen. After that comes research into the suspects’ contacts, communications and perhaps, eventually, motivations.

So the FBI and Apple have locked horns in the US courts wrangling over who will and should do what to unlock the phone believed to belong to one of the perpetrators. Even the highly trustworthy Edward Snowden (while working as an IT contractor for the NSA he copied sensitive information from his employer and later leaked it to the media - so we know we can definitely trust him) has weighed in on Apple’s side supporting their view that cooperating with the FBI would damage people’s freedom.

Am I being too cynical here or does something smell a bit off in this court case?

Just suppose for a moment that the security agencies already have a way in to this type of device. They would then want want to encourage the bad guys to rely on these devices rather than using something that they have not cracked yet. By the FBI claiming in the courts that they need help and by Apple publicly refusing that assistance the media get caught up in propagating the lie that our information is safe if we just put it in one of these devices and automagically into ‘the cloud’.

We regularly get reports in the media about people having their information stolen through their use of their or someone else’s computers (pocket- or any other type) - but somehow we don’t seem to ask oursleves how the media organisations do it when they track down some person who published unpleasant ideas on Chirrup or some other inane outlet. If Sky News can track someone down, so can the security agencies and, more to the point, so can organised criminals. Be very careful what you put in your computer.

So next time you’re planning mass murder it’s probably a bad idea to schedule meetings with your collaborators or plan your route to the proposed location on your pocket- or any other sort of computer. It’s probably an even better idea not to publish your ideology on social media or take photographs of your co-conspirators or of your stash of weapons. You really have no idea who is watching you.

Update 31-Mar-2016: Recent news that the US FBI has now accessed some information from the pocket computer of a suspected terrorist has led to much speculation in the media including this unhelpful article ‘Cracked iPhone: Should you be worried?’ from the BBC. If you are storing information on your pocket computer that you don’t want your state authorities to access, then yes, you damn well should be worried. You (an individual) are up against the power of a state. Even if you’re storing such information written in cuneiform on clay tablets buried under your patio you should be worried. If instead you’re worried that your ex partner may use the same techniques as the FBI to read your financial information from your pocket computer then relax… they read that long ago when you fell asleep without locking your screen.

Update 16-Dec-2016: A news article about how the UK authorities get at the data on an iPhone: Wait for the (suspected) baddy to unlock their phone and then nab them.

It strikes me that in the concealment ‘arms race’ a proximity detector (perhaps based on NFC or even Bluetooth) which locks the phone if it is removed from the vicinity of a wearable object would be a solution… What goes around, comes around.

All the bits are available - why don’t people do this? Because people are too lazy (or not paranoid enough) to use two layers of security for their phones. This would only be effective if you needed both the correct NFC tag and a passcode to unlock. Otherwise the authorities will simply take your tag and unlock your phone without asking your permission.

What this sort of technological approach does defeat is the possibility of your phone being stolen and your data being used for fraud or covert espionage. If you know it’s gone - because it’s been snatched - you can start to assess and mitigate how much damage you or your organisation might suffer.

Leaving the above idea to one side, if the authorities in the UK were to present a warrant to inspect my computer or phone then I’ll give them the codes. If I was visiting a part of the world governed by one of the more repressive regimes where the ‘law’ is rather made up as they go along then I wouldn’t hold out for a warrant. I’m absolutely certain my codes could be beaten out of me in short order - so I don’t want the bad guys to start. The best way of making sure that the contents of your phone does not incriminate you is not to store incriminating data on it.

I’m reminded of a time when I was introducing the use of PGP encryption for my company’s travelling consultants. I was quizzed quite hard by a number of them about just how difficult would it be to crack a PGP encrypted disk or file - for example if their laptop was stolen or the disk were copied while they went to a meeting. I found some document which suggested that it would take all the computing power in the world an unfeasable period of time to crack such a file - and waved that at them; but I then told them that if I were a bad guy and really wanted to get the contents of the file the cheapest way would be to take a baseball bat and beat the necessary information out of them. I don’t want to impugn their courage but some of them looked a bit more thoughtful as they left.