In previous columns, I've explained the chain of trust and the weak links in various methods of security. But reader Duane asked a few days ago, regarding my column on using VPNs to protect coffeeshop and other last-mile vulnerable connections, "How do you know the VPN operator isn't stealing your info?"
This is an absurdly important question, and one that extends far beyond VPNs and specific issues with Apple hardware and software. Trust is a difficult commodity to measure, made more difficult by the subversion of parties that are in the chain of trust we use every day by the National Security Agency (NSA) and agencies of other governments. These security groups have been shown to weaken standards, find exploits and use them rather than disclose to improve for all, and possibly suborn employees or place undercover agents in firms. In some countries, these sorts of weaknesses can mean your door is bashed in by the authorities and you're taken away.
Beyond government agents, we have reason to be concerned about employees of companies, companies themselves, and criminals or harassers who interpose themselves in networks. These are harder to root out, and usually exposed only when information is leaked, a law-enforcement operation finds culprits, or your credit-card statement arrives.
There's no way to prove incorruptibility, but there are methods companies can use to put themselves beyond needing to be trusted. That is, a company can create a secure product that is impenetrable to its own ability to access your data, whether stored or in transit.
Can your data be subpoenaed?
Let's start with the top, Apple, which says it has such a regime in place for iMessage, two-step verification with Apple ID, FileVault 2 in Mac OS X, and other systems. Tim Cook told Charlie Rose, "If the government laid a subpoena to get iMessages, we can't provide it. It's encrypted and we don't have a key."
FileVault 2 uses an encryption system that lets you store a recovery key in escrow with Apple (which I'll talk about in a future column), but you don't have to. Without that escrow, lose your password and recovery key, and your hard drive's contents are forever gone. And we've already talked in this column about how two-factor verification as implemented by Apple prevents even Apple from regaining access to your account if you lose two of the three components.
We have no reason to believe Cook would lie: as the head of a publicly traded company, such a lie would have financial consequences, and potentially legal ones, if it came out. Nor has it been shown that Apple is misrepresenting its other security. The company says and ostensibly cannot get into your encrypted sessions or data.
Sign up for Computerworld eNewsletters.