Who Controls Your Phone?
My wife got an Apple iPhone over the weekend. It’s an amazing piece of technology. Apple has done a fine job adapting a traditional computer into a phone form-factor. It truly sets the bar at an entirely new level for portable computing. Of course, there’s also an integrated phone.
I emphasize that it’s a computer because it has all of the characteristics of a computer. With the iPhone, the phone is simply another application on the computer–not unlike a Skype application might be installed on your Windows computer.
Our models of computers and phones have strong, but mostly disassociated relationships. We have a history of using computers as an important extension of all sorts of information. We understand that allowing others to have total control over our computers in generally a bad thing, whether that someone is a government entity, corporation or script-kiddie. Phones, on the other hand, have traditionally been far less complicated. There is a pretty basic hardware device and a service provider. The risks are well understood.
As I was playing with the iPhone and trying to find ways to meet my wife’s IT needs, it became increasingly clear how little control I had over this computer. Without jailbreaking the phone, I had no way to get a shell, and therefore no way to collect logs, change passwords, harden the underlying OS, install intrusion detection, or do any of the other things I would normally do to a computer I managed. Apple was my only source for applications and only those applications which Apple approved of could be installed. My hands were completely tied.
Unless I jailbreak this phone and accept the risk of something else not working, or Apple breaking it in an update, and explore the ethical questions as a result of doing so, I am completely at the mercy of Apple for the phone security and functionality. My risk assessment is theirs. My acceptance of risk is their acceptance of risk, which undoubtedly is primarily influenced by their bottom line.
This goes far beyond risk management. Imagine the outcry if Microsoft only allowed applications which they permitted to be run on Windows. We would have a world entirely dominated by Microsoft.
We need to lobby our lawmakers to, without equivocation, absolutely require computing platforms to be open enough for fair competition and where one company cannot call all of the shots. This is not about open source, this is simply setting requirements for a heterogenous platform where the risk of total control of data is minimized.
As the world becomes more mobile, this will need to be increasingly recognized as an essential liberty.