Our Digital Right to Die

With so many, so many, blog posts about Apple and FBI I have yet to see one get to the core issue.

Do we have a digital right to die? After we are dead, in other words, who controls the destiny of our data and what authority do we have over them?

Having been in the security industry for more than two decades I have worked extensively on this problem, not only because of digital forensics. Over the past five years we’ve developed some of the best technical solutions yet to help kill your data, forever, at massive scale.

The market has not seemed ready. Knowledge in this area has been for specialists.

Although I could bring up many cases and examples, most people do not run into them because discussion is usually around how to preserve things. The digital death is seen as edge or outlying situations (regulatory/legal compliance, dead soldier’s email, hiker’s cell phone, famous literary artist’s archives).

It feels like this is about to change, finally.

Everyone seems now to be talking about whether the FBI should be allowed to compel a manufacturer to disable a cell phone’s dead-man switch, for lack of a better term. A dead-man switch (or dead man’s, or kill switch) is able to operate automatically if the person who set it becomes incapacitated.

Dead-man switches can have sophisticated logic. Some are very simple. In the current news the cell phone uses a simple count. After several failed attempts to guess a PIN for a phone, the key needed to access data on that phone is erased.

Philosophically this situation presents a very difficult ethical question: Under what circumstances should law enforcement be able to disarm a dead-man switch to save data from deletion?

In this particular case we have a simple, known trigger in the dead-man switch. Bypassing it in principle is easy because you turn off the counter. Without a count the owner can try forever until they guess the PIN.

Complicating the case is that the vendor in question sells proprietary devices. They, by design, want to be the only shop with capability to modify their devices. They do not allow anyone to modify a device without their approval.

If there is any burden or effort here, arguably it is from such a business model to lock away knowledge needed to make the simple configuration change (stop the counter) to a complex device. Some see the change as a massive engineering effort, others say it is a trivial bit flip on existing code, yet no one is actually testing these theories because by design no one but the manufacturer is allowed to.

Further complicating the case is that the person using the device is dead, and technically the device is owned by someone else. Are we right to honor the intentions, unknown, of a dead person who set the dead-man switch over the living owner of the device who wants the switch disabled?

Let me put it this way. Your daughter dies suddenly. You forget the PIN to unlock the phone you gave her to communicate with you. You ask the vendor to please help disable the control that will kill your daughter’s data. Is it your data, because your device, or your daughter’s data?

If the vendor refuses to assist and you go to court, proving that you own the phone and the data is yours, do you have a case to compel the vendor to disable the control so that your data will not die?

What if the vendor says a change to the phone is a burden too great? What if they claim it would take an entirely new version of the iPhone operating system for them to make one trusted yet simple change to disable the dead-man counter? How would you respond to self-serving arguments that your need undermines their model?

It is not an easy problem to solve. This is not about two simple sides to chose from. Really it is about building better solutions for our digital right to die, which can be hard to do right, if you believe such a thing exists at all.


Updated to add reference to “kill switch” regulation:

Apple introduced Activation Lock in iOS 7. The feature “locks” iOS devices with the owner’s iCloud account credentials, and requires that they be authenticated with Apple before the device can be erased and set up again.

Activation Lock was the first commercially available “kill switch” for mobile operating systems, and similar features have since been implemented by Google and Samsung. California passed a law last August requiring that all smartphones sold in the state implement kill switches by July 2015, and an FCC panel in December recommended that the commission establish a similar nationwide framework, citing Activation Lock as model deterrent.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.