When you're in a hole, stop digging. Apple, with its enviable PR, shouldn't need to learn that lesson, but apparently it does—if only to prevent the sort of inaccurate, overreaching Congressional testimony Bud Tribble delivered Tuesday.
The Apple VP was eager to placate a Senate subcommittee asking questions about the iPhone, and why it had been keeping a record of users' round-the-clock movements. So he listed a series of steps Apple was taking to mitigate the problem, including new data protection; Tribble promised a big leap forward in encrypting information about user movements. As he put it in written testimony:
The local [hotspot location] cache is protected with iOS security features, but it is not encrypted. Beginning with the next major release of iOS, the operating system will encrypt any local cache of the hotspot and cell tower location information.
Tribble repeated this line about securing the unencrypted cache in his verbal testimony (starting here at 101:04).
But it's just not true. iPhones are already equipped with a storage system that encrypts all data, the location cache included. Apple's product literature, written to win over nervous corporate customers, is very clear on this point. "iPhone hardware encryption uses AES 256-bit encoding to protect all data on the device. Encryption is always enabled, and cannot be disabled by users," says the "iPhone in Business Security Overview." A corresponding iPad document states, "iPad offers 256-bit AES encoding hardware-based encryption to protect all data on the device. Encryption is always enabled and cannot be disabled by users."
So Apple explains very clearly to customers that the last two generations of iPhones, and all iPads, encrypt all data added to the device. But in testimony to Congress, all-encompassing encryption is touted as an exciting new feature that will come "in the next major release of iOS," presumably in response to the sorts of questions Congress is asking. How flattering for Congress.
This sort of misdirection isn't necessarily nefarious; it's bush league corporate manipulation at worst and a very clumsy inaccuracy at best (Tribble is supposed to be VP for Software Technology, for heaven's sake).
Still, these sorts of misstatements are hugely inadvisable from a PR standpoint, given that Apple is already in hot water for failing to alert customers to all the personal movement data their phones recorded, indefinitely. And it looks particularly foolish given that Senator Al Franken, in his questions at the hearing, strongly implied that Apple misled the public in its response to the tracking controversy, too.
The most generous explanation for Tribble's misstatement is that he was trying, in vastly oversimplified terms, to refer to an iPhone/iPad operating system command that affects a sort of double encryption. As a matter of course, the iPhone writes all its data to an encrypted filesystem, which is unlocked using a key stored on the device's circuit board. This allows all information on the phone to be deleted instantaneously by simply erasing the encryption key, for example to affect a "remote wipe" of a lost phone.
But there is a way to add additional protection, selectively, to certain files. As one knowledgeable programmer put it in an online discussion, "iOS 4 separately uses the same encryption facility to support its file protection API. Files stored with the NSFileProtectionComplete option are encrypted on the filesystem, and the decryption key is only available while the device is unlocked. That means that when you lock the screen, even if an app has a background component that is still running, the protected files cannot be accessed."
The bottom line is that Apple's improvements to the iPhone will be less impressive than Tribble made them out to be in his testimony — and that the iPhone is safer, today, in its data handling than the Apple executive made it out to be. So in purely logical terms Apple's misstatement didn't advance its argument all that much.
But Tribble's simple falsehood did have one big leg up on the nuanced truth: It was much easier to sell to the media. The Associated Press, USA Today, NPR and others all reported that Apple would begin encrypting location data. It's doubtful they would have bothered to explain "double encryption."
Of course, Apple embraces this sort of fudging at great further risk to its standing. It is illegal to lie to Congress, as pointed out most recently by Matt Taibbi in Rolling Stone with regard to Goldman Sachs. And "Apple can't stop lying" is a reductionist line that's at least as salable to the press as anything involving computer encryption.
[Photo of the Capitol via Wikipedia, photo of Tribble via AP]