[Infowarrior] - Schneier: 'Security' Is Code for 'Control'

[Richard Forno]

With iPhone, 'Security' Is Code for 'Control'
Bruce Schneier Email 02.07.08 | 12:00 AM
http://www.wired.com/politics/security/commentary/securitymatters/2008/02/se
curitymatters_0207

Buying an iPhone isn't the same as buying a car or a toaster. Your iPhone
comes with a complicated list of rules about what you can and can't do with
it. You can't install unapproved third-party applications on it. You can't
unlock it and use it with the cellphone carrier of your choice. And Apple is
serious about these rules: A software update released in September 2007
erased unauthorized software and -- in some cases -- rendered unlocked
phones unusable.

"Bricked" is the term, and Apple isn't the least bit apologetic about it.

Computer companies want more control over the products they sell you, and
they're resorting to increasingly draconian security measures to get that
control. The reasons are economic.

Control allows a company to limit competition for ancillary products. With
Mac computers, anyone can sell software that does anything. But Apple gets
to decide who can sell what on the iPhone. It can foster competition when it
wants, and reserve itself a monopoly position when it wants. And it can
dictate terms to any company that wants to sell iPhone software and
accessories.

This increases Apple's bottom line. But the primary benefit of all this
control for Apple is that it increases lock-in. "Lock-in" is an economic
term for the difficulty of switching to a competing product. For some
products -- cola, for example -- there's no lock-in. I can drink a Coke
today and a Pepsi tomorrow: no big deal. But for other products, it's
harder.

Switching word processors, for example, requires installing a new
application, learning a new interface and a new set of commands, converting
all the files (which may not convert cleanly) and custom software (which
will certainly require rewriting), and possibly even buying new hardware. If
Coke stops satisfying me for even a moment, I'll switch: something Coke
learned the hard way in 1985 when it changed the formula and started
marketing New Coke. But my word processor has to really piss me off for a
good long time before I'll even consider going through all that work and
expense.

Lock-in isn't new. It's why all gaming-console manufacturers make sure that
their game cartridges don't work on any other console, and how they can
price the consoles at a loss and make the profit up by selling games. It's
why Microsoft never wants to open up its file formats so other applications
can read them. It's why music purchased from Apple for your iPod won't work
on other brands of music players. It's why every U.S. cellphone company
fought against phone number portability. It's why Facebook sues any company
that tries to scrape its data and put it on a competing website. It explains
airline frequent flyer programs, supermarket affinity cards and the new My
Coke Rewards program.

With enough lock-in, a company can protect its market share even as it
reduces customer service, raises prices, refuses to innovate and otherwise
abuses its customer base. It should be no surprise that this sounds like
pretty much every experience you've had with IT companies: Once the industry
discovered lock-in, everyone started figuring out how to get as much of it
as they can.

Economists Carl Shapiro and Hal Varian even proved that the value of a
software company is the total lock-in. Here's the logic: Assume, for
example, that you have 100 people in a company using MS Office at a cost of
$500 each. If it cost the company less than $50,000 to switch to Open
Office, they would. If it cost the company more than $50,000, Microsoft
would increase its prices.

Mostly, companies increase their lock-in through security mechanisms.
Sometimes patents preserve lock-in, but more often it's copy protection,
digital rights management (DRM), code signing or other security mechanisms.
These security features aren't what we normally think of as security: They
don't protect us from some outside threat, they protect the companies from
us.

Microsoft has been planning this sort of control-based security mechanism
for years. First called Palladium and now NGSCB (Next-Generation Secure
Computing Base), the idea is to build a control-based security system into
the computing hardware. The details are complicated, but the results range
from only allowing a computer to boot from an authorized copy of the OS to
prohibiting the user from accessing "unauthorized" files or running
unauthorized software. The competitive benefits to Microsoft are enormous
(.pdf).

Of course, that's not how Microsoft advertises NGSCB. The company has
positioned it as a security measure, protecting users from worms, Trojans
and other malware. But control does not equal security; and this sort of
control-based security is very difficult to get right, and sometimes makes
us more vulnerable to other threats. Perhaps this is why Microsoft is
quietly killing NGSCB -- we've gotten BitLocker, and we might get some other
security features down the line -- despite the huge investment hardware
manufacturers made when incorporating special security hardware into their
motherboards.

In my last column, I talked about the security-versus-privacy debate, and
how it's actually a debate about liberty versus control. Here we see the
same dynamic, but in a commercial setting. By confusing control and
security, companies are able to force control measures that work against our
interests by convincing us they are doing it for our own safety.

As for Apple and the iPhone, I don't know what they're going to do. On the
one hand, there's this analyst report that claims there are over a million
unlocked iPhones, costing Apple between $300 million and $400 million in
revenue. On the other hand, Apple is planning to release a software
development kit this month, reversing its earlier restriction and allowing
third-party vendors to write iPhone applications. Apple will attempt to keep
control through a secret application key that will be required by all
"official" third-party applications, but of course it's already been leaked.

And the security arms race goes on ...

---

Bruce Schneier is CTO of BT Counterpane and author of Beyond Fear: Thinking
Sensibly About Security in an Uncertain World. You can read more of his
writings on his website.