Let's say—for whatever reason—you're concerned about keeping your communications safe from government prying. Assuming you aren't a high-profile target to warrant direct hacking (the United Arab Emirates allegedly tried to breach the digital defenses of human-rights activist Ahmed Mansoor on three occasions, for example), there are reasonable measures you can take to live a normal life and continue to have private thoughts and private conversations.
Note that I'm not singling out any government or administration. Politics aside, we should all think like dissidents, because the tide ebbs and flows from freedom to dictatorship and from left to right all around the world. The common thread is taking smart measures.
To secure yourself against potential government intrusion requires giving up a lot of conveniences, because many tools that make your digital interactions easier assume that only criminals and other individuals will try to gain access to your data and your hardware, and that authorities will be bound by law and subject to court decisions.
Even in the much-discussed FBI case, in which that agency wanted Apple to create a custom operating system to crack the stored data on a work-owned iPhone assigned to one of the San Bernardino terrorists, the concerns were more existential and the FBI didn’t attempt to bypass the courts. Apple worried that an encryption-breaking version of iOS would be used broadly.
We have to start with a number of assumptions:
- Any device you have could be seized, including backup drives.
- Protections against being physically compelled to use your fingerprint will be reduced or removed.
- Government-designed malware could be distributed to infiltrate your devices en masse.
- All data you send anywhere over the Internet will be intercepted and examined automatically, so it needs to be encrypted.
- Cloud providers will be required to grant unlimited access to data at rest to authorities.
In this column, I’ll start with improving encrypted and security for iOS devices and Macs that work to mitigate those points. In future columns, I’ll move on to cover more topics.
Hardening your Mac and iOS device security
By default, iOS encrypts all its storage using a strong method that has resisted even determined cracking. macOS allows you to turn on full-disk encryption, though it has more limits. These can be effective first lines of defense against having hardware seized.
You don’t have to make any changes to iOS for this level of encryption. As long as you're using a passcode of any kind, it’s inherent and can’t be disabled.
With macOS, enable FileVault 2, available since OS X 10.7 Lion:
- Open the Security & Privacy system preference pane.
- Click the lock icon at lower-left and enter an administrative password.
- Click the Turn on FileVault button.
- Don’t agree to store your recovery key in iCloud, as that creates a point of weakness that’s not under your control. Choose to store it locally, and make sure you keep an encrypted copy of the recovery key outside of the Mac you’re encrypting.
- Click to restart.
Encryption can take many hours. With an SSD it will be much faster.
Don’t store your FileVault recovery key in iCloud, as that makes it potentially more vulnerable to outside extraction.
Make sure to select and set up all the user accounts who need to be able to log in after the Mac reboots from a shutdown state. FileVault uses the Recovery Disk to boot. User logins set up for FileVault are stored on the Recovery Disk, and the password to the account is used to unlock the encryption key that scrambles the main startup partition.
Jonathan Zdzriarski, a security guru and maker of the file-access monitoring tool Little Flocker, notes that FileVault encryption isn’t tied to hardware, even with the new MacBook Pro with Touch Bar models.
Enable encryption on individual drives.
FileVault doesn’t encrypt other drives you use, and if you’re using any local backup options, including Time Machine, you need to encrypt those drives too. You can right-click any mounted drive or partition and select Encrypt “Drive Name.” However, you need to create a password for it and save that password separately, or be at risk of getting locked out of the drive.
You’ll also need to enter the password whenever the system restarts or you unmount and remount the drive. You could use Keychain to store the password so long as you’re not syncing Keychain via iCloud and you have a strong macOS password. (iCloud Keychain sync is quite secure, but it results in your secrets being accessible from more devices.) Better, use a third-party password tool, like 1Password, which I’ll write more about in the future.
Whenever your Mac is active and drives are mounted, your data is susceptible, even if you’ve locked the system. You need to power down when away from your computer, which means scheduling backups while you’re working.
A strong password and giving up Touch ID
Apple encourages the use of Touch ID as a personal security measure. Because Touch ID is susceptible to physical coercion—someone grabbing your hand and placing fingers on the sensor—it lacks the protection of the human mind. You don’t even have to be conscious.
If you believe the state no longer provides an effective counter, then Touch ID is a bad idea to enable for most people. Zdzriarski says to manage Touch ID, you have to be able to shut down an iOS device “if you suspect you’re about to have a law enforcement or customs encounter, power cycle and leave mobile devices locked (without passcode) at night so the fingerprint reader is inactive,” and so on. He also suggests using a non-obvious finger (not your thumbs or index fingers). “While your fingerprint can be compelled, it’s arguable whether or not they can compel you to tell them which finger you used,” at least under current U.S. law.
Even with Touch ID, your passcode should be long and strong. Some folks still argue towards using purely random text with punctuation, numbers, and mixed capitalization. I favor what many leading security experts suggests: a multi-word passphrase that’s generated randomly, and is thus as effective at resisting brute-force attacks. For safety’s sake, your three or more words should total 20 characters or more.
I switched from a six-digit passphrase in iOS to a multiple-word one, and now that I’m used to entering it, it only takes a few seconds longer.
In future columns, I’ll discuss the risks associated with iCloud and other cloud syncing, using security tools in macOS, and securing network access with messaging and a virtual private network (VPN), and using anonymized browsing. Stay tuned, and stay safe—well, safer.