What I learned about security, privacy and Apple
Sunday, December 23, 2007 by Dave Winer.
First, thanks for the great comments on yesterday's post about Apple and the hard disk of my MacBook. People were universally positive and helpful, and I can say I really learned some really important things as a result of the discussion.
First, the cost of the data on the hard disk swamps the value of the value of the disk and even the value of the computer. There was source code on the computer, and other information, which if it fell into the wrong hands, could cause some serious problems for me.
I have no agreement with Apple that covers the security or privacy of the data. As far as I know they think they own the contents of the disk as well as the disk itself. The experience I had with them actually makes me think they probably do feel its theirs. This from a company that takes the security of its own private information very seriously, they seem to have almost no regard for the security of its customers' information.
You have no control over when a hard disk will crash, or any foreknowledge of when it's even likely to crash. So there's no way to protect against this kind of security issue. And that's what it is. What kind of sense does it make to invest in firewalls, and of what value is Apple's claim that Macs are inherently more secure, when all the data on one of my computers is now completely out of my control forever?
I'm not so concerned about the privacy issues, but I could imagine that other people might be. And if identity thieves are not aware of this backdoor way to get access to private information, how long before they are? Security experts always warn us that obscurity is not a good strategy for security.
Basically I've given up on trying to get Apple to do the right thing and give me my disk back. Some people at the Emeryville store are well-itentioned, and are just naive about the problems that can come when you trust people with all your data. Others just don't care. Either way it seems unlikely that I'm going to get it back, and even if I do, it's been out of my control for too long.
I'm going to go through the tedious job of changing the passwords on all my sensitive online accounts. That was overdue anyway. And next time a laptop blows its hard disk, I'm either going to replace it myself and shred the old disk, the same way I'd shred any sensitive documents before throwing them out, or just throw away the whole computer. I know this isn't green, but there seems to be no other course that's anything close to secure.