Apple has made great progress over the years in protecting its customers against two big risks: theft of their Apple devices, and exposure of their personal data.
Activation Lock was introduced in 2013 and made it impossible for a thief to restore an iPhone or iPad to factory settings without the Apple ID credentials of its owner, or proof of purchase. Apple’s T2 chip did the same job for Macs as of 2018.
But while that’s great for protecting data, and making Apple devices far less appealing targets to thieves, there is a big downside …
We quickly learned that the presence of the T2 chip could prevent some third-party repairs, but used computer companies are saying the far bigger problem is that the security chip can completely brick a machine which would otherwise be refurbished and resold.
Motherboard ran a detailed report on this yesterday, summarized by one quote from a tweet.
This isn’t a case of Apple protecting Mac owners from theft or data compromise: this is the T2 chip preventing the legitimate resale of lawfully purchased machines.
It’s not just private sellers who don’t reset their machines before sale – it’s also enterprise companies upgrading their kit.
As we’ve seen with iPhones in the past, users often don’t reset their own devices before they recycle or donate them, so the only thing that can be done with these devices—some of which are less than two years old—is have them shredded for scrap.
If the T2 equipped laptop’s previous owner doesn’t factory reset their machine before selling it or turning it in, then it can’t be done at all. The laptop is effectively a brick. “Recyclers are obviously prohibited from selling computers with user data on them,” Bumstead said. “But now they literally have to scrap the boards because Apple is giving them no way to remove user data if they don’t have passwords, as they most often don’t.”
Bumstead said that around a quarter of the Macs he sees are affected, and effectively reduced to scrap.
DEP is a godsend for companies, but a nightmare for independent operations like Bumstead’s. If a company enrolled in the program doesn’t factory reset the machines before selling them off, then second-hand stores can’t sell them.
Wiping your information from a device you trade in is good data hygiene, but individuals aren’t the only people buying computers. Often, companies buy and sell computers in bulk. “When managed machines are decommissioned, the companies rarely de-register their computers,” Bumstead said.
This is a problem for everyone. Resellers may end up buying machines they have to scrap; those who buy used Macs have a smaller pool to choose from, which is likely to drive up prices; and it’s a huge environmental issue to have machines which could easily have a useful life of 5-10 years reduced to scrap after as little as two years.
I fully support Apple’s desire to protect customers, and there can absolutely not be any backdoor into restoring data, for all the reasons we’ve discussed at length before and after the San Bernardino case.
But there can and should be some method for Apple to authorize the wiping of Macs in legitimate resale channels.
One possible approach would be for Apple to maintain a stolen device register, similar to the one used by British folding bike maker Brompton. Anyone whose bike has been stolen can add the serial number to the database, and anyone wanting to buy a used Brompton can check that it isn’t listed as stolen.
Apple could do the same thing. If your device is stolen, you log in to an Apple website using the Apple ID credentials associated with the device and flag it as stolen. Law enforcement agencies would also be able to do this with devices listed in theft reports.
Both private individuals and resellers would then be able to check this database before purchasing a machine. Resellers should be able to additionally request authorization to wipe machines. Apple checks the serial numbers against the database, and if they are not listed, it authorizes the request. Machines can then be wiped and resold.
The T2 chip would need to be upgraded to support the remote authorization process, connecting to an Apple server when it is booted and checking for permission to be restored.
What’s your view? Would you welcome an Apple stolen device register, to provide protection when buying a used Mac and to prevent working machines being unnecessarily scrapped? Please take our poll and share your thoughts in the comments.