Privacy, patriotism or profits? Apple’s fight with FBI goes deeper than iPhone encryption

Cybersecurity community weighs in on implications for consumer trust in data security

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Apple CEO Tim Cook is some­what of a John­ny-come-late­ly to a cam­paign that America’s most promi­nent tech com­pa­nies have been wag­ing for a while now—posturing to be viewed as cham­pi­ons of con­sumer privacy.

Cook this week drew a ton of atten­tion to Apple’s resis­tance of a court order requir­ing the com­pa­ny to assist the FBI in decrypt­ing data on the iPhone of one of the shoot­ers in the late Decem­ber ter­ror­ist attack in San Bernardi­no, Calif.

Free resource: How to build cus­tomer loy­al­ty by keep­ing data secure

What we are see­ing unfold is the con­tin­u­a­tion of the mad scramble—led by Google, Microsoft, Yahoo and Facebook—to dis­tance the U.S. tech sec­tor from any­thing to do with U.S. gov­ern­ment sur­veil­lance. America’s top tech com­pa­nies have been in scram­ble mode ever since whis­tle-blow­er Edward Snow­den out­ed the NSA’s Prism sur­veil­lance pro­gram in the sum­mer of 2013.

Prism, you’ll recall, is the NSA’s covert oper­a­tion to sys­tem­at­i­cal­ly drink from the rivers of con­sumer behav­ioral data flow­ing through our dai­ly search queries, email, social media post­ings and gen­er­al Web surfing.

Relat­ed video: ‘Pri­va­cy by design’ restores con­trol to consumers

The tech giants are all hus­tling to swell prof­its derived from this activ­i­ty. And any hint that their vora­cious col­lec­tion of con­sumer pref­er­ences and behav­ioral data for com­mer­cial pur­pos­es can be lever­aged by Big Broth­er could erode con­sumer trust in the Inter­net of Things.

Cook, inter­est­ing­ly, does lit­tle to cham­pi­on the core prin­ci­ple, name­ly that the FBI has no busi­ness ask­ing for an iPhone decryp­tion tool, no mat­ter what the mit­i­gat­ing circumstances.

Instead, Cook is mak­ing the nuanced argu­ment that Apple’s engi­neers are, in effect, inca­pable of exe­cut­ing the type of decryp­tion the FBI has request­ed. Doing so could cre­ate the “mas­ter key” to a “back­door” the feds could use to decrypt anyone’s iPhone, secu­ri­ty experts warn.

Nuanced or not, Cook’s maneu­ver attract­ed glob­al news cov­er­age this week—and earned Steve Jobs’ suc­ces­sor a gold star from con­sumer and pri­va­cy advo­cate groups. But Cook’s move has wider impli­ca­tions. Third­Cer­tain­ty gath­ered these reac­tions from the cyber­se­cu­ri­ty community.

Brad Tay­lor, chief exec­u­tive offi­cer, Proficio

Taylor
Tay­lor

There shouldn’t be a back­door to encryp­tion that a man­u­fac­tur­er holds on to for any con­sumer or busi­ness prod­uct. Why would Apple want to have a back­door key in the first place? If Apple does have a ‘back­door’ key to unlock any data on an iPhone, it should not sim­ply turn it over to a fed­er­al judge.

This should be a case for the Supreme Court relat­ed to the Con­sti­tu­tion. Once peo­ple with bad inten­tions dis­cov­er that a ven­dor is main­tain­ing a back­door key, they will read­i­ly turn to prod­ucts avail­able via the Internet—outside of the U.S.—to secure­ly encrypt data and transmissions.

French Cald­well, chief evan­ge­list, MetricStream

Caldwell
Cald­well

The asser­tion that the FBI is demand­ing that Apple cre­ate a back­door is a stretch.  Until now when tech com­pa­nies have dis­cussed a back­door, they’ve referred to encryp­tion.  In this case, the gov­ern­ment is not ask­ing for a back­door to Apple’s encryp­tion, but rather is demand­ing Apple’s assis­tance in unlock­ing the screen of the phone of an alleged ter­ror­ist.  This demand for assis­tance is not the first of its kind, and Apple will have to comply.

How­ev­er, Apple has made it very dif­fi­cult to unlock the screen, and to do so requires cre­at­ing a unique ver­sion of its OS; thus, the one legal argu­ment that Apple has is the bur­den­some­ness of com­pli­ance with the court order. Apple has 5 busi­ness days to demon­strate why the order is too burdensome.

John Gunn, com­mu­ni­ca­tions vice pres­i­dent, VASCO Data Security

Gunn
Gunn

Many peo­ple have the mis­tak­en impres­sion that if Apple and oth­er mobile OS providers are forced to build-in back­doors, then sud­den­ly law enforce­ment offi­cials will have a mag­i­cal and last­ing back­door to all encrypt­ed information.

In real­i­ty, if back­doors are built-in, then two things will hap­pen: crim­i­nals will still keep their secrets using any one of the more 100 third-par­ty encryp­tion prod­ucts, and aver­age cit­i­zens will be left more vul­ner­a­ble to crim­i­nal and state-spon­sored hacking.

Csa­ba Krasz­nay, prod­uct man­ag­er, Balabit

Krasznay
Krasz­nay

Apple is proud of its prod­uct secu­ri­ty. They already have sev­er­al secu­ri­ty cer­ti­fi­ca­tions. If Apple pro­vides some tricks to cir­cum­vent its secu­ri­ty func­tion­al­i­ty, they have to doc­u­ment it pub­licly, or risk these certifications.

On one hand, the U.S. gov­ern­ment requires high­ly secure devices. Yet on the oth­er hand, law enforce­ment requires bypass-able devices. But law enforce­ment agen­cies have sev­er­al ways to col­lect evi­dence and infor­ma­tion, and decryp­tion of mobile devices is mere­ly one option.

Although a mas­ter key would facil­i­tate law enforcement’s work, there are oth­er solu­tions. In the best inter­ests of all users, includ­ing the U.S. gov­ern­ment, built-in secu­ri­ty shouldn’t be touched.

 Jeff Hill, chan­nel mar­ket­ing man­ag­er, STEALTHbits

Hill
Hill

Despite the very real con­cerns about pri­va­cy and poten­tial abuse, the time is quick­ly approach­ing when it may make sense for the tech com­mu­ni­ty to launch a col­lab­o­ra­tion with the gov­ern­ment. There is a long his­to­ry of judi­cial prece­dent that favors the gov­ern­ment over indi­vid­ual rights in the con­text of nation­al security.

With the San Bernardi­no and Paris attacks fresh in the minds of the pub­lic, it behooves those in tech­nol­o­gy to at least attempt, in good faith, to find com­mon ground with authorities.

There should be some recog­ni­tion of the legit­i­mate con­cerns of the cit­i­zen­ry and those in law enforce­ment. His­tor­i­cal­ly, the court sys­tem has been will­ing to val­ue safe­ty over pri­va­cy when the nation is con­fronting aggres­sive enemies.

More on pri­va­cy and data security:
Fed­er­al data breach law should be approached with caution
How strong is the EU-U.S. Pri­va­cy Shield?
Com­pa­nies must not for­feit pri­va­cy in march of technology

 


Posted in Data Privacy, Data Security, Featured Story