N/A

Security vs. Privacy
FBI vs. Apple

As many of you know, the FBI has asked Apple to help unlock a cellphone that belonged to the San Bernardino shooter. The phone may have clues useful to the FBI. Apple, which has cooperated with the FBI in the past, refused this request. Apple claims that creating a backdoor will destroy security that millions of users depend upon.

Some news media frame this as a balance between Security and Privacy. Beyond privacy, we see this as a battle of Secure vs. Not Secure.

In our IT security practice, we review, identify and remediate security risks and exposures. We routinely find backdoors that someone created deliberately or left open through ignorance. An open backdoor is a security risk – even if created with good intentions.

Every day, businesses make conscious judgements balancing security vs. convenience. With the FBI vs. Apple dispute, now the US courts will consider competing objectives.

We certainly support law enforcement and want them to have the tools they need. However, the cost may be too high if the backdoor the FBI demands to solve one crime helps crooks, thieves, terrorists and spies in their next crimes.

From a technical perspective, we have never a seen a backdoor that only ‘the good guys’ can enter.

If the FBI is successful in forcing Apple to weaken security, there is no mechanism to ensure that only ‘the good guys’ will have access.

Consider this

  1. If the US government is successful in demanding a backdoor, what is to stop Russian, Chinese, Iranian and other governments to demand the same from Apple and every other technology company?
  2. Maybe you are OK with US government agents tracking all of your communications and movements. Do you feel the same about foreign governments and stateless terrorists?
  3. Security today depends upon encryption and closing ‘backdoors’.
    Do we want to demand a backdoor that crooks, thieves, terrorist and spies can use to mess with our devices, infrastructure, financial transactions, home and business security systems, and every other aspect of modern life?
  4. A few years ago, the National Security Agency (NSA) wanted a back door to telecom equipment using the ‘clipper chip’. The NSA made arguments similar to what the FBI is saying today. However, history shows that because of the backdoors, nobody wanted to buy insecure equipment.
    http://www.computerworld.com/article/3038881/data-privacy/apple-the-fbi-and-the-ghost-of-the-clipper-chip.html
  5. Even the FBI admits that, if you create back door evil doers can and will find a way through the back door. http://www.businessinsider.com/fbi-director-james-comey-on-apple-engineers-being-kidnapped-2016-3

Bottom Line:

We support the FBI and law enforcement in their mission.

However, if the FBI is successful in forcing Apple to break security and create a backdoor, the ‘bad guys’ will exploit the new backdoors. Beyond privacy, creating a backdoor exposes all of us to greater security risks, including terrorist attacks.

Interesting Technical Footnote: The County owned the cell phone that the San Bernardino shooter used. The county also owned Mobile Device Management (MDM) Software that they never installed on this phone. Had the county installed the software on the phone, the FBI would have easy access to data on the phone.