There have been countless articles published over the past two days addressing the open letter Apple CEO Tim Cook wrote. The US government requested that Apple unlock the phone belonging to Syed Farook who along with his wife Tashfeen Malik, shot and killed 14 people in San Bernardino, California back in December. The FBI wants access to this phone to investigate suspected connections between Farook and his wife, and Islamic terrorists. The problem is the FBI cannot get information out of Farook’s iPhone 5C without the passcode because after ten wrong guesses the entire phone will be wiped, customary to Apple’s iOS security measures. The data on the phone itself is also encrypted and cannot be decrypted without Farook’s access code.
The FBI has taken Apple to court over this matter in order to force them to build a custom iOS that can be loaded onto the phone via a USB cable and allow the FBI to hack the passcode and recover the information without the risk of the data being compromised. Tim Cook came out publicly yesterday and explained that Apple will not be doing what they were ordered to do in a stand to protect their customer’s privacy.
So why is this a big deal?
After pouring over articles, blog posts and tweets from both reliable and not-so-reliable sources, the one thing they all have in common is that people are scared; people are scared that the phone has information the FBI needs and want Apple give it up. People are also scared that if Apple does decrypt the phone that this will be the beginning of the end of privacy for smartphones to the point where back doors will be standard on every device.
People are also confused; this issue has been framed as a massive and public case of national security vs personal privacy between the two biggest proprietors of each. However, this can also be seen as national security vs national security and that’s where a lot of this confusion comes from. The FBI essentially wants Apple to create a breaching update to directly go against their own platform to decrypt this phone. This is not unreasonable, but what has everyone up in arms is the notion that the FBI could make this request of Apple how ever many times they like if they prove that they are willing to do it just this once.
This data is not in the possession of Apple which makes all the difference as to why they are not complying with the law this time. In the past they have cooperated when the data in question is in their possession.
Apple has no control over the hardware for Farook’s device so this updated OS would have to work for every phone (or at least every iPhone 5C) meaning that it could be used any number of times. If this update is requested time and time again to crack into phones the FBI deems threatening, it would make sense to just turn that code over to the FBI and cut Apple out completely, losing iPhone user’s control over their privacy. This tool is weakening the cyber-security that has been constantly improved on since 2007 and opening up users for more attacks and more risks.
This is a new frontier of lawmaking and while this specific case seems like a no brainier for cracking the phone, it opens the door for years and years of dispute over an issue that has been brewing under the surface for some time now. The big picture here is truly more than that; it’s an entire museum of rights violations, protests and anti-terror measures that’s about to blow up.
What makes this circumstance even more monumental is other tech-giants are weighing in on the matter because this isn’t just about Apple vs the FBI; it’s about smartphone users having their rights to privacy and unintentionally opening themselves up for attack.
Whistle-blower Edward Snowden, cross-platform messenger WhatsApp and even Apple’s biggest rival, Google have all declared their support for Apple’s stance against decrypting the device. Google CEO Sundar Pichai called Cook’s letter important and said:
“We know that law enforcement and intelligence agencies face significant challenges in protecting the public against crime and terrorism. We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders. But that’s wholly different than requiring companies to enable hacking of customer devices & data. Could be a troubling precedent.”
What about the enterprise?
This issue transcends our normal hangups about having the right EMM solution that’s secure and will keep hackers out. BYOD is a way of corporate life and if Apple were to do this update, every single EMM solution would have to completely recalibrate to accommodate the new potential threat. All device level security would now be at risk because EMM vendors use iOS built-in encryption to build their solutions and with this new back door wide open, that all changes.
This controversy is not only taxing on your business but also your employees. Phone security has been a huge topic of discussion since BlackBerry ruled the enterprise and the past year has seen story after story of privacy contention filter in and out of the news. People just don’t trust their service providers anymore and when things as massive as this come around, often their concern can be directed at the institution who has control over their device and that’s you. Even though you do not have any say or control over this issue, there are people who don’t know exactly what’s happening and assume that you do.
It’s important to let your employees know that you are aware of these kinds of issues even if they don’t seem to directly affect you. Be aware that people talk and people scare each other into thinking they can do something to protect themselves if they don’t hear from you.
There are plenty of people who consider themselves “mobile experts” because they’ve owned a smartphone for a few years. These are the people that are going to encourage other employees to download additional apps that you don’t approve of for some extra security or suggest that users go out and buy an Android device and use that for work instead of the iPhone IT set up with all the necessary security settings.
This fear mongering is a very real and often overlooked reality of enterprise mobile; employees have much more control over their mobile devices than they ever had over any other corporate technology. This is personal for most and a simple acknowledgement and explanation of the news, followed by a promise to keep them updated if things are to change can go a long way, especially if there are people in your institution who may not know what to do.