Quick Takes on the FBI & Apple Case for Data RetrievalMarch 1st, 2016
Numerous updates and articles have been written on the recent data “standoff” between Apple and the FBI. (Catch up with this Fortune run down of events.)
The question at hand: is it ethically or legally acceptable for Apple to unlock a privately owned iPhone and allow the FBI to use the data storage for a federal investigation into a terrorist attack?
We asked around the Center for some different perspectives on the issue.
Alva H. Taylor | Faculty Director
Associate Professor of Business Administration
Innovation in this digital world: Apple-Fed shows that it’s a game the government cannot win
What does it say about technological advance and innovation when the Federal Government cannot gain access to the data on a mobile phone with off-the-shelf software? The key insight isn’t why Apple is resisting the government; but why the government is resisting what Apple represents – innovation at an inimitable pace. While many are painting this as an unusual case, think about this for a moment – the government’s most sensitive data such as that housed at the IRS, CIA, and the White House has been breached. In some cases the breaches have been laughingly easy. The truth is that there is no way government agencies can progress its technology at the speed of private industry, and private criminals.
One reason is focus and flexibility. While the federal government spent over $10 Billion in 2013 to protect its data, which is only 30 cents per $100 dollars spent compared to almost $10 spent by private industry on R&D. (See chart below.) Flexibility issues are even worse. Think about the difference between walking down the hallway of a tech company to spur a development team to add a new feature, to the government marshaling approval, funding, and legislative go ahead to do anything differently – just think of the current track record of getting any debatable bill passed. Also, there is a long history of adding pork to a bill – getting approval of a bill publically about one issue while hiding multiple other approvals and subsidies without clear public knowledge. What pork could be hidden under such security requests?
In the light of Justice Scalia’s passing, the discussion of originists thinking around the constitution pales when faced with this onslaught of change that the United States founders could never have anticipated. Would anything they could have imagined have led them to consider whether government should have the leeway to demand a company to design and build in access by an outside party? Some have likened this to the insistence in the automobile industry for seat belts, air bags, or the upcoming requirements for rear view cameras. The important differences are (1) the safety requirements were already available options; and most critically (2) the requirements were not regarding providing government access that could be misused inappropriately or discriminatorily. Does the federal government next require Amazon to allow the Echo to act as a wiretapping device (already doable), or even prohibit companies from developing certain features e.g. photos that disappear or anonymous IP addresses (each already easily available)?
The clear upshot of all this is that the government has to find a way to work with private companies as partners and not as adversaries, because there are two undeniable truths. Government legislation cannot keep pace with private innovation; and there is no way that government should be controlling the innovation efforts of technology firms.
Hans Brechbühl | Executive Director
Adjunct Associate Professor of Business Administration
Effects on a Brand’s Reputation
The FBI request to Apple, and subsequent court order, pose a threat not just to Apple’s consumer business, but also to the inroads Apple adoption has made in the enterprise and its apparent desire to continue to build there.
Apple has come a long way in enterprise use in the last five plus years. While the introduction of the iPhone in corporate life was originally driven by the individual/consumer appeal of its trademark style and ease of use, and was often resisted by the “officialdom” of corporate IT, as acceptance of BYOD grew and corporations began developing their own apps for their customers and employees alike, in many ways Apple became the preferred enterprise mobile platform, in large part because it was seen as much securer than any Android. The Apple OS was much less vulnerable to viruses, was more tightly controlled, and more rigorously tested. (I still remember doing a project on mobile for a large global corporation, and having the CISO of another large global enterprise describe the security environment of Android as a “cesspool”!) Since Apple also had the first real tablet hit in the iPad, many corporations adopted it as the platform for all kinds of uses in sales (Eaton), operations (SBB, the Swiss national railway company), construction site engineering and management (Bechtel), customer service (banks), etc.
If Apple is forced to build a backdoor as the FBI is demanding, Apple’s stake in the enterprise market is at least in question, if not in jeopardy. While the idea of “big brother” or “bad” brother (organized crime, terrorist groups, etc.), is concerning enough for individuals, the specter of corporate espionage becoming much easier would be real too, and the trust Apple has won in the enterprise would be called into question.
Patrick Wheeler | Program Manager
The Political/Policy Implications & NSA Intentions
The FBI-Apple dispute over access to the iPhone used by the San Bernardino, California mass shooters last November has further exposed the growing distrust of government intelligence agencies by Silicon Valley that started in 2013 when Edward Snowden first exposed details of NSA mass surveillance initiatives. A direct response to the Snowden revelations (and the vulnerabilities the NSA had exploited to conduct surveillance) was that Apple, Google and others deployed end-to-end encryption to secure their devices and software. Despite the linkage between the NSA programs leading to the current FBI case, the differences between the two situations couldn’t be more different.
The intention of the NSA programs was to prevent a future terror attack. Agree or disagree with the legality and ethics of the programs, the NSA used existing weaknesses and vulnerabilities to conduct its surveillance. The FBI is demanding that Apple create a backdoor into its own software, thereby introducing new vulnerabilities into its products. That’s a difficult concept to get your head around if you’re someone who values security.
In an interesting twist, former NSA and CIA chief Gen. Michael Hayden (Ret.) explained that Apple is correct that end-to-end encryption makes us safer. During an interview with Bill Maher over the weekend Hayden stated, “There’s virtue on both sides, but on the big question, I actually slide toward Apple.” Hayden went on the explain that creating backdoors into end-to-end encryption weakens it and leads to vulnerabilities that will be exploited.
While the FBI appears to have the best of intentions in the San Bernardino case, the long-term security impacts of its demands are dangerous and unprecedented.
Admir Trnjanin | Visiting Fellow
The European Backlash – Trust Issues
First off, a quote: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” Benjamin Franklin, 1755
From my European perspective, the threat to data security and with that the security of our personal information could not be more relevant. On February 29, 2016, the European Commission issued the legal texts that will put in place the EU-U.S. Privacy Shield, restoring trust in transatlantic data flows through strong safeguards. The European public trust toward the United States remains shaky, following the disclosure via Edward Snowden that the National Security Agency (NSA) engaged in large-scale data collection involving EU citizens. The EU-U.S. Privacy Shield is a renewed sound framework for commercial data exchange across the Atlantic and applies to all companies providing services on the EU market, ensuring high data protection standards for law enforcement purposes.
Andrus Ansip, Vice President for the Digital Single Market on the European Commission, said: “Now we start turning the EU-U.S. Privacy Shield into reality. Both sides of the Atlantic work to ensure that the personal data of citizens will be fully protected and that we are fit for the opportunities of the digital age. Businesses are the ones that will implement the framework; we are now in contact on a daily basis to ensure the preparation is done in the best possible way. We will continue our efforts, within the EU and on the global stage, to strengthen confidence in the online world. Trust is a must, it is what will drive our digital future.”
This all connects back to the Apple & FBI saga. If the FBI is able to coerce Apple into opening encrypted smartphones, that trust—and maybe even Privacy Shield—could topple quickly. It will have a side effect in intensifying the Europeans’ anger when it comes to the United States, which could lead to disastrous consequences for both the American government and businesses.
Have your own perspective to share? Comment here or post on our Twitter or Facebook.
Learn more about the Core Team at the Center for Digital Strategies
Check out our upcoming executive education program: Business Engagement and the Information Security Professional (BESP)