Learnings from Apple’s stance on data security

ID NotifyIn the wake of the San Bernardino tragedy, The Federal Bureau of Investigation (FBI) seized an iPhone that was used by one of the shooters. The FBI obtained a court order requesting Apple’s cooperation in cracking the phone’s passcode. This has generated an interesting debate surrounding encryption – for which the outcome may impact us all when it comes to security and privacy.

The FBI’s request requires a new, custom version of Apple’s iOS that will help unlock the phone, bypassing its existing security measures. The newest versions of the iPhone have a special security protection that cannot be manipulated by customizing the iOS, an iPhone 5c—and all prior models. If Apple were to move forward with creating the software, the FBI could bypass security measures to crack the passcode, erasing a key to decrypt data after 10 incorrect passcode guesses and remove the timed delay after incorrect password guesses.

In response, Apple has written an open letter opposing the court order, stating it’s a threat to data security for all of its users, not just for this phone in particular. The company equates the request with creating “a master key, capable of opening hundreds of millions of locks.” Once the information on how to bypass security controls is known, a hacker with that knowledge can combat encryption. This “backdoor” could be detrimental if it falls into the wrong hands.

There is a legal precedent for all of this: the All Writs Act of 1789, which allows courts established by Congress to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law,” so long as it’s not an “undue burden.”

Is asking Apple to essentially create malware that could harm its older devices an “undue burden”? Consider all of the ways you use technology, like paying bills online, shopping, and communicating with friends and family. Technology provides everyday conveniences, however with this comes inevitable risks. Thus, raising an interesting question: is this asking too much of Apple? One of their top priorities is ensuring their customers are treated fairly and their data is kept secure. On the surface, what the FBI is requesting makes sense–for Apple to help crack the phone of a terrorist. But, in terms of privacy, if this request is granted, it creates a precedent for similar situations in the future – requests that could have an impact on possibly any piece of technology.

This discussion is a reminder of the importance of cybersecurity awareness and why we should all be proactive in keeping our personal information secure. Even simple steps, like enabling two-factor authentication whenever possible, utilizing unique passwords for online accounts and monitoring personal information for potential fraudulent activity, will go a long way in keeping data secure. Consumers need to keep abreast of emerging cybersecurity threats, as poor cybersecurity practices in one situation can impact everyone. By arming themselves with awareness around the risks that are out there, consumers will be better prepared for unavoidable threats to come.

In the meantime, we’ll be keeping a close watch on developments around this news.