Security Experts Differ on Apple versus FBI

Sue Marquette Poremba
Slide Show

5 Security Challenges Facing State and Local Governments in 2016

By now I’m sure you’ve heard about the FBI’s battle with Apple. In a nutshell, the government is asking Apple to create software that will allow law enforcement to crack the encryption on the phone of the San Bernardino shooter. As eWeek stated:

Unfortunately, the claims and counter-claims surrounding the order are shaping up as an all-or-nothing battle in which the government seems to be asking for the keys to Apple's kingdom, while Apple is refusing to give an inch, a position that seems certain to result in a protracted legal battle.

It’s going to be interesting to see how this plays out. It’s a question of where the intersection of personal security and national security is, and I tend to agree with those who have said that this issue will eventually land at the Supreme Court.


I noticed that many within the tech community are standing in support of Apple, but I wondered what the security stance is on this issue. Based on the comments that have been flooding my inbox, security experts are mixed. For instance, Michael Harris, CMO with Guidance Software, told me via email:

We support Apple CEO Tim Cook’s position to oppose the FBI order demanding that Apple create a backdoor for iPhones in order to assist with the investigation of the San Bernardino shooter case. We fully support the need for the FBI and other law enforcement agencies to discover digital evidence in criminal investigations, but we believe this problem should be solved by and between the agency of investigation and forensic security experts.

On the other hand, Veracode’s VP of Research Chris Eng thinks the FBI’s request is reasonable, stating:

The issue here is not one of creating a backdoor; nor is the FBI asking for Apple to decrypt the data on the phone. They’re asking for a software update (which could be designed to work only on that one particular phone) which would then allow the FBI to attempt to crack the passcode and decrypt the data. Such a solution would be useless if applied to any other phone.

Eve Maler, VP Innovation & Emerging Technology with ForgeRock, told me in an email comment that while the request was reasonable since Farook was clearly guilty, Apple has a business model to uphold and a backdoor iOS is beyond the pale.

While I personally agree with Harris when he said that as long as the use of encryption technology is a legal way of protecting user data privacy, the burden of cracking encryption codes should fall on the shoulders of forensic security experts, I think national security also sometimes trumps personal security. I know a lot of people have said that an iOS backdoor will create a slippery slope by giving hackers a new entry point. I say that hackers are already getting access to our phones and devices anyway, and Apple hasn’t exactly stepped up in other areas of security in the past. My own opinion leans more in the way of the comment Lance James, chief scientist at Flashpoint, shared with me in an email:

Forensically speaking and legally speaking, the Judge asked for reasonable assistance on unlocking this specific phone. Even if that requires them to modify the firmware with a key they have they don’t have to give that software to the FBI.

All companies have a way to modify their own devices and software - it’s like car companies having spare keys for individual cars… they exist. They don’t have to provide a back door to the FBI - they can provide a subkey, individual key, or Apple can take the device and unlock it and give them the data they requested.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba



Add Comment      Leave a comment on this blog post
Feb 22, 2016 1:27 PM JLatham JLatham  says:
It may be that Benjamin Franklin was spot on in this case with the often quoted "those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety" As you noted - they are clearly guilty, and the FBI's investigation to date has led no further than to the 3rd party that obtained the firearms illegally for them. I think the FBI has picked the wrong battle to fight - there's probably absolutely nothing unknown on that phone. And to risk of not only turning loose a 'back door' through some leak at either Apple or the FBI potentially exposing every iPhone owner to illegal or quasi-legal snooping/hacking is not warranted in this case. Let the FBI decompile the code and figure out where to inject the JMP to bypass the security lockout and go on their merry way. Reply
Feb 22, 2016 3:46 PM ArtK ArtK  says:
Do Eng and Maler live in polyanna worlds? I think so. To believe that a one-off wouldn't be cracked or extended to all devices or that a company confidential "subkey" mechanism wouldn't be usurped by another court order makes me wonder how they got to be executives! They seem to have no grasp on the lesson of Pandora's box. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.