Apple vs. the FBI: There Are No WinnersBy Samuel Greengard | Posted 2016-03-15 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
It's unclear how the Apple versus FBI battle will play out. What is clear is that the legal system isn't equipped to deal with the challenges of the digital age.
Over the last few weeks, the debate over encryption and locked phones has reached a fevered pitch. Unless you've been trekking in the Himalayas, you know this. Yet, while the Apple versus FBI battle simmers in the courts, in Congress and in the court of public opinion, the nuances of the conflict are garnering growing attention.
A just released study of 198 security professionals conducted by Tripwire and RSA (conducted at the recent RSA Conference 2016), found that serious concerns exist that extend beyond the current news story. Overall, 53 percent of respondents said technology firms should comply with a warrant or subpoena from law enforcement. However, if the government forces tech companies to provide access to encrypted data, 88 percent believe it will reduce security and privacy.
Then there's this gem: Eighty-one percent of respondents indicated that it is either "very likely" or "certain" that cyber-criminals would abuse the government's capability to access encrypted data, if technology companies are required to provide it. In other words, things could get a whole lot worse once the genie is out of the bottle.
"Security professionals are very suspicious of any decision that redefines what's acceptable and what's not when it comes to security and privacy," notes Dwayne Melancon, CTO and vice president of research and development for Tripwire.
At this point, it's unclear how the Apple versus FBI battle will play out. But one thing is perfectly clear: The legal system is not equipped to deal with the complexities and challenges of the digital age. Our ability to invent and use technology far exceeds our ability to apply old laws and old ethics. In cases like this one, there are no winners.
What's more, solving one problem often creates an array of new problems. In this case, the FBI might gain some useful data about the San Bernardino, Calif., shooter and links to terrorists.
On the other hand, it's naive to think that the government won't at some point abuse its access to the master key. Even worse, if the key is stolen or leaked and cyber-thieves get their hands on it, things could resemble online Armageddon.
Security professionals are right to worry, and we should follow their lead. There are no easy answers or simple fixes for the problems of technology, security and the modern world. However, at this point, business and IT leaders must keep their eyes on the ball and keep personal data secure and private.