Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How FBI vs. Apple could cripple corporate and government security

Rich Mogull | March 22, 2016
The implications go way beyond whether law enforcement can unlock an alleged criminal's phone.

As the rhetoric and legal wranglings of the FBI and Department of Justice fight against Apple’s encryption continue to escalate, it’s only natural that much of the debate centers on personal privacy and the symbiotic role our phones now play in our lives.. Even President Obama himself, siding with the FBI at the South by Southwest conference, stated, “You can’t take an absolutist stance on this. It’s fetishizing our phones above every other value, and that can’t be the right answer.”

As the discussion focuses on privacy and crime, what is mostly lost is an analysis of the potential business and government implications—not merely the impact to Apple, technology vendors, and law enforcement agencies, but the effects to the wider business community and daily operation of thousands of agencies at all levels of government. Taken from that point of view, the President’s statement could become, “… it’s fetishizing the investigation of a limited set of highly serious crimes above every other value.”

Day to day I work as an IT security industry analyst. Formerly a research vice president at Gartner, where I was the lead analyst for datacenter encryption, I now run my own firm. For the past 15 years, I have advised some of the largest companies and government agencies in the world on using encryption systems. I’ve written multiple research papers, and I continue to work with most of the major encryption technology vendors.

Knowing how encryption is used throughout the business world, it is clear that one of our most fundamental security tools is at the center of a civil rights debate, and the slightest misstep could set back corporate and government security by decades.

Encryption is technology’s backbone, and we break it all the time

Encryption is ubiquitous in the digital world. We use it for every credit card transaction, every time we unlock a car with a key fob, every time we log into nearly anything with a password, visit a secure website, connect to a wireless network, update software, or do pretty much anything with a bank. Society relies on encryption for far more than merely protecting our phones and online chats.

Encryption is merely math, not sorcery. It is a heavily studied field of math with an extensive body of work in the public domain. The U.S. government once restricted the export of strong encryption products, forcing companies to use weaker versions overseas and support the weaker encryption here at home since the Internet doesn’t respect national boundaries. It’s a decision we still pay the price for daily, as earlier this year researchers discovered yet another vulnerability in about a third of the Internet directly due to this deliberate weakening back in the 1990s.

 

1  2  3  4  5  6  Next Page 

Sign up for CIO Asia eNewsletters.