The wrongness chamber: Getting it wrong on the iPhone case
Apple's concern for security is not making it seem less secure.
The one great thing about this battle Apple is having with the FBI is that all the commentary on it is well-informed and reasonable and hahahahahaha ow, ow, ow. The antlers, they hurt.
Writing for the Washington Post, Stewart Baker wonders aloud “Has Apple made iPhones illegal in the financial industry?” (Tip o’ the antlers to PocketSevens.)
Allow the Macalope to answer that question with another question:
Apple’s refusal to help the government unlock the San Bernardino shooter’s iPhone may have some surprising consequences.
One of them is the same as if pundits across the nation had been drinking lead for years. Which may actually be what happened anyway.
That’s because the iPhone in question is actually owned by the San Bernardino County Department of Public Health, which issued it to Syed Farook to use at work.
As a practical matter, Apple’s technical and legal position elevates Farook’s privacy over the interests of the iPhone’s real owner.
This is not about Farook’s privacy. This is about ours. Farook’s employer is completely entitled to the data on that iPhone. What they’re not entitled to is forcing Apple to create a means of unlocking all iPhones and opening the flood gates to multiple government requests as well as reducing security for law-abiding smartphone owners who hate terrorism very much, thank you for asking.
This may well be consistent with Apple’s corporate marketing strategy, which seems to be making the iPhone so sexy…
These grapes are particularly sour coming from The Washington Post which is, of course, owned by the man who made a smartphone he couldn’t even give away.
“Hey, how stupid are those smartphones, amirite? Nnnnyoi!” [tugs collar]
…that employees will simply demand that companies buy it for them.
Funny story, if you’re not in the executive office, corporate IT shops don’t really care what device you prefer. Also, different funny story, if you’re in a regulated industry, the company actually needs to dictate what systems you use anyway so they know they’re in compliance. Third hi-larious story, many of these companies already use iPhones because they’re so secure that even the FBI can’t get into them.
Here endeth the funny stories. Back to the clown car of an article.
Given Apple’s decision to privilege users’ privacy above all else, it may well be unlawful for banks and brokerages to let their employees use iPhones at work.
What in the actual physical realm known as Hades which totally exists apparently because it’s the only explanation for where an idea like this could have come from are you talking about? If anything this proves the exact opposite, that iPhones are so secure that even if someone physically has the phone, they can’t get into it without the passcode.
Since 2007, financial industry regulators have made clear that “FINRA expects a firm to have supervisory policies and procedures to monitor all electronic communications technology used by the firm and its associated persons to conduct the firm’s business.”
Sure. And businesses that fall under that regulation have systems to take care of this. It’s called mobile device management. If the terrorist’s employer and the owner of the phone, San Bernardino county, had been using MDM on the phone in question, we wouldn’t even be having this poorly balanced discussion.
Besides, companies are also under a fiduciary responsibility to make sure that they’re using systems that are secure. Smartphones with back doors like the kind the FBI wants Apple to build are inherently insecure.
There are probably ways to solve this problem technologically, if the employees cooperate.
No! Wrong! If the phone is owned by a regulated company, the company configures it before giving it to the employee. The employee doesn’t have to cooperate.
If anything the kind of security flaw the FBI is trying to get Apple to create would enable more shenanigans, possibly even enabling employees to easily circumvent MDM systems.
But what if an employee instead chats with customers using his iPhone and an off-the-shelf messaging app that features end-to-end encryption?
This wouldn’t happen if the company had their MDM system set up to restrict the installation of problematic apps that waste time and violate rules of responsible device usage like chat, Pac-Man 256 and the Washington Post app.
Then, I suspect, the only way to recover those messages is to get access to the iPhone itself, something Apple is trying its best to make impossible.
You have constructed an invalid scenario. Please go back to square one.