Security Pros Offer Opinions, Solutions for FBI vs. Apple
Here are their perspectives. It's important to note that all these thoughts are personal opinions that do not necessarily reflect the opinions and policies of their companies. Jeremiah Grossman, founder, WhiteHat Security: A1: Yes, we stand with Apple. And Twitter. And Microsoft. And Facebook. And Mozilla. And Box. Because the security and privacy rights of the people must never be given up, otherwise what exactly are we defending? A2: I'd imagine what Apple—and with what the rest of Silicon Valley is doing right now—is [re]-designing their products and services to make it mathematically impossible to comply with a similar government order that'll eventually come. To counter, it's likely government is drafting up new legislation that will require backdoor access into technology products. Who exactly is eventually going to win that fight will be hard to predict.Gunter Ollmann, chief security officer, Vectra Networks: A1: (I stand behind) Apple, given they have chosen to tie this request to the bigger political debate over weakening encryption standards—and the repercussions, should they lose—could be extensive to the entire security industry. If Apple loses this appeal over the FBI request for exploiting a vulnerability—which is now positioned as a backdoor—then a precedent may become set in the entire backdoor debate. A2: The debate is actually largely moot. If vendors were required to install backdoors or include recoverable keys in the encryption they use, there are a near-endless number of applications and software additions that can be installed by the user to ensure that those backdoors are irrelevant. A3: I believe so. However, Apple likely fears that by complying with this request—to create a custom patch for a vulnerable phone—it will open the door to subsequent law enforcement requests to provide support in investigations of similarly vulnerable [old] iPhones. This would appear not to scale well and could be financially demanding. Jeff Schilling, CSO, Armor: A1: I stand behind the FBI's position. A court has decided that the evidence on the phone is critical to an open investigation and has ordered Apple to comply. To be clear, the court order is to provide a vector to open this one phone, not create a backdoor to use on all Apple phones without the consent of the owners of all iPhones. I believe Apple is trying to confuse the public and pivot this into a privacy issue. I support Apple's right to appeal, but if the court decides they should comply, I would expect them to comply. A2: Conditions could be set such that the "work around" that Apple creates to allow the FBI to crack this phone is not shared with the government. While Director [James] Comey has advocated for tech companies to provide law enforcement a backdoor into their devices, he is not getting that cooperation. This leaves the FBI in the situation they are in now; they must go to court to get an order to compel the tech companies to give them access as their investigations and warrants require. In this situation, the FBI just wants the evidence on this one phone. A3: Yes, according to open-source reports, the FBI just wants to have Apple alter the software on the phone to set the conditions so that the FBI can brute-force the password.
A3: I had the same question, but the answer to that remains unclear.