Apple-FBI Dispute Ends, But Solution Providers Say Encryption Debate Is Far From Over

The back and forth between Apple and the FBI over an encrypted iPhone came to an abrupt close Monday when the FBI filed court papers saying it had successfully hacked into the iPhone using a third-party vendor.

The FBI is now seeking to drop its case against Apple, which had argued that Apple needed to help it open the iPhone belonging to one of the shooters involved in the San Bernardino attacks. Apple CEO Tim Cook had refused to do, saying the process of creating what he called a "backdoor" would compromise device security for all users.

Solution providers, however, said questions still remain about device security and the extent of influence the government can have over a private sector vendor.

[Related: Apple-FBI Debate Center Stage At 2016 RSA Conference]

id
unit-1659132512259
type
Sponsored post

In the past few weeks, many solution providers and vendors have stood up in support of Apple, saying that opening the phone would create a dangerous precedent for backdoor access into the encryption technologies they use to protect their clients' data. Now that this latest chapter in the debate around encryption technologies has come to a close, Matt Johnson, CEO of Reisterstown, Md.-based Phalanx Secure, said the industry should remain on high alert to similar "power plays" by the government to surpass security technologies down the road.

"They are trying to open the great Pandora's box and give themselves more power to violate the privacy that many of us covet. Once they get this power, it never goes away. We should be wary of these acts by any of the federal agencies," Johnson said.

Michael Knight, president and chief technology officer at Greenville, S.C.-based Encore Technology Group, said he expects the debate over cybersecurity and the government's ability to monitor for national security risks is far from over.

"I think this is going to be the forever argument between what is the balance-counterbalance between having privacy, but also having enough oversight that if people are doing something you get an early trigger before it's too late," Knight said.

Apple's Cook said in a statement about the Monday filing that the company will "continue to help law enforcement" where appropriate and build better security protections into its products.

"Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk," Cook said in the statement. "This case raised issues, which deserve a national conversation about our civil liberties, and our collective security and privacy. Apple remains committed to participating in that discussion."

The FBI so far has refused to say which third-party vendor it used to open the phone, though industry reports have said it could be Cellebrite, an Israeli mobile forensics firm. The FBI has also not disclosed what method or vulnerability it used to hack into the iphone.

Encore Technology Group's Knight said the ability of the FBI to hack into an iPhone doesn't necessarily call into question the device's overall security, as it is almost inevitable in any platform or device. The key, he said, is making sure to stay on top of those vulnerabilities.

"Even if you are unbelievably meticulous, if it is man-made it can be man-broken," Knight said. "I think that’s the case for any type of product. … Eventually, even if you do a top-notch job, eventually something will be exploitable. That’s why you have to be vigilant in managing your code."

Knight said solution providers and companies should be "vigilant" about the platforms they have in their environments, where their data is and what applications have access to that data.

"When you look at backdoors as a whole from a security standpoint, it is a very big discussion about how secure is too secure, how private is too private and what technologies are we using today," Knight said.