Everyone has an opinion about whether or not Tim Cook, CEO of Apple, Inc., should cave to the demands of the federal government to decrypt the iPhone belonging to the San Bernadino shooter. No one likes the idea of terrorists living next door. We would all like to know what deep secrets and clues are on that personal mobile device. But…
The bigger picture – beyond the fact that it would ultimately undermine everything we love about our Apple products – is where the responsibility lies for the mobile device and its use. The iPhone in question belongs to the county. It’s an employer-owned phone.
If I were to break out my crystal ball about this matter, I’d say employers, be prepared for more scrutiny from your regulators, particularly if the matter goes to Congressional Hearing, as it looks to be. Think about how, for instance, our own financial infrastructure is designated by Homeland Security as a “vitally critical part of US infrastructure” – much like utilities.
Should mobile devices, particularly employer-owned mobile devices, be swept into such an expanded definition, guess what? Employers will be looking at one more regulation that will direct what needs to be done if you allow mobile device use in the workplace.
Personally, I love my iPhone and iPad. I was an early adopter. As a privacy and security wonk, I derive great satisfaction from the stonewall that Apple provides as a matter of course in all their products. So I’m not interested in having the integrity of that system compromised. I don’t like the idea of “GovtOS” that can crack my phone. You probably don’t either. And I knew people who never came home on September 11th, so yes, I do think combatting terrorism is serious work.
Big companies’ IT infrastructure, with every bell and whistle, encryption and firewall imaginable, come under attack every day. Part of what we try to do is make hackers really have to work at it by putting barriers in place, and by being careful with our information. Let this genie out of the bottle and who knows what might follow.
Julia Huddleston is a Certified Information Privacy Manager as well as a Certified Information Privacy Professional, and works with Apgar & Associates clients on compliance assessments, security risk analysis and policy and procedure review and implementation. She also oversees and directs Apgar & Associates’ day-to-day business functions, including finance, operations and marketing.