UPDATE: The FBI has since dropped the case against Apple because they found another way to unlock the device. This is a huge win for Apple and data security in general. Under no circumstances should government entities be forcing companies to create backdoors into hardware and software since it sets a dangerous precedent.
Just the other day, Apple released a letter to customers in protest to a court order essentially forcing Apple to give the FBI backdoor access an individual iPhone. Whether the FBI should or should not have access to the phone in question isn’t really up for debate. This case is about more than the protection of civil liberties related to the privacy of personal information.
Let’s focus on the implications it could have on businesses and the customer and employee data they need to protect. This fight could set a new precedent for US government access to private data, and could have a significant economic toll on US global business.
The US government's rogue stance on data privacy complicates compliance for US businesses trying to abide by global data privacy laws including the recent EU-US Privacy Shield agreement and GDPR in the EU.
Undermining Data Security Defeats the Purpose of Data Encryption
The issue stems from allowing government agencies the ability to bypass security features within a device, software or service. This explicitly defeats the purpose of data security and the use of encryption. If there is a known backdoor to access any device or service, that means anyone can potentially gain access to it. And make no mistake, if the government can do it, it's only a matter of time before hackers have the means to do it too.
If you work in IT, how will that make you sleep at night knowing that most of your users have devices that can be accessed by unauthorized individuals?
US businesses with European customers are on the hook to make sure that their data is protected according to the new EU-US Privacy Shield agreement. The US government's stance creates a catch-22 for any company serious about data security.
In addition, how would a company meet HIPAA or PCI compliance if the devices or services they use can knowingly be hacked?
Growing Debate Around Encryption
Of course the Apple vs. FBI doesn’t directly affect encryption standards, or at least not yet. But it is another cog in the wheel of growing trend of US government entities trying to undermine data security standards, regardless of motives. It hurts more than it protects.
Also keep in mind that a few weeks ago the director of the NSA announced that the best way to protect data is to use end-to-end encryption, and that the NSA supports it. The NSA's stance is in direct contrast to what the FBI wants. However, this could only be due to the NSA’s ability to already crack current encryption standards. But when two government agencies are in obvious conflict over an issue, you know the issue runs deep.
The Future of Encrypted Data
It’s hard to tell what data security will mean in the next year. Will encryption standards be rewritten to allow access by the US government? Will the EU use this as further proof that their citizens’ data is not safe in the of US?
IT teams need pay attention to the outcomes of the many debates happening now around data privacy and information security. It will most likely end with businesses scrambling to comply with new standards of what it means to protect data in transit and at rest.