This time last year the FBI and Apple were spoiling for a fight in what promised to be an epic battle between privacy and government overreach. No sooner had the two suited up and laced their gloves, than the battle fizzled out after the FBI used a third party to crack the iPhone 5C used by San Bernardino shooter Syed Rizwan Farook that was at the heart of the controversy.Soon after, another high-profile case involving access to an iPhone – as part of a drug investigation in Brooklyn – came to a screeching halt when authorities got the password for that phone from an outside party.
Despite those positive turns of event, Apple – and other tech companies – couldn't take off on their victory lap. Though it was eclipsed by the tumult of the presidential election – Hillary Clinton's use of a private email server, the swell of allegations that Russia interfered in a sacrosanct democratic process, and a furiously tweeting president-elect sucked up much of the air in the room – the debate at the center of the Apple-FBI dust-up is still brewing.
“The FBI found a way to crack iPhone without Apple's help,” explains Trevor Hughes, president and CEO of the International Association Privacy Professionals (IAPP). “So we never got a legal judgment.”
What the industry did get, though, was a hint at policy to come. “An enormous amount of consensus emerged that a backdoor in an encrypted system is not good, it creates a key” for access, says Hughes. “Any backdoor creates a security risk.” The public, activists and some lawmakers rightly assessed that leaving a way in for even the most upright of democracies would open it up to national and intelligence initiatives of more nefarious governments and organizations.
Apple CEO Tim Cook was overwhelmed with the initial response from a wide swath of the public. “Over the past week I've received messages from thousands of people in all 50 states, and the overwhelming majority are writing to voice their strong support,” he wrote at the time in a letter explaining why Apple wouldn't cave to the court order mandating it heed the government's request for help in the San Bernardino case. “One email was from a 13-year-old app developer who thanked us for standing up for ‘all future generations.' And a 30-year Army veteran told me, ‘Like my freedom, I will always consider my privacy as a treasure.'”
Indeed, a Thycotic survey of 250 Black Hat Las Vegas attendees shows similar support for the Cupertino, Calif.-based company's position. Nearly half, or 45 percent, think the U.S. government has been hacking and spying on citizens' personal data for a very long time, but only now has come to light. And four out of five respondents believed Apple was in the right.
Cook, personally, has drawn praise for standing strong. “Tim is unwavering in his support of an individual's right to privacy,” Rep. John Lewis (D-Ga.) wrote of Cook last year in Time's 100 Influential People. That's high praise indeed, from the noted civil rights leader who as a young man marched with Martin Luther King Jr. over the famed Pettis Bridge in Selma, Ala.
Tech companies and their leaders that don't show similar backbone might find potential customers hesitant to purchase their products, a panel at SC Congress in Atlanta agreed last spring.
“If I know a company has willingly built back doors into their products, from a purchasing perspective, it's a factor I take into consideration,” said Kevin Morrison, head of information security for Jones Day, even if those backdoors are there for maintenance purposes.
That kind of thinking likely shored the Cupertino, Calif.-based company's resolve in taking on the government. Self-described “Apple geek” Gary Phillips, CISO of the Enterprise Infrastructure Services (EIS) division of Time Warner, speaking on the same panel, said he wouldn't “attribute to Apple any high-minded ideas. I think they protected their market.”
The Apple case also sparked an uptick in the interest and use of encryption by both vendors and users.