This morning, I had the opportunity to appear on CNBC’s “Squawk Box” program to discuss the hot topic of whether Apple should comply with a court order to unlock an iPhone used by one of the shooters in the recent deadly attack in San Bernardino, Calif.
As you might expect, this is not a simple situation with an obvious conclusion. Click on the image below to watch the often contentious debate in which I took part.
Now, outside of the TV studio, I have the opportunity to share my thoughts on this matter more completely.
Phones are encrypted. This is a good thing. Virtually our entire lives are on our phones, including all of the information a thief would need to steal our identity. A phone is also an endpoint, an outside link to protected data in a business. In the wrong hands, a hacked smartphone can be catastrophic.
Apple has doubled down on security. No one – not even Apple – can access the information on your phone without a pass code. This is good for security. Encryption isn’t just about privacy, it is about defending systems.
The FBI is having a rough time because accessing a phone requires manually inputting the password. They don’t know the length of the password and anyone that has a 3-year-old knows that after too many attempts, the phone locks you out. With brute force, it would take up to 5.5 years to try every combination, assuming the password is four digits, not six.
The FBI is focused on the Syeed Farouk investigation and is looking for any and all leads that could help stop terrorist events. That’s also a good thing and Farouk’s phone could be a gold mine of information, emails, contacts, GPS coordinates, who he met with, where he was, and who his associates are.
Essentially, a phone is a shortcut for law enforcement.
But Apple (and the broader security world) also has a bone in this fight. Creating a back door, even if Apple had sole control of it, is an exploit and a compromise to security that can be stolen. Spies and trusted insiders such as Robert Hanssen and Edward Snowden have shown us that even the ultra secret can be stolen from the inside.
On a national level, we must promote more security, including encryption, not purposefully weaken our defense. For every Farouk investigation, there are millions of attacks on endpoints like cellphones that cause massive data breaches.