Innovative Security Solutions

Protecting Digital Frontiers

Security Bytes - APR 2016 - Privacy vs. Need to Know

This month I wish to address the controversial topic of Privacy vs. The Need to Know. If you have been watching the news lately, I am sure that you are well aware of the issues involved with out Government wanting Apple to decrypt the mobile device used by a gunman in San Bernadino. While on the surface it seems like a simple case, however what our Govt. was asking Apple to do is to write a piece of software that is capable of weakening the security of ANY “iDevice” to the point that Govt. agencies would be able to decrypt ANY device without having to make specific court orders to Apple to assist in the decryption of those devices. Apple IS in fact able to assist with decrypting a since device, however the case was geared to force apple to give away access to potentially ALL devices in one fell swoop.

 

Many people I talk to simply say that Apple should assist and that “they” have nothing to hide on their devices. However, when I get into details of what they do on their phones, people quickly change their opinion. Just think about all the things you do on a mobile smart device today, Pictures, text messages, Facebook, twitter, possibly banking software, etc. Suddenly people start to realize why should some “unknown” individuals or Govt. be able to look at everything you do in detail every day without a warrant?

 

If I were personally asked by the Govt. for access to my mobile device for a specific reason, I would grant that, however I am totally against unwarranted snooping of any of my private data. Edward Snowden disclosed a great deal of potentially harmful information that created waves of concern within our Govt. agencies, however the one positive thing done by his disclosure is that we should all go through or daily lives online under the assumption that ALL data leaving our devices is under the scrutiny of someone. This was also confirmed by the fact that some personal data from people under investigation was passed around Govt. offices without consent or need just to get a “Laugh.”

 

My stance on privacy is simple!  Our Government is based on freedom of speech and press as well as the right to privacy. There is a fine balance that needs to be kept where if the need arises Govt. agencies can request from a vendor that a specific device be decrypted, while keeping the privacy of others intact. There is legislation being formulated currently to meet this need, and hopefully it will be crafted correctly to keep the fine balance in place. We live in a dynamic environment that always presents new challenges to overcome and this is one that needs time and proper scrutiny to resolve properly.

 

 

 

-Paul Mavrovic, CISSP