In Apple vs. the FBI, technology wins
By Bob Muglia as written on techcrunch.com
Government policy and technology usually coexist in harmony. But occasionally, they get into a brawl. When this happens, policy may win a battle or two, but, ultimately, technology always wins. It simply isn’t a fair fight. Technology moves too fast for policy to keep up.
Take for example the infamous Microsoft versus the Department of Justice antitrust case. As one of the 12 Microsoft executives who was skewered on the witness stand by David Boies, I lived through this nightmare firsthand. The DOJ unambiguously won the legal battle. But policy didn’t win the war. While the DOJ certainly weakened Microsoft, what happened instead is technology, in particular the iPhone, broke the monopoly and now Microsoft is hopelessly behind in mobile computing.
Which brings us to the current war raging between technology and government policy. Apple has used encryption technology to protect user data on the iPhone. But they left a crack in the armor, and the FBI wants to create policy to jump through that tiny crack and read what is on Syed Farook’s phone.
What this tells us is that encryption works. If the FBI or NSA could break strong encryption, then they would remove the memory chips from Farook’s iPhone, copy the data and run it through a cloud of government computers to read the files. But they can’t. Encryption works.
So instead, the FBI has used the All Writs Act law from 1789 to convince a federal judge to force Apple to write a special version of iOS to unlock the iPhone of a bad guy in 2016. If that sounds unlikely, well, it just might work.
"Technology moves too fast for policy to keep up."
If this policy wins in court and the FBI forces Apple to break open Farook’s phone, it won’t stop there. Apple will begin living the nightmare of hundreds of state and federal judges demanding exactly the same thing. And that’s just the beginning; governments around the world will join in with their demands. Apple will be forced to unlock phones from Beijing to Moscow, phones of both bad guys and protesters fighting repressive regimes.
When policy wins a round against technology, it often runs amok.
Fortunately, this won’t be the last round. Apple has already signaled its intent to plug the crack they left in today’s iPhone. So very soon, perhaps even later this year, Apple will ship a phone with encryption that even they can’t break. Then no government on earth will be able to open those phones.
Maybe the battle will continue. But for policy to win the next round, it will need to order Apple and the other technology providers using encryption to change their products so the government can look inside. This is the so-called backdoor, and this is dangerous ground for policy makers.
Creating this backdoor requires changes to law — and that means Congress. In a world obsessed with what Snowden revealed and with a public angry enough to possibly elect Donald Trump, do you think Congress will write a new law to create a backdoor for the government to snoop wherever it wants? No chance. Technology will win, hands down.
So does that mean the game is over? That all Apple has to do is move forward and create their iPhone fortress? Well, maybe not. Because technology continues to march forward.
"Technical advancements become available to anyone with the will and means to acquire them."
It turns out that technology will almost certainly break today’s approach to encrypting data that is sent over the Internet. A completely different technology called quantum computing is emerging from the lab, with early products being built now. Quantum computing is completely different from today’s digital computers. Instead of calculations using 1s and 0s, quantum computers use something called a qubit, which can represent many values at the same time.
What this means is that some problems that are virtually impossible to solve using today’s digital computers are child’s play for the quantum computer of tomorrow. Of particular interest is the asymmetric encryption approach that is used to secure HTTPS and, thus, just about everything confidential that is sent over the Internet. These keys are practically unbreakable using digital computers. But for a powerful quantum computer, they will be a piece of cake.
We are still a long way from a quantum computer that can pick the lock on encryption keys. Quantum computing today is roughly as advanced as digital computing was in 1971 when Intel created the first microprocessor. But technology moves faster in 2016 than it did in the 1970s.
In 20 years, or maybe even as few as 10, quantum computers may exist that can look inside all of today’s digital communications. Like most new technology, quantum computing will be expensive and complex at first, so it won’t be available to everyone. But the NSA and FBI won’t be deterred, and they will be first in line to buy a quantum computer. This is a pretty scary scenario, but technology does not play favorites. Technical advancements become available to anyone with the will and means to acquire them.
Like all technology, eventually quantum computing will get cheaper and simpler. We’ll all probably carry a quantum computer in our pocket someday. And while quantum computing may someday break today’s encryption keys, something called quantum cryptography promises an approach to encryption that cannot be foiled by a quantum computer. So the pendulum will swing back and the FBI will be frustrated yet again.
The battle never ends. But in the end, technology always wins.
5 commonly overlooked security threats
The Internet is a vast place that brings amazing information to our fingertips in a matter of seconds. While this is a wonderful attribute, it also can be dangerous to your personal information or business’s data. That’s because there are hackers out there just itching to access your information and email is still a common way they accomplish this feat. And as we’ve seen through several recent examples—including the 2015 Pentagon and 2014 Sony email hacks—simply having a “strong” email password isn’t enough to keep your data from being compromised.
While some may jokingly (or not-so-jokingly) call for less email usage and more frequent use of the phone to communicate important information, it’s not always possible in our highly digital world. So in addition to being cautious about what is communicated in your emails, it’s important to understand how to protect those emails in the first place. To ensure secure email on your personal and work devices, you first have to recognize threats to your email system—including the less common ones.
Here are five often overlooked threats to your email security:
-
Social engineering schemes that use your mobile number—Did you know that attackers only need your mobile number to trick you into giving access to your email? Essentially, they’ll send you a text posing as your email provider (e.g., Outlook) and tell you you’re about to receive a code to ensure your email account is secure. This text will then ask you to reply with the code to confirm. Then, they’ll trigger the password reset process, you’ll receive a real message with the unlock code—and if you send it to the attackers unknowingly—they’ll use it to reset your password without your knowledge. Check out this video if you want more specifics on this scheme.
-
Sharing your access credentials with others—It’s common for some employees to share their credentials—including their password—with a fellow employee or manager when they’ll be out of the office, whether on vacation or during short-term or long-term disability. If organizations don’t have defined security policies for these situations, a lack of accountability could lead to compromised email security.
-
Loss of a phone with pertinent information—Password management applications are wonderful tools that help you keep track of all the passwords for all of the email accounts you undoubtedly have. But if this application is installed on a phone that is lost or stolen, that can be a problem. Of course, it’s important that your phone is also password-protected, but organizations should take security one step further when it comes to work or personal devices that carry business data or information. Specifically, a business should standardize acceptable use policies regarding the local storage of files, remote wipe capability and network connectivity.
-
Lack of email encryption—Just because data is passed via a secure email server doesn’t mean it’s 100 percent safe. To add an extra layer of protection, companies should invest in an encrypted email service, which seals email messages and ensures only those with a decryption key can read and access sensitive information.
-
Crypto-ransomware—Ransomware is nothing new, but it’s a nasty way for hackers to operate. They essentially take the files on your computer or devices hostage until you pay a ransom to have them released. Crypto-ransomware is even nastier, as the hackers encrypt your computer’s files and will only surrender decryption keys upon payment. How is this related to email? These attacks are typically triggered through the opening of some sort of email attachment (e.g., an invoice, energy bill, image, etc.) and they often look legitimate. According to Symantec’s 2015 Internet Security Threat Report, attacks of this nature are highly profitable (bringing in approximately $34,000 per month for one group alone) and growing in popularity.
Whether through phishing schemes or direct malware attacks, email security threats are prevalent—and as we’ve seen, even the mighty can fall prey to them. That’s why it’s more important than ever for organizations to invest in a secure email service that will help them keep their data safe. In addition, employee education is a large part of maintaining a secure email environment. When people know what to expect, they’re better equipped to protect themselves and their companies from liability.
Source: https://blogs.office.com/2016/01/28/overlooked-email-security-threats/