First They Came for Our Zunes

// If private employees must agree to remote access of work issued devices like cellphones, laptops and tablets, shouldn’t the same security measures be in place for our government employees? In this quick blog post I try to look at the DOJ/Apple decryption debacle from another angle.

As summarized by WBUR, Boston’s NPR news station:

The FBI wants Apple to help unlock the iPhone of San Bernardino terrorist Syed Farook. A federal judge has ordered Apple to comply.
But, Apple says it will not comply. Now, we have the world’s most famous tech company pushing back against the government as it tries to investigate the worst terrorist attack on U.S. soil since 9/11. Once again, we’re at that complex nexus between privacy and security.

One thing frequently left out of coverage in this story, is the fact that Farook was a county employee:

“Colleagues and public records said Farook, 28, worked as an environmental health specialist for five years, part of San Bernardino County’s public health department which was holding the party he attacked”.

If Farook’s iPhone was government/work-issued, then shouldn’t the onus have been on his employer to install a remote backup / access application? Corporate issued phones, laptops, tablets, etc. use this regularly. Signals intelligence and internal corporate surveillance (the reason you probably can’t get to YouTube from work) have matured enough to a point that this shouldn’t have been an issue, let alone one that demands responses from Apple, Facebook and Microsoft.

I see this as one of the rare cases that government regulation and oversight may be necessary — any government worker using government issued technology can and should be subject to remote access on those devices. This way in the event of a served warrant, the body who issued the device is completely covered.

Personal phones are an entirely different matter altogether.

Right now, for many corporate employers, use of a private cellphone or laptop to conduct work business means installing and using an approved separate app and multiple steps of authentication, not to mention giving that employer the right to wipe your phone if it is lost, stolen, or otherwise compromised.

That the DOJ would demand Tim Cook to fix the mistakes and oversight of a government agency speaks to the fact that we’re thinking about signals intelligence and domestic terror the wrong ways.

Government internal policies for dealing with compromised telecommunications devices is way behind the public sector — there are middle school students with more secure digital footprints than a county employee dealing with health records.

Just some food for thought.