lightework design

Category: data analytics

  • Apple vs FBI

    Apple vs FBI

    Just before the end of 2015, the Federal Bureau of Investigation filed an application for assistance to decrypt and unlock an iPhone that was confiscated as evidence in an investigation. Apple is a technology company that has always been focused on customer security and has upheld privacy practices that involve systems that prohibit the company’s ability to decrypt their customers’ devices and thusly could not easily provide access to the device. Before eventually hacking into the iPhone through alternative methods, the FBI insisted that Apple create a backdoor tool that would allow the FBI to bypass the security measures engineered into the product. The discussions surrounding this case and their references to the All Writs Act of 1789 have set a precedent for differing perspectives regarding personal data privacy and digital security.

    The Bigger Picture

    The disagreement between Apple and the FBI originated from a request for Apple to provide access to encrypted data on an iPhone which belonged to the gunman from the San Bernadino shooting of 2015. The battle between Apple and the FBI held the public eye for a period of 43 days and had disturbing implications for the security of personal devices and the power of government (Weise, E. 2016). The intentions of the FBI were stated to be centered on achieving justice for the victims of the tragedy and their families, but the case gained additional attention in the technology space due to the FBI’s insistence on creating back-door access to the iPhone.

    Cook (2016) of Apple stated that he believes encryption is the only method of keeping information secure, which objectively emphasizes the importance of encryption within the technology industry. Encryption serves as the most relied upon hindrance to the unauthorized access of information from a protected digital source, and creating a backdoor to bypass the iPhone’s encryption system would greatly weaken the protection that Apple has in place for its customers. Cook described the tool which the FBI sought from Apple as a modified version of the iPhone’s operating system which would bypass the normal security measures of the system. Leaders at Apple viewed this request as the potential start of an undermining of their security systems and a direct order to create a less secure environment for their users.

    The FBI sought to utilize the All Writs Act of 1789 in efforts to expand its authority and force Apple to comply with their request to unlock the target iPhone. Apple immediately disagreed with the FBI’s demands, citing the unconstitutionality and unlawfulness of their request. After much discussion between Apple and the FBI, the FBI announced that it had obtained a third-party method for unencrypting the iPhone’s data and would not require Apple’s assistance to unlock the device (Weise, E. 2016). The FBI refused to disclose the identity of the third party who provided the organization with assistance and withdrew from taking legal action toward Apple. This landmark case brought government intervention and personal privacy concerns into the forefront of important national conversations which contemplated the future implications of changes to the landscape of consumer rights and encryption technology.

    Those Opposed to Apple’s Compliance

    Apple, as well as other technology companies and privacy advocate groups, believed that complying with the FBI’s request to bypass encryption algorithms would be devastating to the security and privacy of the iPhone product and its users. Privacy advocate groups believe that the privacy and security of personal information is of critical importance, and the creation of a backdoor for Apple’s iPhone security systems would endanger and violate the rights of millions of people. Apple’s competitors in the technology industry also backed Apple’s stance including Google, Microsoft, and Facebook; these companies shared the same concern that this court case could set the precedent for the future of data privacy and encryption technology.

    Those in Favor of Apple’s Compliance

    The FBI believed that the evidence on the shooter’s iPhone was critical to completing their investigation of the San Bernardino shooting, and that the cooperation of Apple was needed to fully obtain that information. Some of the families of the victims and government officials sided with the FBI’s stance on this court case explaining that Apple’s compliance should be obtained as a matter of public safety and national security. Information from the shooter’s device could be useful in identifying any possible co-conspirators or viewing communication interactions which could hold more evidence for the case.

    The Relevance of the All Writs Act

    The FBI invoked the All Writs Act of 1789, seeking a court order to compel the compliance of Apple to aid in their investigation because their technical assistance was deemed required to unlock the device and unencrypt the data it contained. According to the author at Epic.org, Apple argued that the All Writs Act does not provide grounds to force Apple to create software that allows the government to “hack into iPhones,” citing the First and Fifth Amendments. Lewis (2016) describes the problems surrounding All Writs Act as complex and states that the main function of the act is to grant federal judges the authority to compel citizens toward specific action within the limits of law. A writ is an antiquated term for a “formal order” which has fallen out of common usage in conversation and practice over the years. The All Writs Act has traditionally only been used in exceptional occurrences where no other legislation is relevant to the case at hand. The law has been applied several times in discussions regarding recent technological developments due to the breadth of the scope of the law. In 2005, the ruling of a federal judge determined that, though providers of cellphone services must be able to geographically locate their user’s devices, the phone service providers cannot be forced to actively track a customer’s cellphone without a warrant.

    Resolution of the Issue

    The resolution of Apple vs. FBI was anti-climactic and ended without a court ruling regarding the scope of the All Writs Act and its implications for the case because the FBI obtained an alternative method of unencrypting the iPhone device. However, Tim Cook (2016) of Apple published an open letter explaining his stance on the case, the FBI’s request, and the future of device security and privacy policy. In his letter, Cook emphasized the popularity of the iPhone device and explained that it is partially due to the careful concern that the company possess for the security of their customer’s personal information. He describes the company’s commitment to providing useful encryption methods that hold a customer-centric focus. The FBI’s potential success in this case would have had groundbreaking implications for the future of information security in the United States and could have possibly marked the end of personal data privacy within the country.

    Conclusion

    Regarding the technology industry, the Apple vs. FBI case could easily be the most important case in my lifetime because I believe it served as a demonstrative situation where a blatant attempt at government overreach was countered by privacy rights activists and powerful encryption technologies. I think that the willingness for Tim Cook to write an open letter discussing the reasoning behind Apple’s decision to oppose the court order was powerful and remains a remarkable document of post-internet technology history. This court case seems to have brought critically important discussions to public attention that I think all individuals should be conscious of in their roles as citizens and users of internet devices. Both parties appeared to discuss these issues with a mutual respect that I hope can continue to foster a healthy balance between personal privacy and justice for generations to come.

    References

    (n.d.). Apple v. FBI. Epic.org. https://epic.org/documents/apple-v-fbi-2/

    Cook, T. (2016). A Message to Our Customers. Applehttps://www.apple.com/customer-letter/

    Lewis, D. (2016). What the All Writs Act of 1789 Has to Do With the iPhone. Smithsonian Magazinehttps://www.smithsonianmag.com/smart-news/what-all-writs-act-1789-has-do-iphone-180958188/

    Weise, E. (2016). Apple v FBI timeline: 43 days that rocked tech. USA Todayhttps://www.usatoday.com/story/tech/news/2016/03/15/apple-v-fbi-timeline/81827400/

  • Anonymity in Cyberspace

    Anonymity in Cyberspace

    In this information age, large technology corporations harvest the personal data of millions of individuals to collect demographic information that they can apply to their products and advertising endeavors. Private citizens desire situations in which they can protect their personal data through anonymous action; and inversely, users want proper authentication credentials and authorization systems to protect access to their electronic business arrangements.

    I don’t believe that the conversational debate on this topic should resolve in a binary answer of whether anonymity should be preserved in cyberspace because there are differing types of practical applications which benefit from either anonymity or authentication. If the world wide web is continually used for both casual recreation and serious business applications, there will be a need for both types of functionalities to be utilized to create satisfied users. Ideally, our business communications and transactions should be secured, encrypted, and only available to properly authorized and fully authenticated users. However, it is helpful and comfortable to be able to maintain anonymity as a casual user and utilize the protection of anonymity to protect freedom of speech and the identities of vulnerable users from possible threat actors.

    The Usefulness of Anonymity

    Throughout history, anonymity has proven to be useful in protecting vulnerable people for many legitimate reasons. Journalists often rely on hiding their personal information to protect themselves from threats to their person when publishing controversial ideas or when writing with criticism toward authority figures. Anonymity also allows writers to disconnect from their subject matter in a way that they might hope allows people to withhold the prejudice that comes with knowing who the author of a work is. According to Hruska (2011), the founder of Facebook has stated that all anonymity should be abolished from the internet, elaborating that he believes personal anonymity leads to a higher chance of negative or anti-social behavior. I don’t believe that his statements reflect the implications of all anonymity online, but instead pertain particularly to the Facebook service which also profits less from anonymity and profits more from a strategy of personal data collection and user verification. In opposition to Mark Zuckerberg’s opinion on digital anonymity, I believe that there are very useful applications for anonymity and that the determination of whether personal verification should be obtained is situational. I think that it is time for the governing bodies to accept that the many applications of today’s internet have outgrown the regulations that govern the physical hardware systems that powers them, and new legislation should be considered that promotes informed consent on behalf of private citizens and their data privacy.

    The Necessity of Personal Authorization

    There are so many business transactions and accounts that exist on the world wide web and individuals all desire proper authentication systems in place so that they are the only verified user of their accounts and sole signer of their transactions. A verification process does submit personal information to a 3rd party, but that does not mean that the 3rd party must engage in mass data collection, trading, and sales. The organization’s collection of qualifying personal information helps protect a user’s account from people that do not possess that information which contributes to authentication and helps to maintain the economic integrity of the relationship. However, there are plenty of types of interactions on the internet that do not require verification and can be used more comfortably in complete anonymity. Just like in our non-digital interactions with people in society, information is naturally disclosed on a need-to-know basis. People don’t feel comfortable sharing all their personal details in the first few conversations or with someone they don’t know well because of possible security risks. This is an example of how we use anonymity in everyday life to assert authorization when providing our personal information to others. The world wide web has similar situations and interactions in which it is beneficial to preserve personal anonymity to protect personal data and exercise free speech. Hruska (2011) points out that anonymity has been described by the United States Supreme Court as vital to the freedom of speech, which I think should also be respected in the internet platforms and the systems’ informational design.

    Is Anonymity in Cyberspace an Illusion?

    In today’s internet, when a user makes a connection to a website, their computer’s details are sent through a vast network of networks before it reaches the intended destination leaving behind a trail that is easily tracked. Because of this physical limitation on the potential anonymity of the medium, I believe that digital anonymity is somewhat of an illusion. Digital anonymity can be created when an organization’s operations are designed to collect the minimal amount of user data required to achieve the necessary functions of the product or service. It is in the hands of the organization and user who must take responsibility for possible security risks and foster their relationship’s trust to maintain a comfortable sense of digital anonymity. Lufkin (2017) from BBC, states that he believes digital anonymity allows people to have exciting experiences without fearing the consequences of recognition or retaliation to themselves. Relating to psychology, he believes that our individual definition of self is made up of both our perception of ourselves and a culmination of how other people view us. Although that any interaction on the internet can be traced with enough time, it is equally important for web developers to create spaces that provide users with an easing sense of anonymity and proper user verification as is applicable to the specific type of interaction.

    Part of the illusion of anonymity that initially surprised me was, as Lufkin (2017) states, that personal demographic data is still bought and sold through large technology companies even if the subject individual is not a user of that service or does not possess an account with that company. Corporations such as Facebook are still able to collect data about individuals through other methods such as their Facebook Pixel which tracks users on many different websites outside of Facebook. Inherently, there is no anonymity on the internet that is legally protected out of the scope of the freedom of speech.

    Is Secure Authorization in Cyberspace an Illusion?

    Secure authorization is generally provided through the roles assigned by the server administration after authentication. Authentication systems are constantly challenged in new ways as hackers and cyber security professionals battle it out in endless advancement of their offensive and defensive tools and systems. Huge collections of personal data that exist within these large companies’ user accounts are popular targets for criminals because this personal information usually leads to qualifying information that allows them to access business and financial accounts. Secure systems sacrifice convenience for more security; so, if we want to enjoy the benefits of conducting our business on the internet, we should recognize the value of authentication and encryption systems like biometrics and passkeys. The government has a direct interest in reducing the level of possible anonymity on the internet toward more transparency so that it becomes easier to identify and solve domestic threats of terror and other forms of crime that can be traced through our national networks.

    Anonymity for Human Rights Protection

    The United Nations Human Rights Office (2015) writes that the improvement of digital security is imperative to the success of all interactions with the United Nations to work toward their goal of creating a connected, protected, and stable world environment. Within their concerns lie the digital security of countless people who rely on the protection of freedom of speech and some form of digital anonymity to perform their job tasks without adding to the risk of personal endangerment. Moyakine (2016) writes that anonymity on the internet is critical to the maintenance of our human rights and fundamental freedoms, and our personal data and free expression should be protected. Personally, I believe that the disclosure of personal data to corporations allows threat actors to directly target individuals and is an obvious personal security risk. The internet has the potential to facilitate the greatest conversational progress that humanity has yet achieved, but if users’ personal data can be targeted and some form of digital anonymity is not in place then people will be discouraged from exercising their freedom of personal expression due to considerable negative consequences.

    Summary

    When discussing the subject of digital anonymity, we must also consider the importance of free speech, privacy of personal information, and the preservation of our human rights. It has become common for large technology companies to develop technologies that appear to challenge our current legislation’s technical knowledge or appear to create a situation that has no prior legislation. I believe that this attempt at overcomplication is more of an attempt to create a monopoly within a trending market, often at the expense of individual data privacy and free speech. Optimistically, I hope that advances in encryption and authentication techniques can create a justifiable sense of security in the world wide web while adopting a need-to-know style strategy toward data privacy to protect users from dangerous personal data exposure.

    References

    Hruska, J. (2011). The need for anonymity in a digital age. ExtremeTech. https://www.extremetech.com/internet/92096-the-need-for-anonymity-in-a-digital-age

    Lufkin, B. (2017). The reasons you can’t be anonymous anymore. BBC. https://www.bbc.com/future/article/20170529-the-reasons-you-can-never-be-anonymous-again

    Moyakine. (2016). Online Anonymity in the Modern Digital Age: Quest for a Legal Right. Journal of Information Rights, Policy and Practice, 1(1). https://doi.org/10.21039/irpandp.v1i1.21

    United Nations Human Rights Office of the High Commissioner. (2015). Human rights, encryption and anonymity in a digital age. United Nations. https://www.ohchr.org/en/stories/2015/06/human-rights-encryption-and-anonymity-digital-age

  • Why Organizations Use Risk Management Frameworks

    Organizations want to implement a risk management framework for the same reason that they would want to have insurance coverage or a security system. There are many different types of risks for which an organization can be liable, including hazard risk, financial risk, operational risk, and strategic risk. A risk management framework can provide a structured way to assess, organize, prioritize, and control risk, providing structured processes and contextual insight to organizations.

    The benefits of implementing a risk management framework include the ability to make more informed decisions, reduce costs by reducing the likelihood of incidents, and understand the potential threats that can affect the organization. A risk management framework can give an organization an advantage due to being designed to address regulatory compliance within the specific industry, as well as provide stakeholders with additional confidence and understanding of risk tolerance.

    The downsides of implementing a risk management framework include the need for an organization to interact with a high level of complexity, which also require large amounts of resources to be properly managed. Convincing an organization to adopt a risk management framework can be difficult to provide an accurate figure of return on investment that would clearly outweigh the difficulty and resource cost of adopting the framework.

    References

    Marker, Andy. (2021). Enterprise Risk Management Frameworks and Models. Smartsheet. https://www.smartsheet.com/content/enterprise-risk-management-framework-model