Apple vs. FBI case colors European debate about securing digital identity

Although not present at Mobile World Congress, Apple still influenced the debate

Although Apple does not exhibit at Mobile World Congress, the giant trade show in Barcelona, the company casts a long shadow over it.

The iPhone maker's influence there extends to app developers, accessory vendors and, now, the debate about securing digital identity.

In a keynote session on security at the show, moderator Michael O'Hara asked presenters whether they sided with Apple or the U.S. government in the legal dispute over whether Apple should help the Federal Bureau of Investigation unlock an iPhone belonging to the employer of one of the San Bernardino attack suspects.

For Simon Segars, CEO of ARM, the company that designs the microprocessors found in most smartphones, "It's a complex situation, there are rights and wrongs."

For the last few years, ARM has been encouraging its customers to adopt better security practices in designing their products. Its processor core designs, including those used by Apple for its iPhone and iPad chips, contain a secure "TrustZone" for protecting authentication mechanisms and cryptographic keys.

Security experts generally concur that the "Secure Enclave” found in recent Apple phones -- although not the iPhone 5c that is causing the FBI so many problems -- is built on ARM's TrustZone, although Apple has not commented on the matter.

TrustZone is useful not just to smartphone designers but to anyone building devices that need to maintain the security of communications even when someone has physical access to them.

"With the Internet of Things, we are only just getting started when we consider these issues," Segars continued. "Now is a good time to ensure we have a legal framework to decide who owns our data."

"We believe users should own their data and control who has access to it, but obviously there are some extreme circumstances where that should change," he said, appearing to side with the FBI.

However, Segars didn't explain whether, or how, ARM's TrustZone technology could be circumvented in such extreme circumstances.

For the CEO of biometrics and secure identity company Morpho, Anne Bouverot, the big question is whether security and convenience are compatible.

"We want both," she said. "We want to be able to use smartphones, we store more money on them than under our mattresses and we have more secrets on them than we tell our best friends."

"Privacy is very important but at the same time we want the government to protect us from terrorist attacks."

Bouverot, whose company has many government customers, also gave weight to the FBI's arguments in the dispute over access to the phone used by Syed Rizwan Farook.

"The U.S. government wants to look at his employer's phone and I think this is also important," she said. "Technology has to find a way to give both privacy and security."

Next up was Pavel Durov, CEO of Berlin-based encrypted messaging company Telegram.

Apple CEO Tim Cook has said it would be dangerous if the company were to provide the FBI with the tools that could help it to crack the passcode of the iPhone 5c, running iOS 9, by brute force. A court in California has ordered Apple to provide the required assistance to the FBI.

Asked about the Apple vs. FBI case, Durov didn't mince his words: "I definitely side with Tim Cook on this," he said to a smattering of applause. Segars' and Bouverot's responses had been greeted with silence from the audience.

"There's always going to be a risk that your iPhone could be stolen and people could use the data in it against you. If we increase the risk that an iPhone could be unlocked, it's extremely dangerous," Durov concluded.

Join the CSO newsletter!

Error: Please check your email address.

Tags MWC 2016

More about AppleARMFBIFederal Bureau of InvestigationTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Peter Sayer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place