The clash between privacy and security is an increasingly difficult one to settle in the age of mobile devices.
The current front-page case, in which the FBI wants Apple to create an iOS backdoor so it can unlock one of the San Bernardino shooters’ iPhones, is a prime example of the controversy played out on a large scale. Apple is vehemently opposing a court order ruling that it has to create the backdoor, on the grounds that doing so would create a dangerous precedent.
An interesting wrinkle to this story has IT pros and employees around the world thinking about the balance between security and privacy. The shooter’s employer, San Bernardino County, uses enterprise mobility management (EMM) software to manage and secure some of its employees’ devices. If the phone was enrolled in EMM, the FBI would be able to unlock it without a password and decrypt the data — but it wasn’t, according to Reuters.
That would have solved the problem, right? For this particular controversy, yes, it could have allowed the FBI to get into the phone without Apple’s help. But the larger issue of balancing privacy versus security would still remain. The whole FBI vs. Apple story shines a light on the reality of EMM software, and it opens up another can of worms in the debate. If IT departments can unlock users’ devices and potentially access their work and personal data without their consent or knowledge, do employees who use mobile devices at work really have any privacy?
Even if IT admins say they won’t look at employees’ personal information, some MDM platforms still track and record that data on user-owned devices. That means if IT gets its hands on a user’s device, it can see their contacts, installed apps, third-party app data, browser histories and more. MDM also offers remote wipe, and some BYOD policies even allow IT to wipe the entire device without ever touching it.
Accessing the San Bernardino shooter’s iPhone could reveal information to help investigators understand what happened, but in the long term, setting this precedent could put everyone at risk of having their data exposed. If Apple gives in, CEO Tim Cook believes the government could use this example to force companies to violate privacy even further by monitoring employees’ messages or providing unapproved access to users’ cameras and microphones. Other entities could exploit the new backdoor in the future to hack into people’s devices for more malicious reasons.
Ultimately, it’s probably an unsolvable equation. IT admins are justified in wanting to protect their organizations’ data and maintain compliance via EMM, and users are right to want to keep their personal information private. It’s a tug of war we’ll be dealing with for a long time to come.