Tuesday, April 5, 2016


Unlocking cell phone
While ignoring obvious


APPLE AND THE U.S. GOVERNMENT got into a legal hassle over unlocking a cell phone used by a terrorist

Apple refused, claim it was technologically impossible. .

Now consider . . .

FIRST OF ALL, the phone in question was NOT the terrorist's phone. According to news reports, the phone was owned by the San Bernardino County Department of Public Health and loaned to the terrorists as part of his job.

When I worked for a defense contractor, I had an employer-provided cell phone.

If the phone's owner wanted to check anything on the phone, that was the owner's prerogative.

I knew that.

The owner knew that.

There never was anything compromising on, or in, the phone.

To my Edward Bear mind, there is no difference between an employer-provided computer and an employer-provided cell phone, or for that matter, an employer-anything (e.g., transportation). The courts consistently ruled that the employer has snooper rights. Likewise the police have, armed with a warrant, the right to access a suspect's computer-based data.

In this specific instance, I don't think Apple had grounds to refuse the government's request; albeit it appears the wrong government agency approached Apple (the Feds vs. the county that owned the phone) with the court order to unlock the phone. It would seem to put Apple in league with the terrorist just as much as - if the rumors are correct - Israel is in league with the U.S. government for "cracking" the security code put on the phone by the terrorist.

According to The Washington Post, Apple steadfastly maintained that it was unable to unlock its newer iPhones for law enforcement, even when officers obtain a warrant, because they are engineered in such a way that Apple does not hold the decryption key. Only the phone’s user — or someone who knew the password — would be able to unlock the phone.

(Question: Why would the phone's owner - the San Bernardino County Department of Public Health - allow an employee to put a personal security code on a county-owned phone? Back to my work with the defense contractor: we were forced to change computer passwords on a frequent basis - but the employer had access to those passwords.)

Granted, I am not privy to all the legal wrangling that transpired between the Feds and Apple, but it seems despite the high profile of the issue, a number Federal government lawyers had their heads "where the sun don't shine." Maybe someone from Washington DID ask someone at the San Bernardino County Department of Public Health or the county's commissioners to tell Apple to "unlock our cell phone."

It is inconceivable that Apple would build a lock that could prevent an absent-minded customer from getting help to unlock their device; perhaps the folks at Apple never forget a password - maybe because they never change them (a fine security breach).

From a Risk Management perspective, the San Bernardino County Department of Public Health - in fact every employer - needs to update its Policies and Procedure to require that passwords for all employer-owned devices are available to the employer. Invasion of privacy? Terms of employment.

While I know my liberal friends will take umbrage at that, my stance is that if an employee wants to keep personal information personal - that is, secret - that's fine, providing the information is on the employee's personal phone.

The link to Edward Bear is because I discovered there was a musical group that labeled itself "Edward Bear". A taste of the musical Edward Bear can be heard at https://www.youtube.com/watch?v=eH8HFLRFhTk Nice video.

Turns out there is yet another "Edward Bear."

Marty Slattery, wrote several books using the nom de plume of Edward Bear; his site is at http://www.edwardbear.net/

The internet and search engines are wonderful - and educational - things.

No comments: