Monday, February 22, 2016

Has Apple Made iPhones Illegal in the Financial Industry? (AAPL)

Smart question. My semi-informed guess is : Yes.

From the Volokh Conspiracy, now occupying digital space at the Washington Post:
Apple’s refusal to help the government unlock the San Bernardino shooter’s iPhone may have some surprising consequences. Remember, Apple is defying not only the Justice Department but also the wishes of the iPhone’s owner.  That’s because the iPhone in question is actually owned by the San Bernardino County Department of Public Health, which issued it to Syed Farook to use at work.
As a practical matter, Apple’s technical and legal position elevates Farook’s privacy over the interests of the iPhone’s real owner.  This may well be consistent with Apple’s corporate marketing strategy, which seems to be making the iPhone so sexy that employees will simply demand that companies buy it for them.  But the San Bernardino case is a wakeup call for companies who think that, because they are the customers, Apple owes them some allegiance.

Nope.  Instead, Apple’s technical and legal war with the United States government is turning its corporate customers into collateral damage.

As that lesson sinks in, enterprise purchases of iPhones may take a hit.  Indeed, in the financial industry, the fallout could be worse.  Given Apple’s decision to privilege users’ privacy above all else, it may well be unlawful for banks and brokerages to let their employees use iPhones at work.
Why?  Because, in the financial industry, allowing yourself to be locked out of your employees’ communications isn’t just a bad idea, it’s a violation of federal law.  Since 2007, financial industry regulators have made clear that “FINRA expects a firm to have supervisory policies and procedures to monitor all electronic communications technology used by the firm and its associated persons to conduct the firm’s business.” (Emphasis in original.) In 2014, financial institutions were fined under this policy for failing to capture all of their employees’ text messages.

There are probably ways to solve this problem technologically, if the employees cooperate.  Their iPhones or their apps can be modified so that text messages are routed through servers where the encryption is stripped and the messages stored.  But what if an employee instead chats with customers using his iPhone and an off-the-shelf messaging app that features end-to-end encryption?  Then, I suspect, the only way to recover those messages is to get access to the iPhone itself, something Apple is trying its best to make impossible....MORE 
But wait, there's more. Also from the Volokh Conspiracy:

Or is Apple happy to enable a backdoor as long as it makes money from it?
My earlier post on whether Apple’s iPhone can be used legally in the financial industry produced some useful quick responses via Twitter.  The short answer seems to be that the iPhone probably can’t be legally used for communicating with financial industry customers without modification, either of the operating system or of the apps that are used.  That is, the app and/or the operating system has to allow corporate management access to the contents of the phone, or at least to the “corporate” apps on the phone.

What’s interesting is that Apple seems to have modified its operating system to provide corporate purchasers exactly that.  Apple enables something called MDM, or mobile device management.

 Talking to corporate managers, Apple brags, a bit obscurely, that “because corporate accounts, apps, and content installed via MDM can be managed by iOS, IT has the ability to remove or upgrade them without impacting personal data.” (Emphasis added.)  I think that means that the company can go into the iPhones of its employees and read the contents of their communications whenever it wants.
MDM isn’t exactly the most communicative name for the access Apple has created.  The company has been insisting a bit counterintuitively that a Justice Department request that it disable a peripheral security feature on a single phone is “a backdoor.”  If so, what should we call MDM, which enables access to every account, app, and piece of content installed on an iPhone?  A front door?

Actually, I suspect Apple calls it a marketing opportunity.  It turns out Apple is happy to create a back door for its phones if that expands its market.

Who would have guessed?...MORE