SUNDAY: Comey tries to downplay the dispute, arguing in his new statement that no precedent would be set if Apple would just go along.
"I hope folks will take a deep breath and stop saying the world is ending, but instead use that breath to talk to each other," he said.
"Although this case is about the innocents attacked in San Bernardino, it does highlight that we have awesome new technology that creates a serious tension between two values we all treasure — privacy and safety," he said, adding:
"We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly."
This sounds like capitulation to me. If this is now about the "victims," then the government made a serious mis-step in attacking Apple in the first place. However, the government's current position does not support a charge of "government over reach."
The issue of how far the government may go in coercing the unwilling and the un-involved to assist them in recovering evidence that they are otherwise entitled to is important and needs to be litigated. We should be glad that Apple is prepared to fight it. Perhaps not since Runnymede has the King had a more formidable adversary. However, this is not the right case to fight it on.
There is ample precedent for un-involved citizens to voluntarily assist the government. It would not be precedent setting for Apple to voluntarily assist with this one mobile in this one case. Apple should "declare victory and go home." It should do here what it can do and fight the government over reach issue when the government is more certainly guilty of it.
This blog is not about the security topic de jour but rather about a context and perspective in which to view and respond to the events of the day. It is about:
Rules and Tools
It responds to my observation that security is a space in which intuition and good intentions do not serve us well and in which rational thinking is difficult. There are many variables, some of which are un-identified. Even for the identified variables, the range of possible values, much less the exact or current value, may be unknown, or even unknowable. So, this blog will stress making hard decisions in the face of uncertainty.
Bill Murray is a management consultant and trainer in Information Assurance specializing in policy, governance, and applications. He is Certified Information Security Professional (CISSP) and chairman of the Governance and Professional Practices committees of (ISC)2, the certifying body,
He has more than fifty years experience in information technology and more than forty years in security. During more than twenty-five years with IBM his management responsibilities included development of access control programs, advising IBM customers on security, and the articulation of the IBM security product plan. He is the author of the IBM publication Information System Security Controls and Procedures.
He has been recognized as a founder of the systems audit field and by Information Security Magazine as a Pioneer in Computer Security. In 1999 he was elected a Distinguished Fellow of the Information System Security Association. In 2007 he received the Harold F. Tipton Award in recognition of his lifetime achievement and contribution. In 2016 he was inducted into the National Cyber Security Hall of Fame. In 2018 he was elected a Fellow of (ISC)^2.