Apple's standoff with the U.S. government is creating a healthy debate about whether federal investigators, under certain circumstances, should have the right to circumvent security, says cybersecurity attorney Chris Pierson.
The Apple vs. FBI debate was the hot topic at RSA Conference 2016. Apple has refused to comply with a court order to help the FBI disable security features that prevent access to data on the iPhone used by Syed Rizwan Farook, one of the San Bernardino shooters who killed 14 people (see: RSA Conference Debates Apple vs. FBI).
"This is one of those items that is definitely top-of-mind for all security and privacy professionals, and the lawyers out there as well," Pierson, CISO at invoicing and payments provider Viewpost, says in an interview at the RSA Conference.
The case is creating a serious debate over whether the government should be able to "compel a private entity to go ahead and circumvent security features that it's baked into products or services that it sells and offers to others," Pierson says. "It hasn't been tested in any recent time. They're [the government] depending on an over 200-year old law for the underpinnings of the case," highlighting, once again, how far laws trail technology.
During this interview (see link below photo), Pierson also discusses:
- Global implications of the Apple versus FBI case;
- Why the government could, and perhaps should, have the right to circumvent security in some cases; and
- What could develop next in this emerging case involving privacy and encryption.
In addition to serving as executive vice president, general counsel and CISO for Viewpost, Pierson also serves on the Department of Homeland Security's Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee. Before joining Viewpost, Pierson served as the first chief privacy officer for the Royal Bank of Scotland's U.S. banking operations, where he oversaw RBS's privacy and data protection program. He also formerly served as a corporate attorney at the law firm Lewis and Roca, where he established the firm's cybersecurity practice, representing companies on security and data breach matters.