Summing Up--Is Product Security A Potential Distraction for Apple’s Leadership?
The saga of Apple’s stand-off with the United States government over the Company’s refusal to assist the FBI in hacking its own iPhone product to aid in a domestic terrorism investigation raises any number of questions for CEO Tim Cook. Responses to this month’s column provided a range of advice that centered around whether or not product security is as important as some other features of the Company’s strategy.
Since the Government’s request for help, of course, events have unfolded practically every day. Doug Kinney expressed the view that the Government’s recent success in employing hackers to break the phone’s code “relieves Apple of a somewhat alienating position. The time that it took to do it (and one might add the cost of more than $1.3 million to the FBI) is also a small victory, as it demonstrated that hacking it is still difficult.” Nevertheless, Kinney felt that “Now that it has been hacked, perhaps Apple should redouble its efforts to improve the security... I therefore would not encourage Apple to open up its architecture.”
Others regarded security as a lesser issue. For example, Sailor 123 felt that in the entire matter, “Apple should be less concerned about the security issue... and be more concerned about the damage to its reputation for refusing to assist in serious criminal & terrorist investigation.” Robert Stone added, “The security race will never end and it is a real issue for only a tiny fraction of the population of potential Apple customers.” As Guy put it, “I think consumers assume a certain level of security will be in the product--probably no better or worse than other products in the class.” LarryWilhel was more acerbic, saying: “The issue (security) is a waste of time... Offer an annual $10 million award to the next solution and the hackers will be working for Apple.”
There was other advice for Tim Cook. Much of it concerned the potential loss of attention to what Apple’s users really want, design and unique capabilities. As Robert Stone put it while advising that rewarding hackers was probably an economic alternative, “... all Apple has to do is be better than the next best alternative at a price that’s economically justified in the buyer’s ... mind.” Dolembo commented that “... Steve Jobs, I surmise, wasn’t as interested in privacy as he was peculiarity.” Guy said, “If you don’t have sizzle, who cares about security?” LarryWilhel added, “Cook should get focused on leading the company. Apple Pay has the opportunity to manage a trillion dollars of transactions a year ... There is another fortune in providing Apple wireless readers with (NRF) or encrypted lightwaves. Time is a wasting. Lead or get out of the way.”
Is product security a potential distraction for Apple’s leadership? What do you think?
Original Column
We’ve spent the last month discussing issues associated with the possibility that Apple’s most important challenge may not be the FBI but the very advances in information technology on which Apple prides itself. The question was whether Apple was like the boy with his finger in the dike trying to hold back the water as it refused the US government’s request to hack an iPhone owned by an alleged terrorist. Apple was lauded by some for defending the integrity of its products and the security of the owners of its products. All of this makes for a classic Harvard Business School case problem. We should be well prepared to discuss it.
And now the story has updated itself. As some of you predicted would happen, expert hackers apparently have found a way to neutralize the security features of the iPhone, overcoming a combination of software and hardware designed to disable the phone after 10 attempts to enter possible passwords. One problem for Apple is that the hackers went to the FBI rather than to Apple, perhaps reflecting the company’s reputation for not rewarding those who find flaws in the company’s technology.
Tim Cook, Apple’s CEO, probably has several concerns to deal with, and perhaps we can help him think through the options.
First, organizational changes at Apple have put new people in some of the jobs most central to product security. According to one report, “The leader of the Core OS Security Engineering team, Dallas DeAtley, left the security division last year to work in a different part of Apple. Mr. DeAtley was one of the few employees who over the years had taken care of government requests to extract data from iPhones.”
Apple’s product security team has also undergone changes. Again, according to the same report, the team was broken up last year and the privacy group began reporting to a new manager. Some members of the team were absorbed by Mr. DeAtley’s Core OS Security Engineering team.
At the moment, it appears that the government is unwilling or unable to share the method by which Apple’s phone systems were unlocked. For one thing, the company that hacked into the iPhone for the FBI did it with methods that are proprietary to the hacker. While Apple’s competitors, hackers, and other security organizations may be pressuring the hacker in question to share its methods, would Tim Cook’s like to see that happen?
As he ponders his options, Tim Cook may be weighing several questions:
- Should he have his company approach the federal government for help in gaining access to the methods used to hack the iPhone?
- Should he alter Apple’s well-known strategy of creating an essentially closed (vs. Microsoft’s more open) system, one that welcomes only outsiders that are willing to design apps for Apple products?
- Should he begin rewarding hackers for breaking into Apple’s products, something they probably regard as a very high-profile achievement?
- Should he reassign Dallas DeAtley to his old job and/or reconstitute the product security group?
- What, if anything, needs to be done to reassure Apple’s customers that it is doing everything possible to ensure that its products are secure?
As Tim Cook, what else would be on your mind and in your plans? What would you do? Why? What do you think?
Reference:
Katie Benner, John Markoff, and Nicole Perlroth, Apple’s Newest Challenge: Learning How Government Cracked Its iPhone, The New York Times, March 30, 2016, pp. B1 and B6, quoted from B6.