Cloud providers weigh in on iPhone backdoor debate

During a panel discussion at RSA Conference 2016, representatives from top cloud providers such as Google and Microsoft discussed the legal battle between Apple and the FBI over encrypted data.

SAN FRANCISCO -- Some of the largest cloud providers in the industry weighed in on the iPhone backdoor case during Monday's Cloud Security Alliance Summit at RSA Conference 2016, taking issue with FBI and federal government's recent actions.

Speaking during a cloud provider panel discussion moderated by Robert Herjavec, CEO of managed security service provider Herjavec Group and co-host of the television show "Shark Tank," representatives from Microsoft, Google, Dropbox and Rackspace offered their opinions on the FBI's actions to compel Apple to unlock an iPhone that was used by one of the San Bernardino terrorists.

Apple has contested a court order that compelled the company to create software that would bypass the iPhone's security measures and auto-wipe feature, which would allow law enforcement agents to gain access to the locked iPhone. But the panelists were critical of that order and of the FBI's actions.

Daniel Clayton, head of customer security operations at Rackspace, said that he understands the government's effort to obtain the data and decide what can and can't be done with technology. "The problem is," Clayton said, "I don't know that the U.S. government or British government or any other governments out there have proven themselves to be responsible in that role. So, therefore, it's down to us to make sure we are."

Rajan Kapoor, head of trust and security at Dropbox, stressed that his opinion didn't reflect his employer's position on the iPhone backdoor matter and said that Dropbox decided not to respond as a company to "see how things progress." But he sided with Apple in the controversy and criticized the effort to create an iPhone backdoor.

"Privacy is important, and any time you weaken encryption so that someone can break it, then you create a [back]door and anyone can go through it," Kapoor said. "This is one of the most important topics of our time."

All Writs Act obsolete in the 21st Century

... We need 21st Century laws to protect us in the 21st Century.
Tim Rainsdirector of security, Microsoft

Tim Rains, director of security at Microsoft, echoed the recent remarks of Microsoft president and chief legal officer Brad Smith last week in a House Judiciary Committee hearing. In support of Apple's position, Smith explained to the committee members that the court order relied on language in the All Writs Act that was written and passed by Congress in 1912. Smith then showed the committee an adding machine as an example of the cutting edge technology of 1912.

"To paraphrase [Smith], we need 21st Century laws to protect us in the 21st Century," Rains said, encouraging the audience to watch Smith's testimony and learn more about the case.

Eran Feigenbaum, director of security for Google for Work, offered a layered take on the situation. "I'm glad that Apple drew a line," Feigenbaum said. "[But] I don't know that they drew the line at the right place. I think that they may have gone a little too far and are slowly going to have to inch over."

But Feigenbaum also criticized the judicial system for essentially "trying to make a new law" and use the All Writs Act in a way that wasn't intended in order to compel Apple to hack its own product. "I really hope this actually goes back to the lawmakers and we take that part out of the courts," he said.

Next Steps

Read more about mitigating risks for backdoors

Learn how to remotely wipe iOS and Android devices

What the All Writs Act means

Dig Deeper on Cloud Compliance: Federal Regulations and Industry Regulations