As Apple and federal authorities lock horns over whether the tech giant should provide software to weaken the defenses of an iPhone belonging to one of the shooters in San Bernardino, CA, a former Apple executive says his startup’s technology could help resolve such situations.
Chuck Goldman—founder and former CEO of mobile app management company Apperian and a former director in Apple’s enterprise division—this month joined Hoyos Labs, a three-year-old New York-based startup. As the company’s president, Goldman leads the firm’s Boston-area office and is second in command behind co-founder and CEO Hector Hoyos.
Hoyos is an inventor and entrepreneur who has led several biometrics technology companies—think security systems that scan fingerprints, irises, or faces to unlock a door or device, or to execute a transaction. Such technology is starting to move from the realm of Hollywood into people’s everyday lives; the fingerprint sensor on Apple’s iPhone is one salient example.
Hoyos’s latest company has created cloud-based software that serves as the back-end infrastructure that handles biometrics-based identity authentication for large companies. The 100-person firm’s pilot customers include banks using the technology to guard against fraudulent stock trades and healthcare providers that have enabled patients to order prescription medications on their smartphones, Goldman says.
But the software might also alleviate future impasses when law enforcement agencies seek Apple’s help accessing data on suspected criminals’ phones. Hoyos Labs could install its software on Apple’s servers, which would enable the company to remotely unlock the phone in question, but wouldn’t give the authorities the ability to access other phones’ data, Goldman says. That means Apple could avoid giving the government a “master key” or “backdoor” to any iPhone, which is what Apple executives say they fear would be created if they comply with a judge’s order in the San Bernardino case.
Goldman says he thinks Apple should “do everything in their power” to assist the FBI in these situations, “but I don’t believe that a backdoor should be set up as part of the iOS update to allow the government to remotely tap into a device as needed.” He adds, “To me, that would be a gross violation of privacy.”
With Hoyos Labs’ platform, Apple “could actually do what the government wants, and protect the privacy of everybody else,” Goldman says.
Hoyos Labs has demonstrated its technology to Apple officials, but the startup isn’t making a hard sales pitch at the moment, Goldman says. “Apple is in a firefight right now. So, the last thing we want to do is go and try to sell them something.”
It’s unclear if Apple would be interested. The company has reportedly helped authorities by extracting certain types of data from suspects’ phones dozens of times over the past few years, but it has done so without unlocking the phones and providing access to each device’s full contents.
The debate has come to a head with the case involving the San Bernardino shooter’s phone. After the FBI said it was unable to unlock the phone, a federal magistrate judge granted a U.S. Justice Department request and ordered Apple to lower the phone’s defenses. Specifically, authorities want Apple to disable the security feature that automatically erases the phone’s data after 10 wrong password attempts; then, the FBI would try and crack the phone by running software that could rapidly attempt millions of possible passwords.
Apple opposes the judge’s order. In a letter to customers, CEO Tim Cook said the FBI wants Apple to create a new version of the iPhone operating system that could be used to “unlock any iPhone in someone’s physical possession.” Although the government says the software would only be used on the shooter’s phone, Cook argued that such control couldn’t be guaranteed. He wrote that complying with the order would set a “dangerous precedent” that could lead to the government extending “this breach of privacy” to demanding Apple surveil its customers in various ways.
FBI director James Comey, in a post on the Lawfare blog Sunday, wrote that the scope of this case is “actually quite narrow,” and the plan isn’t to “set a master key loose on the land.” The Justice Department, meanwhile, thinks Apple’s refusal to comply with the order is “based on its concern for its business model and public brand marketing strategy.”
As technology continues to evolve rapidly, the case could prove pivotal in drawing the line between privacy and security interests in the U.S. and around the world.