March 18, 2016  5:53 PM

Leatherman Tool Group sees sluggish data center performance during ERP upgrade

Nicole Laskowski Nicole Laskowski Profile: Nicole Laskowski

The problem: Leatherman Tool Group Inc., a manufacturer of multifunction tools and knives based in Portland, Ore., updated its 20-year-old, DOS-based ERP system with Microsoft Dynamics AX, increasing the complexity of the system from one physical server to nine virtual machines. The upgrade to Microsoft Dynamics AX tied systems together that were previously siloed, enabling the company to better track products across the warehouse — from assembly to packaging to shipping. But it also created a new problem: slow data center performance, according to Dameon Kirchherfer, database and systems administrator at Leatherman.

The strategy: Because the new ERP system is dealing with an uptick in data volume, data movement and data complexity, performance issues were not unexpected, Kirchherfer said. In advance of the implementation, Leatherman purchased new hardware and back-end storage to mitigate those issues, but the data center performance issues persisted anyway. And the added complexity of the system made it difficult to pin down where the bottlenecks were occurring. The network and CPUs, for example, appeared to be functioning smoothly. “So we started our search into how we could speed up our data center,” he said.

The results: Leatherman turned to PernixData. Initially, the software helped reduce data latency by caching “hot traffic,” or traffic that needed to be moved the most frequently, closer to processors and RAM, according to Kirchherfer. And, it turned out, data latency was a symptom of another problem: The CPUs, which had been running at 50% utilization before the PernixData installation, couldn’t handle the speed at which the system needed to run. “So we upgraded our CPUs,” Kirchherfer said, providing Leatherman with improved performance speeds. Today, Leatherman uses PernixData’s infrastructure analytics product Architect to keep tabs on data center performance.

March 9, 2016  2:28 PM

Blockchain tech: U.S. representative calls on fintech community to educate Congress

Sue Troy Sue Troy Profile: Sue Troy

Blockchain technology — perhaps the hottest topic in the financial tech community — has finally made it on the radar of the U.S. Congress, but it’s been a long haul, much more education is needed and time is of the essence. Banks are scrambling to avoid disintermediation by the technology, according to U.S. Rep. David Schweikert, R.-Arizona.

Schweikert — who spoke at last week’s DC Blockchain Summit in Washington, D.C., and serves on the House of Representatives’ Financial Services Committee — said he has been following cryptocurrencies and Bitcoin for a number of years. The DC Blockchain Summit was hosted by Georgetown University’s McDonough School of Business.

“I will make the argument right now that only six or seven of my brothers and sisters [in Congress] even understand the basic mechanics of the distributed ledger,” Schweikert said. To combat that knowledge gap, when The Economist published a cover story about blockchain technology last October, the Financial Services Committee bought dozens of copies of the issue to distribute to members of Congress, Schweikert said.

Schweikert suggested that banks and other financial services companies are “scared to death” that blockchain technology will put them out of business. “If you’re in the money transfer business, if you’re in the credit card infrastructure business, if you’re the old processing systems, is this technology basically your disruptive threat?” he said.

Schweikert pointed to blockchain technology’s potential to enable peer-to-peer value transfer between people — without requiring a bank or government to enable or execute the transaction — as an enormous threat to community and regional banks. This threat is especially pronounced when you consider that there are many millions of people in the world who up until now have been “unbankable” — without access to a bank account and therefore unable to participate in a credit-based economy. With blockchain technology, cryptocurrency and a mobile phone, these people can join the economy without ever doing business with a bank, representing a huge lost opportunity to financial services companies.

And it’s not just banks that face disintermediation, he said; any company that acts as a middleman in financial transactions is at risk. “Say you want to sell stock,” he said. “Could I buy it directly from you and never have to have it land in another platform?”

Schweikert said that while banks’ biggest problems used to revolve around regulatory compliance requirements, today the biggest threats they face are cryptocurrencies.

He finished up his talk with a call to action for audience members, many of whom are advocates of blockchain technology. “What I will beg of you is, for those of you who have relationships with those of my kind, those of us who get elected and think we already know everything: Educate us on the upside here before — and I don’t have a delicate way to say this — before the control freaks find some way to destroy the incredible good this could do to our economy and the incredible good this could do for our world.”

March 3, 2016  10:28 AM

RSA Conference 2016: Apple ‘goofed’ in data encryption fight with FBI

Fran Sales Fran Sales Profile: Fran Sales

SAN FRANCISCO — The debate on privacy vs. national security triggered by the recent Apple/FBI controversy lit up RSA Conference 2016, provoking sharp disagreement among panelists at one well-attended keynote. Leading cryptographer Adi Shamir said Apple had “goofed” and should have complied with the FBI, while data encryption expert Moxie Marlinspike applauded Apple’s stance, arguing that the company is performing a civic service by defying a court order.

The remarks came during Tuesday morning’s Cryptographers’ Panel, made up of pioneers and experts in the field of cryptography, which also included Martin Hellman, Professor Emeritus of Electrical Engineering at Stanford University, and Whitfield Diffie, cryptographer and security expert at Cryptomathic, both of whom received the 2015 A.M. Turing Award, or what moderator Paul Kocher of Rambus described as “the Nobel Prize for computer science.”

At the center of the panel discussion: the federal court’s ordering of Apple to help the FBI unlock the iPhone of one of the shooters in the Dec. 2, 2015, San Bernardino, Calif., terrorist massacre by creating new software to access the iPhone’s data. The FBI argues that refusing to do so compromises national safety, while Apple argues complying would create a “backdoor” that could set a precedent for creating systems to circumvent security.

The panel’s question: What impact will the possibility of technology companies being compelled by courts to create a tool that circumvents the security of their products have on national safety?

Most of the panel sided with Apple, saying that it would compromise national security.

MIT professor Ronald Rivest, who also heads the Cryptography and Information Security research group at MIT’s Computer Science and Artificial Intelligence Laboratory, said that compelling tech companies to provide extra keys or providing ways to dismantle their products’ security mechanisms is a can of worms unless Congress passes legislation that addresses thorny questions.

“Suppose we lived where this compelling can be done. Under what circumstances can this be done? How is the tradeoff done? Can anyone be compelled to do anything? Congress has to pass the law,” said Rivest, adding that the greater good of the country depends on both strong security and citizens’ right to have private conversations.

Hellman agreed, but added that he sympathizes with the FBI’s frustration and understands that its interest is not just in getting access to the data on a particular device, but with preventing crime.

“I think [FBI Director] Jim Comey is wrong, but we need to have a discussion on what is right for the country as opposed to what’s right for individual agencies,” he said.

Shamir, professor of computer science at the Weizmann Institute of Science in Israel, was alone in opposition, saying that while he is aware of the possibility of this case setting a precedent, the FBI is asking Apple to do something very specific.

“The FBI will give Apple a particular phone … to do something Apple is capable of doing,” he said. “It has nothing to do with placing backdoors in millions of phones throughout world.”

Shamir added that he believes the FBI has the advantage over Apple in this instance and that the tech giant made several “goofs.”

First, he argued, Apple made the argument that it is technically unable to help the federal agency with the investigation, but the argument failed because the FBI was able to point out specifically how Apple would be able to do so: create custom iOS software that would bypass or disable the iPhone’s security mechanism that limits how many times incorrect passwords can be entered.

“[Apple should] put out a new, updated system that will really prevent the FBI from [compelling Apple] to help them in the future, so that it is really able to make the argument,” Shamir said.

The second mistake Apple made, he said, is picking the wrong battle in what has been an ongoing issue while the FBI picked the ideal one to force its position.

“Almost everything is aligned in favor of the FBI. Even though Apple has encountered this in other previous cases, they decided not to comply this time,” he said. Apple should have complied this time and waited for a better “test case,” one in which its odds are better, Shamir added.

Marlinspike, founder of Open Whisper Systems, a nonprofit company that develops encryption software, aligned with the rest of the group.

Had FBI officials been able to access the data on the device, they likely would not have found much – there probably would not have been anything incriminating on the device; plus, the FBI already has a wealth of evidence, he said.

“The FBI already has all the certified call logs from cell phone carriers. It already has access to [the phone’s] iCloud backup,” said Marlinspike. “What the FBI seems to be saying is, ‘We need this because we might be missing something.’ … And the FBI seems to be saying we should consider their surveillance capability as something that is for our social good, and I don’t necessarily think this is true,” he said.

He put the Apple vs. FBI dispute on par with the legalization of marijuana and the legalization of gay marriage.

“How do we know we wanted to legalize marijuana if no one had been able to successfully consume marijuana because our laws had been perfectly enforced? … These developments would not have been possible without the p­ossibility to break the law,” he said.

February 29, 2016  11:59 PM

Consumer privacy rights herald ‘third wave’ of Web content management

Linda Tucci Linda Tucci Profile: Linda Tucci
Data protection, Web content management

Kevin Cochrane was on the line from Paris. The chief marketing officer at Jahia Solutions, a Web content management software provider, Cochrane had a vendor pitch to make  — but not before prosecuting a case for consumer privacy rights.

Cochrane, who’s been a CMO at Agari and at Open Text, and before that, the vice president of digital marketing at Adobe, believes a new age of  Web content management is upon us — a “third wave” as he puts it.

Today, companies can no longer simply point customers the way to their online brands and goods, as they did in the first wave of Web content management. Nor is it enough to offer targeted, pertinent, personalized goods and services to customers, as businesses learned to do in the second wave. In 2016, it’s incumbent upon companies to take hold of the entire customer experience.

“That means taking responsibility for every customer interaction, online and off, whether directly through an employee or indirectly through a web site, to ultimately determine the lifetime value and happiness of the customer,” Cochrane said.

Managing the customer digital experience includes protecting consumer data and ultimately, in his view, enabling consumer privacy rights. “This is about making certain that we’re transparent about the consumer data we have, why it is delivering value to the consumer and putting consumers in charge of their digital lives,” he said.

Content management software in three waves

So what’s the pitch? In the Jahia world view of the Web content management software market, this third wave follows much the same pattern as the previous two: disruptive technologies change the conversation between consumers and the brands they do business with.

Browser, personal email. The market for Web content management software — the first wave — was created in 1999 following two technology disruptions: the advent of the modern Web browser and the rise of consumer email. Companies could  build a web site and marketers could reach consumers in their homes with links that took them to that web site. By 1999, consumers were beginning to appreciate the convenience of shopping online. “And companies realized they needed to move from traditional marketing activities to marketing online,” Cochrane said.

Facebook, the iPhone. The market for Web experience management software — the second wave — was created in 2009, “again after three years of digital disruptions,” Cochrane said. In 2006, Facebook opened up to the world, and people didn’t have to be a student at Harvard to build digital social connections with family and friends. A year later the iPhone debuted, followed by the worst consumer financial crisis since the Great Depression.

“Marketers recognized that consumers didn’t just want convenience. They wanted immediacy in terms of feedback from their family and friends on their smart phone before making the critical decision to part with their hard-earned cash in a turbulent economy,” Cochrane said. Web experience management was all about targeted experiences on mobile devices and social networks.

Big data, IoT. “Now we’re at the forefront of the third wave,” Cochrane said. In 2013, with the popularization of big data and the availability of Hadoop, it became possible to process large volumes of consumer data for customer insights. A year later, the Internet of Things became manifest in wearables such as Fitbit and programmable, sensor-driven thermostats and security systems (e.g. NEST).

“What that meant was not only could you — in real time — process more data, you could collect more data than ever before about where the consumer is in the moment,” Cochrane said. “Consumers in the first wave wanted convenience; then they wanted immediacy. What they really want now is intimacy.”  We don’t want to have to explain ourselves to a brand every time we interact with it.

Consumer privacy rights made easy?

Of course, Jahia can help do that — it sells technology that collects all this customer data, analyzes it and makes it available in real time to employees so companies can forge intimate customer relationships.

But, as Cochrane points out, customer intimacy depends on trust. So, in partnership with the Apache Software Foundation, Jahia is building infrastructure for consumer data privacy and protection — offering consumers the ability to click on a link, see what companies know about them and exercise their consumer privacy rights to delete the data permanently, anonymize it or stipulate that the data not be sold to a third party.

Sounds good, right? But will companies buy into it? “Brands that want to be leaders will be the ones to move faster and say, ‘You can trust your online experience with us; you can trust that personal engagement and intimacy because we are protecting your data,'” Cochrane said.

Consumer privacy rights as competitive advantage. I’ll believe it when I see it.

February 29, 2016  6:11 PM

The four facets of an Agile PMO

Nicole Laskowski Nicole Laskowski Profile: Nicole Laskowski

The Agile project management office (PMO) leverages the centralized portfolio management team to deliver on projects and products faster, said Michael Nir, president and founder of Sapir Consulting US and author of the book The Agile PMO. At last week’s Society for Information Management Boston chapter meeting, Nir identified four ways PMOs can do that.

Remove waste. “If there’s one thing a PMO can contribute on a portfolio level, it’s to start looking at what stands in your way of delivering value,” Nir said.

During his presentation, he identified two types of waste: process waste and project product waste. Process waste includes cumbersome documents that take a long time to create but no one bothers reading. A 30-plus page project charter is an example. Project product waste includes the development of product features no one will use.

Prioritize projects. For many PMOs, that means reworking the intake process for projects. Nir recommended PMOs apply Kanban, a manufacturing process developed by Toyota that uses visual cues to trigger an action.

One of the characteristics of Kanban is to use a pull system, enabling teams to take on projects when they’re ready, rather than a push system, which creates a queue of work.

The same technique can be applied to portfolio management by gathering all project requests and then prioritizing them into a backlog. Nir argues PMOs are in the best place to take on the prioritization task, as they have no horse in the game.

Allocate resources. If resources aren’t allocated strategically, businesses may find themselves in a classic airlines situation: If a plane breaks down or flights are delayed because of weather or a pilot becomes too sick to fly to a point where passengers have to be rerouted, an entire segment of the day’s plan collapses, he said.

“The solution is to use capacity allocation that works,” Nir said. He recommended CIOs read Critical Chain, a “business novel” written by Eliyahu Goldratt. The book takes a close look at the critical chain of project management, an approach developed by Goldratt that prioritizes resources as a major consideration for managing projects well.

Agile leadership. In a hybrid Agile/waterfall organization, executives and Agile teams aren’t speaking the same language and aren’t looking at the same key performance indicators. PMOs can be instructive in getting the two teams to see eye to eye. “You need to talk and agree,” Nir said. From his experience, that’s easier said than done. In one example from his own consultancy practice, Nir said he had to make the waterfall practitioners sit down with the Agile practitioners so that they could walk through the Agile manifesto together and negotiate basic terms.

“If we don’t do that up front, we’re going to pay for it later on by having disagreements,” he said.

In part one of this two-part blog post, Nir explains why PMOs are best positioned to become ambassadors of Agile.

February 29, 2016  6:05 PM

PMOs could benefit from supporting, adopting Agile

Nicole Laskowski Nicole Laskowski Profile: Nicole Laskowski

Adopting Agile methodology for IT seems like a no-brainer these days. But CIOs may not anticipate the complications — such as the culture and language barrier — Agile can create. Agile methodology, a alternative to the rigid, sequential waterfall methodology, breaks projects into smaller pieces, enabling teams to work in an iterative fashion and to change directions when needed.

When adopted by software development teams, Agile shakes up the workflow and introduces new terms such as “scrum master” and “sprint” into the software development team’s everyday vocabulary. But the executive management team often continues to work — and often has to work — in a style driven by top-down control, according to Michael Nir, president and founder of Sapir Consulting US and author of the book The Agile PMO.

Instead of adopting one methodology over the other, some companies, especially large corporations and regulated industries, may benefit from a hybrid approach that marries Agile and waterfall project management together. One best practice that can make the transition a little easier? Finding an intermediary or a translator to help executives and Agile teams get on the same page.

Nir argues that no office is better positioned to do this than the project management office (PMO), a team that oversees the project portfolio across the enterprise to ensure that projects come in on time, on budget and within scope. PMOs often standardize how work gets done within an enterprise, how projects get funded and how the portfolio is managed.

“One of the problems we’re seeing when we’re rolling out program management initiatives, whether they’re PMOs or just portfolio projects: We tend not to think end-to-end agility,” Nir said during his presentation at last week’s Society for Information Management (SIM) Boston chapter meeting. Instead, agility is associated only with the software developers. “We think about the [software] teams, the scrum masters. But this is not the only agility the business needs to adopt if we want to move toward a functioning PMO and a functioning value-driven portfolio.”

Taking a more holistic approach to agility couldn’t hurt many PMOs, suggested Nir, citing Gartner and ESI International research findings that 30% to 50% of PMOs fail.

In part two of this two-part blog post, Nir lays out four tips on how to become an Agile PMO.

February 29, 2016  5:06 PM

Students’ tech smarts pose challenge for college IT teams

Jason Sparapani Jason Sparapani Profile: Jason Sparapani
CIO, College, IT

Kids today. They’re a tech-savvy bunch. At least, that’s the popular notion.

“They’re very facile with their fingertips. Whenever I watch somebody type on an iPhone or read the newspaper on the iPhone, I’m always quite amazed at it,” said Robert Juckiewicz, vice president of IT at Hofstra University. “But they don’t have a very good understanding of anything underneath.”

So IT at the Hempstead, N.Y., school has a computing support center to help students work through issues they have with software or other technology. And it holds technology fairs where they can play with circuitry, learn about coding or dive into virtual reality with Google Cardboard, the low-cost, smartphone-enabled headset.

It’s a way to show students how technology could serve them in their careers, Juckiewicz said.

To today’s college students, born in the mid- to late 1990s, the staticky racket of a dial-up Internet connection is the sound of a long-ago era. They’ve looked to technology for entertainment, in video games and the iTunes store, and interactions with peers, through social media. Tech has played a part in their educations, too, with tablets and cloud-based software helping to form the way they see and understand the world. The challenge for college IT teams today is to cater to students’ proclivity for technology and even use it as a positive force in their educational development.

Using technology for good

And a challenge it is. Not all students know how mobile devices work, but most of them have one or more — and they expect to use them everywhere. For Juckiewicz, that frames tough questions for IT: How do you support thousands of different devices on campus at any given time? And how do you use those devices, and emerging technologies and software, for learning and teaching?

The IT team works to answer the first question, on networking and mobile infrastructure. For the second, it involves faculty, helping professors and lecturers use technology like smart devices to improve how they teach and, perhaps more important, how students learn.

“So what we struggle with in faculty computing and student computing is, how do you use all of this [technology]?” Juckiewicz said. “It’s great that you’ve got it, but who cares if it’s not doing something good?”

Students as teachers

For Eric Hawley, CIO at Utah State University, students’ knowledge of and familiarity with technology is very much a boon.

“In many ways students come in and they change the way we work,” he said. “They come in with different communication practices, different preferences.”

Hawley cited the school’s learning management system, which tracks and delivers coursework online, as an example. Students can choose how faculty and staff communicate with them, with assignments showing up in Google Calendar and announcements made over Twitter or Facebook.

For Hawley, that means giving students — plus faculty and staff and even IT units outside of his central IT department, what he calls “the edge” — flexible platforms, like Google Apps and, to work with. They handle all the complexity and integration of delivery formats.

“One of the great things about the technology is you sort of get this strange new mix-up,” Hawley said. “Everything is standardized, yet the edge can consume it in 15 different ways.”

For how college IT teams are handling shadow IT, read “University IT departments struggle to stay always open, always secure.”

February 29, 2016  11:03 AM

Robots, security as a service, cloud galore, shape ITO-BPO 2016 outlook

Linda Tucci Linda Tucci Profile: Linda Tucci

Heads-up from the ITO/BPO experts at global law firm Mayer Brown — look for dozens of new developments in the IT and business process outsourcing market in 2016. Among the trends outlined in the firm’s recent webinar:

Attorneys Rebecca Eisner, Paul Roy, Brad Peterson and Dan Masur, partners in Mayer Brown’s business and technology sourcing practice, see 2016 ITO-BPO market changes as falling under four broad themes. Here’s a recap of the highlights.

1.  Emerging technologies transform ITO-BPO services

Paul Roy_mayer

Paul Roy

Cloud goes mainstream. Everyone wants a piece of the cloud services market — traditional ITO/BPO providers, which now are making cloud a standard part of their services, as well as software and products companies seeking to defend and expand their turf. As a result, cloud vendors are losing their special status (and just maybe their “my way or the highway” attitudes) as more flexible and customized ITO/BPO services come on the market. “Buyers should develop well-organized approaches to buying cloud,” Roy said.

Here come the robots. ITO and BPO companies are “close to exhausting opportunities to move work closer to lower cost people,” Roy said, and are moving the work to machines. “For example, in BPO we are seeing this with automated email and document scanning that gathers the required data for automated entry and routes that data to the various business functions,” he said. Buyers with contracts designed to purchase human labor “will need to re-evaluate their existing deals and reconcile their contracts to this new world.”

Digital services deployed for competitive advantage. Cloud and digital services, in case anyone needs reminding, should not be viewed as just cost-cutting measures but as vehicles for improving a company’s competitive position. Case in point: the equipment manufacturers using Internet of Things (IoT) to allow customers to better manage and monitor their products — and the “tremendous benefits” derived from capturing and analyzing all the data.

2.  Multi-sourcing will push demand for integration services

Dan Masur_Mayer

Dan Masur

The provider list keeps getting bigger. “In the last two years, we have worked with more than 50 providers and the trend is continuing. These range from cloud providers such as Amazon and to Rackspace to everything-as-a-service providers,” Masur said. In addition to the big name cloud providers, customers are looking at emerging digital technology providers to help them become “truly digital businesses.”

ITO integration services are in demand. The more providers companies hire, the harder it is to integrate all of these services. “Many of the most powerful cloud technologies will require integration efforts comparable to those required to install [enterprise resource planning] systems,” Eisner said.

IT organizations don’t have enough people trained in managing these multiple platforms and providers. “Companies will have to hire the expertise for service integration, incident management, change management and other important cross-functional areas” she said.

Provider partnerships are increasing: Last year saw formal teaming between Accenture and Amazon, PwC and Google and HCL and Microsoft, as vendors scrambled to meet high customer  demand for integrated services and risk mitigation. Expect more such partnerships.

3.  Cybersecurity and data dominate the risk agenda

Poor security will cost you. Cyber threats, now a board-level topic, will only increase as IoT and other telematics are used in consumer and commercial products. “Regulators have clearly taken note and will exact increasingly large fines for poor security,” Roy said

Rebecca Eisner

Rebecca Eisner

Security as a service arrives. In response to increased cyber-risks, companies will rely on third party specialists for managing information security rather than on relying just on their outsourcing partners or on trying to manage security themselves, Eisner said. These security specialists will identify weak links and security gaps between outsourcing providers.

Data protection and privacy laws on the rise. The end of Safe Harbor  for the transfer of personal data out of Europe and passage of a Russian law requiring that data remain in Russia, will challenge customers and ITO/BPO providers. The Mayer Brown experts predict more data centers will be located in Europe to address some of these concerns.

4.  Deal pace, M&A drive ITO-BPO activity

Deals are getting done at warp speed. Competitive pressures have forced deals to “run faster and faster,” according to Peterson. Under pressure to act fast, companies are “fielding substantial negotiating teams working on an agile basis to close smart deals fast,” he said. They also are using a variety of forms, tools, template and instituting policies that will help them move quickly when a market opportunity arises.

Brad Peterson_mayer

 Brad Peterson

Banner 2015 M&A activity gives rise to reconfigured IT services. Record merger-and-acquisitions in 2015 are driving ITO, BPO and cloud activity, as companies rationalize the IT and business processes they inherited.  Said Roy, “2016 will be a banner year for ripping apart shared service centers and service contracts — and replacing them for the newly configured companies created by those M&A deals.”

February 23, 2016  4:42 PM

Do the feds need Apple to bypass smartphone encryption?

Jason Sparapani Jason Sparapani Profile: Jason Sparapani
Apple, Encryption, FBI, iPhone

Last week, I wrote in SearchCIO’s Searchlight news column about Apple’s opposition to a federal court order directing the company to give the FBI the tools to get into the iPhone used by Syed Rizwan Farook, one of the suspects in the San Bernardino, Calif., massacre in December.

A reader commented on the IT Knowledge Exchange blog that instead of forcing Apple to circumvent its smartphone encryption controls, the government should create its own lock-picking software.

The FBI wants to get at the information stored in the phone — texts, photos, maps — to see whether Farook or his wife, Tashfeen Malik — both killed by police after the shooting deaths of 14 people at the county health department where Farook worked — had connections to terrorist groups. Does it need Apple’s help, or can it use its own resources to unlock the device?

Layers of security

First, here’s the issue. The upgrades to Apple’s iOS operating system on the iPhone 5C, the model of the phone Farook used, encrypt all data on the phone, so even Apple can’t get to it — that is, without creating a special tool.

The FBI doesn’t have the password that is locking the phone, and investigators can’t just go guessing, because of a feature Farook could have enabled that would destroy all stored data once someone enters an incorrect password 10 times. Is it switched on? The FBI doesn’t know that, either.

Still, it might be possible for the FBI to access at least some of the data, said Khalid Kark, who works on Deloitte’s CIO research team.

“There’s a fairly good chance that if you put in the 10 passwords the data is going to be wiped,” he said. “But even if the data is wiped, there are actual physical-hardware ways to still capture the data or remnants of the data and piece it together.”

Tough going for the government

But accessing the data hidden behind an unknown password and Apple’s smartphone encryption would be a painstaking process, Kark said, and even “sophisticated hacking” by the government may not capture 100% of the information in the phone.

The FBI missed an opportunity to get a backup of the data. The Justice Department said the password was reset by the San Bernardino County health department, which owned the phone. If it were not reset, the information could have been backed up to Apple’s cloud. Apple said the government had the phone when the password was reset.

Avivah Litan, an analyst at market research outfit Gartner who specializes in cybersecurity, wasn’t optimistic about whether the feds could gain access to information on the phone.

“Only if they got the password from someone,” she said. That, though, is possible — if the FBI can find the right people. “Maybe they left behind friends that have their password. People tend to reuse passwords, so maybe they could.”

February 23, 2016  4:40 PM

U.S. lacks law to make Apple help bypass encryption

Jason Sparapani Jason Sparapani Profile: Jason Sparapani
Apple, Encryption, FBI, iPhone

The federal court compelling Apple to help the FBI bypass encryption controls in the iPhone used by one of the suspects in the San Bernardino, Calif., massacre is leaning on a 227-year-old law called the All Writs Act. Part of the Judiciary Act of 1789, the statute authorizes the government to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

In 2016 English, that means it lets the government issue any order it needs to make somebody do something, as long as it is for a legal reason. Jonathan Mayer, of The Center for Internet and Society at Stanford University, called the law a “Swiss Army knife for the courts” that has been used in a wide range of scenarios, including challenging criminal convictions and establishing real estate.

While the law is broad, it’s not all-powerful. In fact, the ruling that orders Apple to work with the FBI on the phone states that if the tech company finds compliance “unreasonably burdensome,” it can appeal. The company has until Feb. 26 to do so.

No law to turn to

Johna Till Johnson, president and founder of Nemertes Research, said the legal ground under the FBI’s feet is shaky.

“That’s exactly why Tim Cook made it public,” she said, referring to the Apple chief executive’s public letter to customers about the “dangerous precedent” complying with the court order would set.

Right now, Johnson said, “there is no law that says you need to re-engineer every mobile device to disable encryption.”

The Communications Assistance for Law Enforcement Act of 1994 requires telecoms to let the government around encryption controls in their networks, but it doesn’t cover mobile devices. Congress has been reluctant to pass legislation requiring tech companies to build “backdoors,” or shortcuts around encryption, into their products. In Johnson’s view, that could be on purpose.

Legal action

“If they did that, they’d kill the mobile phone industry,” she said. Foreign cell phone equipment suppliers like Alcatel-Lucent, already spooked by the revelations of global surveillance programs by former government contractor Edward Snowden, would want nothing to do with us.

“Everybody would stand up and say, ‘No way, José. The U.S. can do without mobile phones. We’re done,” Johnson said.

There is some activity on the issue. Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) are pushing for a bill to bypass encryption on mobile devices. Rep. Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.) are seeking an approach that balances government access to encrypted data with privacy protection, beginning with a commission to study the privacy and security implications of new technologies.

What might the world look like under a law requiring tech companies to decrypt information? Read the post “Life under a new encryption law.”

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: