It’s a strange sight to see one of the country’s greatest companies become a political football during a presidential campaign. But that’s exactly what is happening now with Apple, as it battles the Department of Justice and candidates call for a boycott of its products.
So what does this have to do with banking? In a word: Everything.
First, let’s understand how peculiar it is to see this happening to a corporation with the power and reach of Apple. This is a company that’s become synonymous with innovation, commands unprecedented customer loyalty, generates massive coverage, enjoys huge brand recognition and continues to benefit from gigantic revenue, profits and market capitalization. It’s at the core of numerous issues that are currently front and center in the economy, from production outsourcing to changing consumer behavior through mobile capabilities. By any measure, Apple is firmly of the moment and in the zeitgeist.
And yet, with all that clout and visibility, Apple has gotten in the cross-hairs of prosecutors and presidential wannabes alike. Reason: The government wants the company to build a ‘backdoor’ specifically to access an iPhone used by the San Bernardino terrorists. This would require Apple to write software to specifically hack into its own un-hackable device.
Apple—backed by everyone from Google and Microsoft to many consumer right’s advocates—has said no. It claims that this would be the first step on a very slippery slope. Terrorism is surely a special and noble reason to make gain access to confidential information, but what’s the guarantee it’ll stay the only one? What’s to stop the government, or just about any other party, from making the same request and getting a judge to sign off on it?
As the case works its way through the legal system, let’s consider which other industry might have a vested interest in protecting its customers’ information. That’s right: It’s financial services.
Every entity in this space, from the largest multinational to the account in a strip mall, is charged with guarding its’ clients confidentiality. There are indeed requests made to get at the information, such as during money-laundering investigations or contested divorces, but those cases are typically guided by numerous precedents. But thanks to the technology twist here, we’re in a whole new world.
The Communications Assistance for Law Enforcement Act (CALEA), which covers wiretapping activities, was passed back in 1994, a year when most consumer were just hearing about this thing called the Internet. The goal at the time was to “enhance the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities, allowing federal agencies to wiretap any telephone traffic; it has since been extended to cover broadband Internet and VoIP traffic.”
Reading it now, the danger signs are evident just from the wording. And to be sure, these laws have been used—it was reported only last year that messaging records from Bloomberg alone have been subpoenaed by government agencies and regulators once a month since as far back as 2009.
Still, the lengths that Apple is being asked to go to now seem like a stretch. For one thing, the case adds to the nervousness many banks already feel about doing business overseas, which falls within routine operating procedures now. Physical bank vaults are guided by local, state and national jurisdiction; intellectual property in virtual spaces shatters all the old guidelines. With data residing in the cloud, who has jurisdiction? And how will European and Asian banks feel about the precedent this case sets?
All conglomerates and even plenty of smaller and mid-size companies in different corners of the banking industry now have proprietary software designed to protect their customers’ information. If the current episode goes against Apple, can they be asked to write new software that violates existing codes and contracts? And if Apple, with all its prominence and power, can be made to submit, what choice will other organizations have?
For the record, it’s already possible for just about anyone else to write the necessary code, particularly with Apple’s code-signing key. Indeed, that’s happened with other companies and their keys. The trouble is that one piece to access to one particular device is basically impractical. A killer app today is commodity tomorrow and legacy the day after. The advance required in this case could compromise a whole host of other phones, tablets and devices.
It’s truly unnerving to have to take a position that helps protect the information of a vile terrorist who died taking innocent lives. However, the stakes here are truly monumental.