Tuesday, February 23, 2016

Apple, the FBI, and iPhone Encryption: A Battle of Biblical Proportions with Implications for HIPAA

 

Whether it was an apple or a quince, pomegranate, or some other more botanically-likely fruit growing in the Garden of Eden, God’s command in Genesis was clear: do not eat the fruit from the tree of the knowledge of good and evil.  When Adam and Eve ate the apple (or other fruit) anyway, they gained knowledge of evil (they already knew good).

Many thousands of years later, the battle between Apple and the FBI over device encryption oddly echoes themes from this ancient biblical story. Is the knowledge of evil potentially gained by unlocking an evildoer’s iPhone worth breaking society’s trust in the security of encryption?
Our law partner Amy Purcell recently posted the following on the Fox Rothschild “Privacy Compliance & Data Security” blog:

Fox Partner and Chair of the Privacy and Data Security Practice Scott L. Vernick was a guest on Fox Business’ “The O’Reilly Factor” and “After the Bell” on February 17, 2016, to discuss the controversy between Apple and the FBI over device encryption.
A federal court recently ordered Apple to write new software to unlock the iPhone used by one of the shooters in the San Bernardino attacks in December. Apple CEO Tim Cook has vowed to fight the court order.
The Federal Government vs. Apple (The O’Reilly Factor, 02/17/16)
I agree with Scott.
In January, I wrote here about the FTC’s announcement of a settlement with Henry Schein Practice Solutions, Inc. for falsely advertising that the software it marketed to dental practices provided the encryption necessary to protect patient data from breach. In reality, the software did not encrypt the data, but merely “camouflaged” or masked it from access by third parties.  The FTC’s action and settlement seemed to reflect the fact that encryption is viewed as the “gold standard” for protecting protected health information and other sensitive personal information, and advertising that a software product provides encryption when it really doesn’t is a problem.
If Apple is forced to create software that will break “gold standard” encryption so the FBI can gain knowledge of the evil that may lurk within a particular iPhone, this “gold standard” will be immediately devalued. In the HIPAA context, we will need another technology to render PHI “unusable, unreadable, or indecipherable to unauthorized persons” because, in essence, the biblical apple will have been bitten.

No comments:

Post a Comment