Technology security is making big news these days. It’s no surprise to anyone who uses it – which means, just about all of us – that we routinely place our full faith and trust in devices and networks – and we are totally crazy for doing so. The sad fact is, there really is no such thing as security where data is concerned. There are simply relative degrees of security, and the attempt to do the best possible job of limiting access to unauthorized persons.
One piece of disturbing news: recently, a California hospital was locked out of its own data files. While often, medical records are hacked because they contain so much valuable information about an individual such as social security numbers, credit card information, Medicare and Medicaid numbers, and so on, in this case, the hospital’s entire computer system was being held hostage.
“The attack used what’s known as “ransom-ware” — malicious software that encrypts files which can only be unlocked with a software “key” after a ransom is paid.” (CBS News)
Hackers got past all of the hospital’s security and were able to insert code that locked anyone out who lacked the “key.” They demanded $17,000 (why such a relatively small sum, one wonders?) In bitcoin – a currency virtually impossible to trace. The hospital paid, order was restored. Heads probably rolled in the IT department. HIT (Health Information Technology). If I were advising young tech geniuses what to pursue for challenge and reward, HIT, not plastic, comes to mind. As the population ages and government intrudes further and further into healthcare management, security at hospitals and physician practices will only become more critical.
In another situation, a California judge ordered Apple to create an “unlock” for the San Bernadino terrorists iPhone.
Apple said “No!”
“The device in question — an iPhone 5c — was in the possession of Syed Farook, who, alongside his wife, carried out a mass shooting during a training event at the San Bernardino County Department of Public Health, where he worked, last December. The phone was owned by the agency and assigned to Farook. He and his wife were later killed by police in a shoot out.
“Authorities want access to data on the phone and are seeking Apple’s help to crack the pass code (PDF) by creating software which, when loaded onto the device, would circumvent the security system. That’s because, beyond the passcode itself, Apple’s security measures include an ‘auto-erase function’ which, if activated by a user, will erase all data on a device if the passcode is entered incorrectly 10 times.
“In a letter to Apple customers, Cook said Apple has provided “data that’s in our possession” but it will not develop a “back door” for its software:
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a back door to the iPhone.
“Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a back door. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
This case is of particular interest because Apple is clearly saying it doesn’t trust its own software engineers (who would presumably be creating the parallel OS), or it doesn’t trust the FBI with the ability to unlock an iPhone.
Of all the challenges to computer technology, clearly, security will be the highest and greatest necessity in the years to come.