Regulation and Compliance

Is E-commerce at Risk in Apple's Security Dispute with the FBI?

Apple invests heavily in making its products secure, but now is being commanded by the FBI to make more investments to undo that work. Sunil Gupta discusses the fallout when business and government collide.

The FBI has ordered Apple’s help unlocking an alleged terrorist’s iPhone. The company has opposed the request and turned to the court of public opinion for help with a verdict.

As a House Judiciary Committee hearing gets underway this week, customers, lawmakers, and industry experts are all divided on who should bear the costs of cracking an iPhone. Is it Apple’s moral and fiscal responsibility to cooperate with national security at stake? Is the FBI’s request an overreach? And what implications does the case have for e-commerce, an industry that now accounts for more than $1 trillion in sales each year?

Sunil Gupta, the Edward W. Carter Professor of Business Administration at Harvard Business School, recently wrote a case on Apple Pay and the company’s ambitions of convincing consumers to trade in their real wallets in favor of virtual ones. Below, he offers insights into the huge stakes at play in the San Bernardino iPhone case.

Christian Camerota: Was it a good strategic move on Apple’s part to bring the FBI’s request into the public eye?

Sunil Gupta: There are arguments on both sides. The FBI was smart in making a very specific request rather than a general one, and that initial conversation probably took place behind closed doors. But as soon as the media becomes involved, public opinion starts counting and Apple knows that. So they’ve made the reasonable argument that if they encroach on citizens’ privacy and security even once by honoring the FBI’s request, the slope gets slippery very quickly.

Personally, I think it’s a fair thing for Apple to make it into a public debate and get a reaction from other tech people, as well as the public, especially given the stakes. As Bill Gates has already said, this is an important discussion to be having.

Security is vital for the structure of e-commerce and that’s the broader issue

Q: Is there a distinction to be made here between Apple protecting its own commercial interests and protecting customer security more broadly?

A: Apple is making two distinctions. The first is if there is data the FBI wants because of national security, and Apple can easily open up the storage closet (or in this case, the cloud service) and give it to them, they’re happy to do so. But the FBI is asking them to write a specific code to unlock their technology. That means they would have to put in a whole team just to write that code and break into something that they didn’t want to be broken into in the first place, which understandably seems counterproductive from Apple’s point of view.

The second point is that the FBI’s request goes against everything Apple is trying to do for security, on behalf of both their customers and their business. One of their main claims to fame, and what they focused on with tokenization and Apple Pay, is their ability to keep things secure by heavily encrypting the data passing through their devices and systems. If all of a sudden they have to build a whole army of employees working to undo something the company prides itself on—if there is backdoor in this day and age, no matter how secretive it is, some hacker will get access to it. And then all bets are off.

In the electronic world, the world of the internet, security is paramount because of how much and how rapidly information changes hands, and how easily it can be compromised. Security is vital for the structure of e-commerce and that’s the broader issue: Apple is playing its part. If they’re trying to build and maintain a secure system, we should encourage it. Of course, I can understand the national security aspect. But as Tim Cook wrote in his letter, jeopardizing customer security is a slippery slope.

Q: So is the cost not just to Apple but to the e-commerce industry prohibitive here?

A: It’s a strange situation from Apple’s point of view. They’ve told their engineers to create software that’s airtight, which nobody in the world can open, and devoted many years and a lot of resources to make sure that’s the case. Now, with the FBI request, Apple would have to put in a ton of Research and Development (R&D) to think exactly the opposite way, like a hacker. That’s a huge amount of R&D on both the front end and the back end, to accomplish something and then completely undo it.

Another way to look at it is this: the U.S. government used Blackberrys for a long time because they were secure. The government wants security, just like everyone else. But they can’t have it both ways—secure phones for the government and something else for the public. The FBI, for this new age, may need to break down these technological barriers themselves, perhaps by hiring their own computer scientists instead of making it each company’s job.

Q: What kind of obligation does a company like Apple have to government investigations? Or what kind of obligation should it have?

A: It is noteworthy that we’re in a country that allows us to talk about this openly in the first place. Imagine if we were in China. We wouldn’t even be having this discussion. The government would issue an order and Apple would have to comply.

On one hand, this will certainly play in favor of Apple because Apple is taking a stand. As a consumer, I feel good that my data is protected, and that will help the company’s reputation, whether that was the intended effect or not. On the other hand, there is at least some danger that they’ll be called anti-national and accused of not helping the right cause and only being after the profits.

All technology companies will face this at some point. You’ll remember Google walked out of China when China demanded data for national interests. And we hailed that as a great victory for American companies, saying Google did the right thing. So, there is an interesting contradiction we should make note of: if it’s China that’s asking for data it’s okay to say no, but if it’s the FBI, it’s not?

This article first appeared under the title The Cost of Cracking an iPhone on the Harvard Business School website.

Latest from HBS faculty experts

Expertly curated insights, precisely tailored to address the challenges you are tackling today.

Strategy and Innovation

Social Responsibility

Diversity and Inclusion