This Week in Modern Software: The Great Apple/FBI Encryption

Written by New Relic
Published on Feb. 23, 2016

 

Welcome back to This Week in Modern Software, or TWiMS, our weekly analysis of the need-to-know news, stories, and events of interest surrounding the software and analytics industries. This week, our top story concerns the high-stakes showdown between Apple and the federal government.

TWiMS Top Story:
Judge Forces Apple to Unlock San Bernadino Shooter iPhone—NBC News

What it’s about: A federal judge on Tuesday ordered Apple to help law enforcement officials unlock the iPhone belonging to Syed Farook, one of the people responsible for the mass shooting in San Bernardino, California, on December 2. Later on Tuesday, Apple posted a letter to its website, “A Message to Our Customers,” signed by CEO Tim Cook, that says Apple opposes the order, setting up a major legal battle between the company and the federal government. The government wants to be able to access, decrypt, and analyze data on the devicean iPhone 5c running iOS 8 or higher, according to multiple media reportsto learn more about Farook and his wife, Tashfeen Malik, in their ongoing investigation of the shooting. While the feds have said the order is specific to this horrific case, many worry about a slippery slope. In his public letter, Cook writes: “If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.” 699px-US-FBI-ShadedSeal.svg

Why you should care: Everyone is paying attention to this story because the stakes are enormous, not just for tech companies and the government, but potentially for both national security and the privacy of anyone who goes online or uses a smartphone. The outcome could carry considerable implications for stakeholders in the ongoing “going dark” debate about encryption, a topic that has consistently pitted tech companies against the federal government. The showdown has spawned a full spectrum of heated opinions and responses from, well, just about everyone. The links below should give you a good sense of the stake and various sides of the debate. Expect plenty more to come as the legal battle unfolds.

Further reading: 

The User Experience: Why Data—Not Just Design—Hits the Sweet SpotKnowledge@Wharton

What it’s about: A new essay from Wharton’s Knowledge@Wharton site should be required reading for modern software makers. “Good user experience design has become table stakes,” write authors Scott A. Snyder, president and CSO of Mobiquity and a senior fellow at Wharton, and Jason Hreha, founder of Dopamine. “If you don’t do it well, you can’t even get out of the gate in this hyper-competitive digital world.” But the key to great UX isn’t just design—it’s dependent on data and how you use it to deliver what customers really want. That’s no small feat: “There is a fine line between ‘helpful’ and ‘annoying’ in the digital world, and the price of getting your data-driven personalization right or wrong may be the difference between a delighted customer and one who will never come back to your brand,” the authors write.

Why you should care: If you’re still relying on a traditional UX approach—or wondering why your personalization efforts aren’t paying off—there’s a fundamental lesson here for you. The authors identify three key reasons why digital experiences fail their users (and ultimately their product owners) and the importance of moving to a data-driven UX model. Snyder and Hreha acknowledge that evolution may be a struggle for some companies, but they do provide seven core steps for getting there. For example, you’re going to need access to “a big data and analytics environment capable of capturing and acting on behavioral analytics data in real time,” and shift your recruiting focus to “a new breed of user experience designers—those with analytics skills to support the design of adaptive user experiences.” And here’s a tip that seems to get overlooked far too often in modern software: “Deliver immediate benefits to users before asking for more of their data.”

Augmented and Virtual Reality Make a Play for the EnterpriseTechTarget

What it’s about: CIOs who think augmented and virtual reality (AR/VR) is merely the stuff of consumer fancy might want to recheck their assumptions, according to Deloitte Digital. In fact, “augmented and virtual reality technologies may be better suited for the enterprise than the consumer market,” writes TechTarget’s Nicole Laskowski. “Employees could apply augmented and virtual reality technology to build rapid virtual prototypes, test materials, and provide training for new employees—all of which can translate into productivity gains for the organization.” Deloitte’s Steve Soechtig tells Laskowski that collaboration is the biggest driver of adoption in enterprise settings, though there are other use cases. The piece also notes that huge AR/VR players such as Google, Facebook, and Microsoft have big plans for the enterprise space, and companies like Ford Motor Company and IKEA are apparently already using AR/VR in the workplace and customer experience, respectively.

Why you should care: Even if IT isn’t leading the AR/VR charge in the enterprise, CIOs and their teams better be ready to support it, according to Deloitte, who shared with Laskowski three key impacts of rising adoption. They should sound more than a bit familiar to organizations that have already undergone the sea change of the bring-your-own everything (BYOE) era, whether with mobile devices, SaaS apps, wearables, or other technologies. Soechtig says that introducing AR/VR to existing IT environments shouldn’t be all that different from adding any other “experiential interface.” He offers this final advice: “The one counsel I would offer is that it’s a bit more intensive in terms of bandwidth and processing … because the expectation of true, real-time response is a requirement.” That got us thinking, too: Beyond the IT implications, enterprise AR/VR should create significant new opportunities for developers who can bring to life those “experiential interfaces” for business users.

Hospital Pays $17,000 Ransom to Get Access Back to Its Encrypted FilesCSO Online

hospital graphicWhat it’s about: Cybercrime does pay. This is a story that should probably be getting even more attention than it already has in our 24-7 news cycle: Two weeks after Hollywood Presbyterian Hospital was effectively knocked offline and its data encrypted by a ransomware attack, the Los Angeles hospital agreed to pay the attackers 40 Bitcoins, or roughly $17,000, to return its systems to normal. In a letter posted to the hospital’s website, president and CEO Alan Stefanek wrote: “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.” Previous reports that the attacker had demanded 9,000 Bitcoins, or well north of $3 million, were inaccurate, according to Stefanek.

Why you should care: Ransomware has been around for a while, but the Hollywood Presbyterian case highlights the rising stakes of keeping software and infrastructure healthy and secure. An unwitting laptop user who gets hit with a ransomware payload by clicking on a infected link might end up with a major inconvenience (and a more modest price tag to decrypt their files), as in last year’s Cryptolocker scourge. But in a healthcare setting, lives can be put at risk. In the Hollywood Presbyterian incident, Stefanek said patient care was never “compromised in any way,” and that there is currently no evidence of patient or employee data being breached. But among other lessons learned, the hospital case shows that ransomware exists because it works. Many security experts warn against paying ransomware attackers because it motivates additional attacks, and multiple watchers wondered why Hollywood Presbyterian’s data wasn’t properly backed up. Ultimately, the hospital may have had no choice other than paying the ransom, notes IDG News Service’s Jeremy KirkArs Technica reports that early investigations point to a phishing attack as the ransomware’s source—so don’t discount the human element in your security strategy, folks.

Further reading: 

 

What BuzzFeed’s Dao Nguyen Knows About Data, Intuition, and the Future of MediaFast Company

Da NguyenWhat it’s about: Perhaps no industry has been disrupted, in the favored parlance of Silicon Valley entrepreneurs and venture capitalists, more than the media business. But that doesn’t mean there are no more publishing empires. Fast Company’s profile of BuzzFeed publisher Dao Nguyen reveals that media is now fundamentally a technology and data business, and the companies that are thriving—more people visit BuzzFeed’s flagship site each month in the U.S. than visit The New York Times—have embraced that transformation instead of resisting it. The fact that Nguyen, a self-professed computer junkie who learned to code when she was seven years old, is publisher of the BuzzFeed empire, speaks to the immense value and competitive advantage of data and analytics in almost any industry.

Why you should care: One of the most compelling element of Fast Company‘s profile of Nguyen, culled from a cover story on the entire company, is how it reveals the inherent nuances and complexities of what it means—and doesn’t mean—to be data-driven. In fact, Nguyen tries hard to dispel a key misconception: “Data scientists are telling reporters what to write and what to cover. That’s totally a myth.” It’s also a misconception to think of being data-driven as simply being obsessed with numbers. Sure, that’s part of it: Clicks, shares, and the myriad other metrics of the modern media game. But for Nguyen, it’s about a wider range of inputs that includes and is not limited to numbers: “If you’re publishing every day and get a lot of signals that are both quantitative and qualitative, and anecdotal even, you can begin to form ideas about content.” Another key that almost any business or manager can learn from: Foster a data-driven culture. “I feel like the third part that is necessary, critical, is the culture encouraging all that,” Nguyen tells Fast Company. “That, in many ways, is one of our biggest competitive advantages.”

 

We Analyzed the HTTPS Settings of 10,000 Domains and How It Affects Their SEO—Here’s What We Learnedahrefs Blog

What it’s about: LinksSpy founder and developer Christoph Engelhardt serves up an analysis of HTTPS/SSL settings on a huge slew of the Web’s most popular sites and, well, his conclusion tells the tale: “After analyzing the top 10,000 websites I can say one thing: HTTPS is the neglected step-child of SEOs and administrators alike.” We rightfully tend to think of HTTPS (and the related SSL) as a security protocol, as it encrypts data flowing between browsers and Web servers, whereas regular HTTP leaves data visible to anyone inclined to look at it while in transit. Engelhardt notes the proper implementation of HTTPS is also an important part of getting people to your site in the first place. Among other reasons why: HTTPS usage is now a signal in Google’s all-important search algorithms. So using it ought to be a no-brainer, right? You’d think so, but no—not even close.

Why you should care: An astonishing 60% of the websites included in Engelhardt’s analysis don’t use HTTPS at all, and that figure bumps up to 65% when you include sites with HTTPS set-up errors. Just one in 10 sites had what Engelhardt considers flawless HTTPS settings—that is, using HTTPS, making sure all other URL iterations redirect straight to the “canonical” version, and using permanent (HTTPS status code 301) instead of temporary (HTTPS status code 302) redirects. All of this will become even more important when Google begins displaying a red “X” over a lock icon in Chrome’s address bar for any site not using the protocol. Engelhardt expects Mozilla will follow suit with Firefox, too. Unless you use HTTPS, ” Your website will look broken in the eyes of your visitors,” he warns.

Want to suggest something that we should cover in the next edition of TWiMS? Email us at [email protected].

About the Author

Kevin Casey is a freelance technology writer and business writer for InformationWeek and other publications, with an increasing focus on IT careers and big data. Kevin won a 2014 Azbee Award from the American Society of Business Publication Editors for his feature story "Are You Too Old For IT?" and was a 2013 Community Choice honoree in the Small Business Influencer Awards. View posts by Kevin Casey.

Explore Job Matches.