Buried under the human resources monster-of-a-headline that Apple leader Steve Jobs is stepping aside is the news that the tech giant has made an intriguing addition to its security team, hiring former National Security Agency analyst, U.S. Navy cryptographer, and “Geekonomics” author David Rice as director of global security.
Rice’s hiring comes on the heels of Apple bringing on three other key players to its security team in the last two years alone, from Window Snyder, the former security chief at Mozilla, to both Ivan KrstiÄ‡, the former head of security for the One Laptop Per Child project, and Jon Callas, the former CTO of encryption software maker PGP.
As iPhone sales skyrocket, the iPad version 2.0 prepares to debut, and the company hits the 10 billionth app mark, what should every security memo coming out of their offices include? Read on for our top five.
- Secure Software: For tech security geeks, Rice’s name should ring a bell from his 2007 book Geekonomics that equated software vulnerabilities to public hazards, just like we view threats to bridges and other physical infrastructures in the United States. He enters Apple as an outspoken critic on how large software companies write software, painting software purchasers as “crash test dummies,” and telling Forbes in 2008: “Companies like Oracle or Microsoft say their software is unbreakable or trustworthy. But those statements are vacuous and cheap to make, and there’s no consequences for when they’re wrong.” Adding, “When you’re buying Oracle’s or Apple’s software there’s no notion of what you’re getting into. Some say Apple is more secure than Microsoft. That’s a totally subjective statement, there’s no objective measurement going on – the risk is invisible. So the market really can’t choose to buy more secure software.”
- Secure for Businesses: A just released report from Cisco Systems found that computer scammers have turned their attention to mobile devices like the iPhone and the iPad, just as business demand for those items heats up too. As in Apple’s case, too often those devices are introduced into the corporate environment but not built or manufactured with corporate use in mind, leading to dangerous results. Rice’s addition should make for a strong, internal voice for continuing to include important features like data encryption in storage and transit, remote kill switches, and password policies in the iPhone 5 and new iPad.
- Secure Supply Chains: The latest from DigiTimes says that Apple has invested $3.9 billion on supply chain partnerships, most recently adding Foxconn Electronics, Foxlink, Gold Circuit Electronics, and Epistar for the iPhone 5. Other reports indicate Apple could also be adding Toshiba and Sharp as screen manufacturers for the iPhone 5 and iPad 2. The expansion shows Apple is looking to, and will now be able to, offer more features on its new devices, but will also have to build in more controls as it spreads construction out across multiple suppliers.
- Secure Social Media: The juiciest reports now trickling in ahead of the iPhone 5 and second-generation iPad indicate both will be more social-media friendly, with the iPhone, in particular, set to include a “Media Stream” and a photo upload service called “Photo Streaming.” Another feature, “Find My Friends,” will use assisted GPS updates to show you where your friends are at any given time. As Apple expands into social networking, it will no doubt want to pay attention to statistics like these, and keep users’ safety, and online privacy expectations, at the forefront of design and innovation.
- Secure “State” Secrets: For a company known for being “secrecy-obsessed,” a huge gaffe came last year when the next-generation iPhone prototype was revealed to the world after being left in a California bar by an Apple engineer. Don’t think that will happen again, and not under Rice’s watch. Still, the company will want to guard the next generation iPhone and iPad closely, and not leave any other state secrets laying around any Bay Area bars. Already perhaps a sign of the new times, or back to the old ways of doing things, the company has not confirmed reports of Rice’s hiring, explained his duties or job specifics or returned reporters’ calls for comment. And to be sure, Rice isn’t talking either.