The Volokh Conspiracy

Mostly law professors | Sometimes contrarian | Often libertarian | Always independent

Crime

Has Apple made iPhones illegal in the financial industry?

|

Apple's refusal to help the government unlock the San Bernardino shooter's iPhone may have some surprising consequences. Remember, Apple is defying not only the Justice Department but also the wishes of the iPhone's owner. That's because the iPhone in question is actually owned by the San Bernardino County Department of Public Health, which issued it to Syed Farook to use at work.

As a practical matter, Apple's technical and legal position elevates Farook's privacy over the interests of the iPhone's real owner. This may well be consistent with Apple's corporate marketing strategy, which seems to be making the iPhone so sexy that employees will simply demand that companies buy it for them. But the San Bernardino case is a wakeup call for companies who think that, because they are the customers, Apple owes them some allegiance.

Nope. Instead, Apple's technical and legal war with the United States government is turning its corporate customers into collateral damage.

As that lesson sinks in, enterprise purchases of iPhones may take a hit. Indeed, in the financial industry, the fallout could be worse. Given Apple's decision to privilege users' privacy above all else, it may well be unlawful for banks and brokerages to let their employees use iPhones at work.

Why? Because, in the financial industry, allowing yourself to be locked out of your employees' communications isn't just a bad idea, it's a violation of federal law. Since 2007, financial industry regulators have made clear that "FINRA expects a firm to have supervisory policies and procedures to monitor all electronic communications technology used by the firm and its associated persons to conduct the firm's business." (Emphasis in original.) In 2014, financial institutions were fined under this policy for failing to capture all of their employees' text messages.

There are probably ways to solve this problem technologically, if the employees cooperate. Their iPhones or their apps can be modified so that text messages are routed through servers where the encryption is stripped and the messages stored. But what if an employee instead chats with customers using his iPhone and an off-the-shelf messaging app that features end-to-end encryption? Then, I suspect, the only way to recover those messages is to get access to the iPhone itself, something Apple is trying its best to make impossible.

Maybe there's another way for the industry to justify the use of iPhones after the San Bernardino controversy. I'd welcome further comment from those closer to the industry.

One thing is for sure, though. The consequences of Apple's stand for corporate communications hasn't yet received enough attention.