Box CISO on Apple case: Broken security 'will eventually be used against us'

From a CISO's point of view, peeling away layers of security controls to create a backdoor into encryption would give even the most basic software bugs the potential to wreak havoc on computer systems.

Apple may be going toe to toe with the FBI in its ongoing encryption battle, but the iPhone maker now has a bevy of technology companies throwing their formal support into the ring.

Cloud storage company Box said Thursday it plans to file an amicus brief alongside Google, Facebook, Yahoo and Microsoft.

legal showdown

FBI vs. Apple could make or break Silicon Valley

The FBI scores a game-changing win in the battle between tech firms and law enforcement over device access, setting legal precedent that may never be undone.

Read More

Telecommunications giant AT&T and internet provider Mozilla also joined the growing list of Apple supporters Thursday, as well as Twitter, Nest Labs, Evernote and Snapchat.

The companies are standing behind Apple's assertion that the All Writs Act does not compel Apple to comply with the FBI's request to unlock an iPhone used by one of the shooters in the San Bernardino attack. The common link between all of the supporters is the potential threat that a backdoor would pose to digital security.

Box's chief information security officer Joel de la Garza wrote an impassioned blog post earlier this week explaining his choice to support Apple and the dangerous implications that could arise if the iPhone maker were to comply with the FBI's request.

"The FBI request of Apple to create a backdoor into the iPhone for Law Enforcement is exactly the kind of feature that will eventually be used against us," he wrote. "Given how important technology is today in our lives and economy, an effective security strategy, crafted only with short-term in mind, is a liability we simply can't afford."

At the heart of de la Garza's argument is a matter of risk versus reward. From a CISO's point of view, peeling away layers of security controls to create a backdoor into encryption would give even the most basic software bugs the potential to wreak havoc on computer systems.

"This reality is missing from our current debate about the FBI's order to Apple in the San Bernardino tragedy," wrote de la Garza.

"In this broader context, the answer to this problem is more security, not less. Any backdoor -- no matter how well intentioned -- is just as likely to help those who would commit crimes, or worse, commit violence, than it would those pursuing justice."