Box CEO Supports Apple In FBI Battle But Looks At Privacy Shield Alternatives

AuthentificationCyberCrimeFirewallSecuritySecurity ManagementVirus
0 0 No Comments

Box CEO Aaron Levie says there needs to be a discussion between the tech industry and authorities about digital regulation as privacy becomes hot topic

Box CEO Aaron Levie has reiterated his company’s support for Apple’s public battle against the FBI, however the company was less emphatic in its support of the divisive Privacy Shield, the proposed replacement for the Safe Harbour data sharing agreement between the EU and US.

Apple refused to provide the FBI with access to an iPhone 5C related to the investigation of the San Bernardino terrorist attack last year, claiming such measures would damage trust among customers, compromise the security of its products, and set a dangerous precedent.

The FBI went to court to force the issue, but proceedings were abandoned after it was able to access data without the assistance of Apple.

Given that Box used its ‘Box World Tour’ event in London to detail how it would let customers store their data in the EU for regulatory and privacy reasons, and that Levie started his speech by “apologising” for Donald Trump, who has called for a boycott of Apple products over the issue, Levie’s comments were no surprise.

Apple v FBI

Box World Tour London 2016 Aaron LevieThe cloud firm has already supported Apple with an amicus brief and although the court battle ended prematurely as the FBI managed to gain access without the company’s help, Levie said it was important for government and the technology industry to discuss the issue.

Of particular concern was the use of the ‘All Writs Act’ – a law dating back to 1789 –  by the FBI, and Box wants new rules for the digital world, rules which are dictated by a long term vision, not just one incident.

“Our specific point or view is that the way the government approached Apple to try and open up the device was a particularly worrisome way of doing that,” he explained. “It would set a dangerous precedent using an archaic law.

“Around the world, we’re dealing with a lot of legacy policies and legacy regulation clashing with the digital space.”

Levie said the battles between Uber, authorities and taxi firms were an example of this wider battle. Ultimately, he said, discussions needed to determine what the responsibility of the technology industry in these matters was.

“We have a lot of collision between the legacy world and the digital world. This is showing up in security, privacy, life sciences and everywhere,” he added. “Our view is we need to have a wider conversation rather than one device and one incident.”

Privacy Shield

Box’s decision to let customers store their data on Amazon Web Services (AWS) and IBM Cloud data centres, starting with Ireland, Germany, Japan and Singapore, was partly motivated by privacy. Germany and the EU offer more stringent data protection and some regulated industries are unable to move some information and processes to the cloud if it isn’t protected by such rules.

“Germany in particular is an area where we think there’s a lot more opportunity than where we’ve been able to serve already,” said Levie. “They have a significant need for in-region storage.”

Safe Harbour, the previous data sharing agreement between the EU and US, was declared invalid in October last year and months of negotiations have resulted in its proposed replacement, Privacy Shield.

Microsoft is the first major company to voice its support for Privacy Shield, but the Article 29 Working Party (WP29), a group of national data protection authorities, has not given the framework its backing, citing concerns about the role of an independent ombudsman and US surveillance practices.

When asked by TechWeekEurope about Box’s view on Privacy Shield, Levie referred the matter to Box’s legal counsel, Pete McGoff, who said the company was still “looking” at at the proposed regulations as well as a number of alternatives – specifically ‘Binding Corporate Rules’.

Binding Corporate Rules define a company’s policy with regards to the international transfer of personal data to states that don’t have an “adequate” level of protection, according to the EU.

Take our cloud quiz here!


Click to read the authors bio  Click to hide the authors bio