Advertisement

Don't blame Apple for AT&T's security ineptitude

TJ Luoma
Updated ·3 min read

As we reported last night, a technology tabloid has published a sensationalist article blaming Apple for AT&T's security problems. Email addresses and the "ICC-ID" of 3G iPad users were compromised due to a flaw in AT&T's servers. Some prominent people in business and government had their email addresses exposed. These email addresses were stored on AT&T's computers.

So why is this Apple's fault? Because Apple has teamed up with AT&T, and therefore -- through the transitive power of magical thinking coupled with a deep desire for web traffic and Digg hits -- Apple is responsilbe for ensuring that AT&T doesn't make any mistakes. Apple is supposed to "patrol" AT&T's network.

Did you follow that logic?


Imagine if you go to the Department of Motor Vehicles and get yourself a driver's license. The DMV requires that you put your address on your license, and they require that your car be registered with the Registry of Motor Vehicles. Now let's assume that the people at the DMV are very smart people, and very security conscious. Let's further assume that the people at the Registry of Motor Vehicles are nimrods who forget to lock their doors, and one night someone breaks in and steals all of their records.

Are you going to go to the DMV and blame them for this? Unless you've been dropped on your head, the answer is "of course not." You are going to blame the RMV.

The only exception might be if the people at the RMV are so notoriously inept that you know anyone who hears this story is going to roll their eyes and say, "Of course those idiots did it again." No one is going to pay any attention to that. But if you blame the DMV, who have a reputation for being very smart people, oh, then you might get people's attention.

Look, we all know what this is, right? A website offering wild interpretations of the facts in order to get attention.

What is the actual damage done? The exposure of the ICC-ID numbers has no demonstrated risk associated with it. A lot of email addresses were exposed. A bunch of people are wishing that they had used their Gmail addresses instead of their actual work addresses. Is there a rational expectation that anything worse will happen?

Look, I'm happy to criticize Apple's choice of AT&T. I'd be glad to see the iPhone and iPad available on several different networks in the USA. Competition would lower rates, not to mention spreading out iPhone and iPad users among several carriers would ease the bandwidth burden. But let's not forget that Apple got AT&T to agree to host the iPad without a contract. That's still a very big deal, and will have a much better long-term effect, not only in the USA but across the world.

"AT&T screwed up" is a "dog bites man" headline. "Apple screwed up" is a "900+ Digg/4300+ retweet" headline.

Don't believe the hyperbole.