You are a 4-time world champion, accused of acknowledging a scheme to tamper with footballs to win football games, with a world-class beautiful wife and kids, tons of famous friends and, to support a one-sided biased investigation, you are asked for your cellphone and the information on it.
I would have smashed it too.
To me, the issue is not whether Brady’s phone had information on it that was pertinent to the investigation, the fact is that the phone contained lots of other information that was NOT pertinent to the investigation. Can you imagine what the contents of a celebrity’s phone looks like? With the success, wife and life that Tom Brady leads, I can picture the shallow, profit hungry press just rubbing their hands and licking their chops waiting for the first leaked photos or texts.
Good job Tom.
If you google “leaks and the NFL,” you get the picture that information provided or generated by the NFL to keep a secret is about as safe as the classified information that was stored on Hillary Clinton’s personal email server (which, for the uninformed, is suspected to be in China). There are numerous reports of leaked schedules, contract information and even leaks on “Deflategate.” If the NFL cannot guarantee the privacy of the league’s information entrusted to them, how would they extract, analyze and protect the enormous amount of data that was on the phone? Especially an overzealous league that has already proclaimed Tom Brady’s and the Patriot’s guilt and have imposed immense fines and punishment on them. That information would have been on the Internet in a week.
So why talk about this in a cybersecurity blog?
In cybersecurity, trusting critical information such as personally identifiable information, healthcare information, personal information or intellectual property is a critical decision for any person or business. Whether it’s being stored on the cloud, or on your own business server, the owner of that data must be sure that the entity trusted with the data can protect it using best business practices such as encryption, log monitoring, periodic vulnerability scans and penetration tests, limited access rights and up-to-date firewalls, antivirus and operating systems. In cybersecurity, proper data protection ensures the privacy of that information, which is a proper expectation of any person. Without the ability to guarantee the protection of information from being leaked, the NFL gave up its right to request the phone and the information on it.
The next time the NFL goes after a team or player, they should right their leaky boat and generate the trust between the players and the league that their data will be protected.
Or maybe they just need a good cybersecurity company?