Apple vs. FBI Takes Spotlight at RSA Conference

Apple's refusal to help the FBI unlock an iPhone used by the suspected terrorist involved in December's mass shooting deaths of 14 people in San Bernardino, Calif., predictably took the spotlight at this week's annual RSA Conference in San Francisco.

The RSA Conference is considered the largest gathering of security and encryption experts, drawing 40,000 attendees. Some of the world's leading encryption experts sparred with each other, the nation's top law enforcement official and the head of the U.S. Department of Defense about Apple's refusal to unlock the phone and whether restrictions on encryption are necessary to protect against criminal and terrorist activity -- or to investigate prior crimes.

Microsoft President and chief legal officer Brad Smith used his RSA keynote address to double down on last week's promise to stand behind Apple's refusal to unlock the phone. "Businesses have a right to know so they can defend themselves, and it's why we at Microsoft are joining other companies across our industry to stand up for and stand with Apple in this new, important case," Smith said. "We need to stand up, be thoughtful and also be vocal. Despite the best of intentions, one thing is clear: The path to hell starts at the back door and we need to make sure that encryption technology remains strong."

In addition to Microsoft, industry giants including Amazon.com, Box, Cisco, Dropbox, Evernote, Facebook, Google, Mozilla, Nest, Pinterest Slack, Snapchat, What'sApp and Yahoo signed a 31-page amicus brief filed yesterday in support of Apple.

"The principal argument we make in our joint brief is straightforward," Smith said in a blog post. "The court order in support of the FBI request cites the All Writs Act, which was enacted in 1789, and last significantly amended in 1911. We believe the issues raised by the Apple case are too important to rely on a narrow statute from a different technological era to fill the Government's perceived gap in current law. Instead we should look to Congress to strike the balance needed for 21st century technology."

Associating the All Writs Act with this issue is a clear indication of the need to modernize laws to align the use of digital technology with privacy, Smith added. "What's needed are modern laws passed by our elected representatives in Congress, after a well-informed, transparent and public debate," he noted.

Some of the world's leading encryption experts debated the issue, as well, during the traditional Cryptographers' Panel at RSA. Among those taking issue with the FBI's stance is Martin Hellman, who played a key role in developing public key cryptography and is now a professor emeritus in electrical engineering at Stanford University. Hellman said he was filing an amicus brief in support of Apple asking the court vacate the order. "I think it is a mistake," Hellman said during the panel discussion. "The danger is it will set a precedent."

Adi Shamir, who co-developed the RSA cryptosystem (the "S" in RSA) with Ron Rivest and Leonard Adleman, disputed the notion that the FBI has asked Apple to create a back door. "The FBI is asking Apple to do something very specific," said Shamir, who is now a professor of computer science at the Weizmann Institute in Israel. "The FBI will give Apple a particular phone and ask Apple privately to open up that particular phone. It has nothing to do with placing back doors in millions of telephones around the world. It's not an issue of mass surveillance. I think we are the confusing issue."

U.S. Attorney General Loretta Lynch, who spoke at an RSA session and fielded questions by Bloomberg TV anchor Emily Chang, said she was miffed by Apple's refusal to develop code to unlock the phone in this particular case. "The issue we are facing now is how do we, as an American law enforcement agency, fully investigate the worst terrorist attack on American soil since 9/11. Those issues are very important," Lynch said. "Up until recently, Apple maintained the ability to provide information to the government without any loss of safety or security of the data on their devices. It happens all the time, every day of the week all across America. This is a very different decision by Apple to not participate in that national directive."

Apple acknowledges it has done so in the past, but only for versions of iOS 7 or earlier. However, iPhones running iOS 8 or higher feature passcode-based encryption, designed to provide customers with higher levels of security and privacy. "We are no longer able to use the data extraction process on an iPhone running iOS 8 or later," the company said in a letter to customers last week. Hackers and cybercriminals are always looking for new ways to defeat our security, which is why we keep making it stronger."

Lynch argued the FBI is requesting the software for this one phone, and it's not requesting that Apple turn over that software to law enforcement. "What we are asking them to do is to is to help us with this particular device, not to give the technology to us," she said. "They can keep it, they could destroy it, they could essentially be done with it and it would let us try and get into the phone. We don't even want them to be the ones to get into it."

Apple has argued it's not that simple. Apple General Counsel Bruce Sewell this week testified before a House Judiciary Committee that developing software to unlock this one device is effectively asking the company to create a back door for all phones. "They are asking for a back door into the iPhone -- specifically, to build a software tool that can break the encryption system which protects personal information on every iPhone," Sewell testified in his prepared remarks. "As we have told them -- and as we have told the American public -- building that software tool would not affect just one iPhone. It would weaken the security for all of them."

In a separate session at RSA, U.S. Secretary of Defense Ash Carter fielded questions from Ted Schlein, general partner with the venture capital firm Kleiner Perkins. Carter declined to speak of the Apple case specifically, but said: "I'm not a believer in back doors or a single technical approach to what is a complex and complicated problem. I don't think that's realistic, I don't think that's technically accurate."

Just before speaking at RSA, Carter appointed Eric Schmidt, former Google CEO and now executive chairman of parent company Alphabet, to lead a new Defense Advisory Board to help provide balance between ensuring the privacy and security of the nation's defense infrastructure. "He knows that you can't have freedom, you can't have innovation, you can't take care of your families, you can't have a career if there isn't security," Carter said. "So somebody's got to provide security. It's a serious business. It's not a game."

Posted by Jeffrey Schwartz on 03/04/2016 at 1:00 PM