SAN FRANCISCO — The debate on privacy vs. national security triggered by the recent Apple/FBI controversy lit up RSA Conference 2016, provoking sharp disagreement among panelists at one well-attended keynote. Leading cryptographer Adi Shamir said Apple had “goofed” and should have complied with the FBI, while data encryption expert Moxie Marlinspike applauded Apple’s stance, arguing that the company is performing a civic service by defying a court order.
The remarks came during Tuesday morning’s Cryptographers’ Panel, made up of pioneers and experts in the field of cryptography, which also included Martin Hellman, Professor Emeritus of Electrical Engineering at Stanford University, and Whitfield Diffie, cryptographer and security expert at Cryptomathic, both of whom received the 2015 A.M. Turing Award, or what moderator Paul Kocher of Rambus described as “the Nobel Prize for computer science.”
At the center of the panel discussion: the federal court’s ordering of Apple to help the FBI unlock the iPhone of one of the shooters in the Dec. 2, 2015, San Bernardino, Calif., terrorist massacre by creating new software to access the iPhone’s data. The FBI argues that refusing to do so compromises national safety, while Apple argues complying would create a “backdoor” that could set a precedent for creating systems to circumvent security.
The panel’s question: What impact will the possibility of technology companies being compelled by courts to create a tool that circumvents the security of their products have on national safety?
Most of the panel sided with Apple, saying that it would compromise national security.
MIT professor Ronald Rivest, who also heads the Cryptography and Information Security research group at MIT’s Computer Science and Artificial Intelligence Laboratory, said that compelling tech companies to provide extra keys or providing ways to dismantle their products’ security mechanisms is a can of worms unless Congress passes legislation that addresses thorny questions.
“Suppose we lived where this compelling can be done. Under what circumstances can this be done? How is the tradeoff done? Can anyone be compelled to do anything? Congress has to pass the law,” said Rivest, adding that the greater good of the country depends on both strong security and citizens’ right to have private conversations.
Hellman agreed, but added that he sympathizes with the FBI’s frustration and understands that its interest is not just in getting access to the data on a particular device, but with preventing crime.
“I think [FBI Director] Jim Comey is wrong, but we need to have a discussion on what is right for the country as opposed to what’s right for individual agencies,” he said.
Shamir, professor of computer science at the Weizmann Institute of Science in Israel, was alone in opposition, saying that while he is aware of the possibility of this case setting a precedent, the FBI is asking Apple to do something very specific.
“The FBI will give Apple a particular phone … to do something Apple is capable of doing,” he said. “It has nothing to do with placing backdoors in millions of phones throughout world.”
Shamir added that he believes the FBI has the advantage over Apple in this instance and that the tech giant made several “goofs.”
First, he argued, Apple made the argument that it is technically unable to help the federal agency with the investigation, but the argument failed because the FBI was able to point out specifically how Apple would be able to do so: create custom iOS software that would bypass or disable the iPhone’s security mechanism that limits how many times incorrect passwords can be entered.
“[Apple should] put out a new, updated system that will really prevent the FBI from [compelling Apple] to help them in the future, so that it is really able to make the argument,” Shamir said.
The second mistake Apple made, he said, is picking the wrong battle in what has been an ongoing issue while the FBI picked the ideal one to force its position.
“Almost everything is aligned in favor of the FBI. Even though Apple has encountered this in other previous cases, they decided not to comply this time,” he said. Apple should have complied this time and waited for a better “test case,” one in which its odds are better, Shamir added.
Marlinspike, founder of Open Whisper Systems, a nonprofit company that develops encryption software, aligned with the rest of the group.
Had FBI officials been able to access the data on the device, they likely would not have found much – there probably would not have been anything incriminating on the device; plus, the FBI already has a wealth of evidence, he said.
“The FBI already has all the certified call logs from cell phone carriers. It already has access to [the phone’s] iCloud backup,” said Marlinspike. “What the FBI seems to be saying is, ‘We need this because we might be missing something.’ … And the FBI seems to be saying we should consider their surveillance capability as something that is for our social good, and I don’t necessarily think this is true,” he said.
He put the Apple vs. FBI dispute on par with the legalization of marijuana and the legalization of gay marriage.
“How do we know we wanted to legalize marijuana if no one had been able to successfully consume marijuana because our laws had been perfectly enforced? … These developments would not have been possible without the possibility to break the law,” he said.