Apple versus FBI row is undercurrent at RSA security talks
SAN FRANCISCO – While there is a lot of talk here about how to better secure your company, an undercurrent at the RSA Conference is the row between Apple and the Federal Bureau of Investigation over the agency's access to data on an iPhone owned by the San Bernardino shooter.
Certainly, having congressional hearings on the row on the same day as the RSA Conference opened brought the issue to top of mind for speakers and RSA participants.
Two top U.S. administration officials who spoke here took very different approaches to the issue. The director of the National Security Agency, Adm. Michael Rogers, avoided the issue, stressing instead ongoing cooperation between his agency and private sector firms. Of course, the NSA has been at the center of the massive eavesdropping scandal unveiled by Edward Snowden, an NSA contractor who took confidential documents and leaked them over a period of months.
U.S. Attorney General Loretta Lynch tackled the issue head on. She said that the "middle ground" between the FBI and Apple is basically for Apple to comply with the court order and the FBI to get the data it needs. "The middle ground is to devolve to what the law requires."
Lynch stressed that the security vendors need to maintain the ability to obey court orders. "Having the inability to obtain evidence that could save lives is a real risk."
RSA President Amit Yoran summarized Silicon Valley's view in his opening keynote address on Tuesday. "Some policy proposals, such as those to weaken encryption, are so misguided as to boggle the mind. ... Weakening encryption is solely for the ease and convenience of law enforcement when pursuing petty criminals. No terrorist or nation-state actor would ever use technology that is knowingly weakened. If we weaken our encryption, you can bet that the bad guys will use it against us."
In congressional testimony on Tuesday, Apple General Counsel Bruce Sewell struck a similar defiant note. He told the House Judiciary Committee that Apple should not have to create a backdoor to the iPhone's operating system because it would weaken encryption on all iPhones, not just the one used by the San Bernardino shooter.
"The FBI has asked a court to order us to give them something we don't have, to create an operating system that does not exist because it would be too dangerous. They are asking for a backdoor into the iPhone — specifically to build a software tool that can break the encryption system which protects personal information on every iPhone," Swell was quoted by USA Today as saying.
FBI Director James Comey argued that Apple and other tech companies cannot be allowed to flout the U.S. legal system and ignore court orders by preventing law enforcement from doing its job of gathering crucial evidence on crimes and terrorist activities.
"The core question is this: Once all of the requirements and safeguards of the laws and the Constitution have been met, are we comfortable with technical design decisions that result in barriers to obtaining evidence of a crime?" Comey asked the committee, according to USA Today.
As I've argued in this publication before, this is not a case of the FBI getting an order from the secretive national security court to collect phone records of U.S. citizens in bulk, as the NSA did. This is the case of a court order from a normal U.S. court to collect data on a specific phone tied to a specific crime. So the FBI's request is well within its current authority.
At the same time, Apple is saying that complying with this order would result in a backdoor that can be used on all iPhones.
Ret. Gen. Michael Hayden, former director of the NSA and CIA, seemed to side with Apple in a recent interview with USA Today. The FBI "would like a back door available to American law enforcement in all devices globally. And, frankly, I think on balance that actually harms American safety and security, even though it might make Jim's job a bit easier in some specific circumstances ... when you step back and look at the whole question of American security and safety writ large, we are a safer, more secure nation without back doors," he said.
So it seems to come down to a technical question about whether Apple can comply with the court order and provide the FBI with a way to get the data on this particular phone without creating a backdoor to all its iPhones. Grandstanding on both sides is not helping. Let's try cooperation, instead. --Fred, @FierceFred1