Modernizing Authentication — What It Takes to Transform Secure Access
Seems like just about everyone - from network news anchors to your next door neighbor - has an opinion on Apple's fight with the FBI over unlocking a cell phone used by one of the two terrorists who killed more than a dozen people in a mass shooting in San Bernardino, Calif. Even the world's most famous cryptographers cannot agree on whether Apple should be compelled to create anti-encryption software to help the government agency retrieve data from the phone.
During a cryptography panel at the RSA conference in San Francisco, Ron Rivest, (the R in RSA), said he sees a dangerous precedent for compelling technology companies to create circumvention systems to unlock encrypted data.
Most of the panelists agreed with Rivest.
"Apple makes products that serve their customers and we should applaud that," said Moxie Marlinspike, founder of Open Whisper Systems and creator of the open-source SSLsniff and SSLstrip hacking tools.
Cryptographer Whit Diffie commented that in a tyranny, people are denied the opportunity to control their actions. It's something that worries him about the FBI's demands. "Who controls machines is who controls the world," he said.
Cryptographer Martin Hellman agreed, and said he is signing an amicus brief supporting Apple's actions.
There are a lot of misconceptions in the debate, said Adi Shamir (the A in RSA), who noted that there has been tension between law and technology vendors for while.
"Some people say it's about putting backdoors in encryption, but I don't' think it's the case," Shamir said. "The FBI is asking for something very specific; it wants Apple to help open a single phone, and it's not about putting a trapdoor on millions of phones."
In his view, Apple goofed, he said, adding that the ancient philosopher Sun Tzu stated that it's important to choose where to fight. The FBI was waiting for an ideal situation to push the issue of unlocking encrypted data and it found it, Shamir said. In this case, there is no question as to the guilt of the shooter and, because he died during the incident, the FBI seemingly has no other options for retrieving data from his phone.
"My advice to Apple is that they should have complied this time and waited for a better test case for one that would not have been so hard," Shamir said.
That said, Shamir acknowledged that it could set a troubling precedent.
Even with positions like Shamir's, panel members agreed that no one supports widespread use of backdoors in cryptography. Such backdoors weaken security rather than improving it, the panelists stressed.
Actions by the NSA to intentionally weaken cryptography have led to a new generation of apps and technologies that might ultimately end up making everyone more secure, however. Marlinspike said he's hopeful for the future. With the new generation, there are no communication apps that provide their own end-to-end encryption.
"We might be wining the future of private communications against mass surveillance," Marlinspike said.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.