Loretta Lynch wades into Apple vs FBI, raising fundamental questions

As the US attorney general Loretta Lynch shared her thoughts Tuesday on the battle between Apple and the FBI, she spoke of some of the deeper issues at stake, the precedents that could be set as passions swirl around this single iPhone.

Gary Cameron/Reuters/File
U.S. Attorney General Loretta Lynch testifies before a House Appropriations subcommittee on the Justice Department's budget in Washington February 24, 2016.

US Attorney General Loretta Lynch has waded into the melee surrounding Apple and the FBI, posing some fundamental questions about the issues at stake.

The comments, made Tuesday during the RSA cybersecurity conference in San Francisco, came the same day as a congressional hearing on the other side of the country, in which both Apple and the Federal Bureau of Investigation voiced their opinions.

During that session in Washington, FBI director James Comey claimed that “all parts of the US government” had been consulted in the effort to crack open the iPhone at the center of this storm – and none was able to help.

“Do we let one company decide this issue for all of us?” said the attorney general, in a Bloomberg interview at the RSA conference. “Do we want one company to say this is how investigations are going to be conducted and no other way?”

And so she drilled down to the heart of this debate, which goes far beyond a single iPhone, a single company, or even the FBI. The question is one of precedent, of how much access law enforcement agencies should be granted, both today and going forward.

Yet to portray the struggle as simply between privacy and security is to miss some of the most integral facets of the issues at stake, as Susan Landau, professor of cybersecurity policy at Worcester Polytechnic Institute, who gave evidence at Tuesday’s congressional hearing as a technical expert, tells The Christian Science Monitor in a telephone interview.

“This isn’t about security versus privacy, it’s security versus security,” says Dr. Landau. “There is a long queue of phones the FBI and state law enforcement agencies also want Apple to open. The problem with more than one is that you’ll need to set up a process, which doesn’t have the same level of scrutiny as a one-off or once-in-a-while event.”

With a process in place, it would then become easier for those engaged in organized crime, as well as nation states, to take advantage of weaknesses and gain access to devices.

This matters, says Landau, because phones are not just for photos or text messages. Increasingly, we access our email, our calendars – a whole plethora of personal and business-related information – as well as using mobile devices to assist in authentication.

“If you look at how systems are broken into, the most valuable thing to get hold of is log-in credentials,” Landau tells the Monitor. “What the FBI is pushing for will make phones less secure.”

Indeed, at the inaugural Usenix Enigma security conference in San Francisco at the end of January, Rob Joyce, chief of Tailored Access Operations at the National Security Agency, underscored the importance of log-in details as a means of access for hackers.

“In the world of advanced persistent threat actors (APT) like the NSA, credentials are king for gaining access to systems,” wrote Kim Zetter in Wired. “Not the login credentials of your organization’s VIPs, but the credentials of network administrators and others with high levels of network access and privileges that can open the kingdom to intruders.”

Moreover, as an illustration of the kind of chaos that can be unleashed when access information is acquired by those with dubious intentions, one only needs to consider a Department of Homeland Security report released on Feb. 25 about the cyberattack last year on Ukraine’s critical infrastructure:

“The companies believe that the actors acquired legitimate credentials prior to the cyber-attack to facilitate remote access.”

The issues at stake are complex but crucial. The outcome of the debate will “set a precedent for security of our citizens,” as Jamie Winterton, director of strategy for Arizona State University's Global Security Initiative, wrote in the Monitor. “It's healthy to have a vibrant debate about the iPhone case – and matters of privacy and national security more generally – but the way [some presidential] candidates have talked about risks is encouraging a toxic tug-of-war between government and tech."

“No one benefits from animosity between the two," she wrote. "But the country would also suffer if one were enslaved to the other.” 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.