Modern field guide to security and privacy

Sparks fly over Apple v. FBI dispute at major cybersecurity gathering

As tens of thousands of people from all over the world convened this week in San Francisco for the RSA Conference to learn about the latest in cybersecurity innovation, the iPhone dispute between Apple and the FBI dominated the conversation.

Steven Senne/AP/File
Protesters carried placards outside an Apple store in Boston on Feb. 23.

It was all anyone seemed to want to talk about. Whether inside the vast exhibit halls or at the after parties at this year's RSA Conference, just about everyone had something to say about the legal dispute between Apple and the FBI.

Shouting over a DJ's thumping music at the many lavish parties thrown by cybersecurity vendors hoping to land new customers at the world's biggest digital security expo, Washington officials and tech executives polled one another about whether the US government's case against Apple would reach the Supreme Court.

Over pickled eggs and veal tartare, they fiercely debated whether it would be technically possible for Apple to help investigators access data on just one iPhone – or if the order amounts to a government backdoor into many devices that could compromise millions of consumers’ security and privacy.

Apple's fight against US court order demanding it write new software to bypass strong security measures on the smartphone used by the San Bernardino shooter has ignited one of the most controversial, high-profile debates about digital security the country has seen in years.

So it’s no surprise it was the talk of the town here. "It’s been a huge focus," says Merritt Maxim, a senior analyst at Forrester Research. "The dialogue's been happening all week."

"It’s interesting to everyone, and not just in security," he continued, "My mother’s interested in it. It’s not just about the technical issues, but the underlying issues: What rights does the government have, what rights does the individual have, and where do you find that balance? This a high-profile event to have these discussions."

Ever since the so-called "cryptowars" in the 1990s over a government plan to install a backdoor into encryption, the RSA Conference has been a hotbed for debate about whether the US government should be able to build in access to secure consumer technology.

This year's furor over the Apple court order, to many longtime attendees like Mr. Maxim, brings the so-called backdoor controversy full circle. "The same issues are percolating again now."

Even as many senior Obama administration officials sought to avoid directly addressing the Apple case in public, it became the unavoidable headline in coverage of many of their official talks, from Defense Secretary Ash Carter to Attorney General Loretta Lynch – even overshadowing news of creative new initiatives aimed at working together with hackers

Yet the controversy was on full display on a live panel Passcode moderated on Tuesday, as industry and government officials went toe to toe over which outcome would be truly better for national security.

"In this particular case, the stakes are high," said John Carlin, the Justice Department’s assistant attorney general for national security, at the Beat the Breach event. "It's the most serious terrorist attack since 9/11. The community is suffering and wants answers – and an important investigative step here would be to access the phone of what is actually a customer that wants help."

But Richard Clarke, a former White House counterterrorism adviser, shot back: "This isn’t something you want to search. You’re trying to force American citizens to do something – in this case write code – that they don’t want to write." Apple argues the order violates its First Amendment rights by compelling the company to write new code it believes is too dangerous for its consumers.

Mr. Clarke says he has "enormous sympathy for people who are fighting terrorists, and I understand that they want all the tools they can get."

But he also insisted that national security argument doesn’t hold water here. "We have already decided long ago that we’re not going to let counterterrorism people have everything they want …. Having secure encryption end-to-end has greater national value than this incremental addition to the FBI [capabilities]."

This is a case where the interests of law enforcement and intelligence agencies, said RSA President Amit Yoran, does not "align with those trying to defend our critical infrastructure, and our networks."

What’s more, Mr. Yoran openly worried, a win for the US government in this case could compromise users’ trust in all American technology. "We’re setting a very, very dangerous precedent where consumers’ trust in the products and technology they use, and security and privacy protection technologies they use, will at its core be in question."

Tony Avelar/The Christian Science Monitor.
Passcode deputy editor Sara Sorcher interviewed Assistant Attorney General for National Security John Carlin, RSA President Amit Yoran, and former White House cybersecurity adviser Richard Clarke about the dispute between Apple and the FBI at the second annual Beat the Breach event in San Francisco on March 1.

As the conference continued, a stampede of companies announced they would back Apple.

What most everyone at the conference wants to know, Forrester’s Maxim says, "is regardless of where the court decision goes, what kind of precedent does that set?"

Some of the world’s biggest brains in the cryptography field asked those same questions this week.

At a time when criminal and terrorist hackers are growing more advanced, "the good of the country relies on people having strong security. The systems we have are so fragile," says cryptographer Ron Rivest, a Massachusetts Institute of Technology professor, "that trying to extra keys or extra ways in… is asking for all kinds of trouble."

Other big name keynote speakers from companies echoed this view. "Despite the best of intentions, one thing is clear: The path to hell starts at the backdoor. And we need to make sure that encryption technology remains strong," said Microsoft’s President Brad Smith, pledging to stand with Apple to thunderous applause.

Yet even those with such strong opinions on the issue acknowledged the public will have to decide the appropriate trade-offs between consumer security and privacy – and law enforcement’s pursuit of criminals and terrorists – in American society.

"We need to have a discussion where we figure out what’s right for the country, rather than what’s right for this agency or that company, said cryptographer Paul Kocher.

On that, at least, US officials seem to agree.

"Let’s all stop talking past each other," said National Security Agency chief Adm. Mike Rogers. While he didn’t mention the Apple brouhaha or encryption specifically, the subtext was clear.

"We have got to get to a dialogue. That dialogue shouldn’t be the government unilaterally deciding what we should do; the industry unilaterally deciding what they ought to do. We’ve got to team up together to decide what is in the realm of the possible," he said.

What’s more, Admiral Rogers, "our citizens need to be the ones who say: 'This is what we are comfortable with, and this is not.' "

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to