Sparks fly over Apple v. FBI dispute at major cybersecurity gathering
Search for a path forward
As tens of thousands of people from all over the world convened this week in San Francisco for the RSA Conference to learn about the latest in cybersecurity innovation, the iPhone dispute between Apple and the FBI dominated the conversation.
SAN FRANCISCO — It was all anyone seemed to want to talk about. Whether inside the vast exhibit halls or at the after parties at this year's RSA Conference, just about everyone had something to say about the legal dispute between Apple and the FBI.
Shouting over a DJ's thumping music at the many lavish parties thrown by cybersecurity vendors hoping to land new customers at the world's biggest digital security expo, Washington officials and tech executives polled one another about whether the US government's case against Apple would reach the Supreme Court.
Over pickled eggs and veal tartare, they fiercely debated whether it would be technically possible for Apple to help investigators access data on just one iPhone – or if the order amounts to a government backdoor into many devices that could compromise millions of consumers’ security and privacy.
Apple's fight against US court order demanding it write new software to bypass strong security measures on the smartphone used by the San Bernardino shooter has ignited one of the most controversial, high-profile debates about digital security the country has seen in years.
So it’s no surprise it was the talk of the town here. "It’s been a huge focus," says Merritt Maxim, a senior analyst at Forrester Research. "The dialogue's been happening all week."
"It’s interesting to everyone, and not just in security," he continued, "My mother’s interested in it. It’s not just about the technical issues, but the underlying issues: What rights does the government have, what rights does the individual have, and where do you find that balance? This a high-profile event to have these discussions."
Ever since the so-called "cryptowars" in the 1990s over a government plan to install a backdoor into encryption, the RSA Conference has been a hotbed for debate about whether the US government should be able to build in access to secure consumer technology.
This year's furor over the Apple court order, to many longtime attendees like Mr. Maxim, brings the so-called backdoor controversy full circle. "The same issues are percolating again now."
Even as many senior Obama administration officials sought to avoid directly addressing the Apple case in public, it became the unavoidable headline in coverage of many of their official talks, from Defense Secretary Ash Carter to Attorney General Loretta Lynch – even overshadowing news of creative new initiatives aimed at working together with hackers.
Yet the controversy was on full display on a live panel Passcode moderated on Tuesday, as industry and government officials went toe to toe over which outcome would be truly better for national security.
"In this particular case, the stakes are high," said John Carlin, the Justice Department’s assistant attorney general for national security, at the Beat the Breach event. "It's the most serious terrorist attack since 9/11. The community is suffering and wants answers – and an important investigative step here would be to access the phone of what is actually a customer that wants help."
But Richard Clarke, a former White House counterterrorism adviser, shot back: "This isn’t something you want to search. You’re trying to force American citizens to do something – in this case write code – that they don’t want to write." Apple argues the order violates its First Amendment rights by compelling the company to write new code it believes is too dangerous for its consumers.
Mr. Clarke says he has "enormous sympathy for people who are fighting terrorists, and I understand that they want all the tools they can get."
But he also insisted that national security argument doesn’t hold water here. "We have already decided long ago that we’re not going to let counterterrorism people have everything they want …. Having secure encryption end-to-end has greater national value than this incremental addition to the FBI [capabilities]."
This is a case where the interests of law enforcement and intelligence agencies, said RSA President Amit Yoran, does not "align with those trying to defend our critical infrastructure, and our networks."
What’s more, Mr. Yoran openly worried, a win for the US government in this case could compromise users’ trust in all American technology. "We’re setting a very, very dangerous precedent where consumers’ trust in the products and technology they use, and security and privacy protection technologies they use, will at its core be in question."
As the conference continued, a stampede of companies announced they would back Apple.
What most everyone at the conference wants to know, Forrester’s Maxim says, "is regardless of where the court decision goes, what kind of precedent does that set?"
Some of the world’s biggest brains in the cryptography field asked those same questions this week.
At a time when criminal and terrorist hackers are growing more advanced, "the good of the country relies on people having strong security. The systems we have are so fragile," says cryptographer Ron Rivest, a Massachusetts Institute of Technology professor, "that trying to extra keys or extra ways in… is asking for all kinds of trouble."
Other big name keynote speakers from companies echoed this view. "Despite the best of intentions, one thing is clear: The path to hell starts at the backdoor. And we need to make sure that encryption technology remains strong," said Microsoft’s President Brad Smith, pledging to stand with Apple to thunderous applause.
Yet even those with such strong opinions on the issue acknowledged the public will have to decide the appropriate trade-offs between consumer security and privacy – and law enforcement’s pursuit of criminals and terrorists – in American society.
"We need to have a discussion where we figure out what’s right for the country, rather than what’s right for this agency or that company, said cryptographer Paul Kocher.
On that, at least, US officials seem to agree.
"Let’s all stop talking past each other," said National Security Agency chief Adm. Mike Rogers. While he didn’t mention the Apple brouhaha or encryption specifically, the subtext was clear.
"We have got to get to a dialogue. That dialogue shouldn’t be the government unilaterally deciding what we should do; the industry unilaterally deciding what they ought to do. We’ve got to team up together to decide what is in the realm of the possible," he said.
What’s more, Admiral Rogers, "our citizens need to be the ones who say: 'This is what we are comfortable with, and this is not.' "