SAN FRANCISCO—One would think that six of the smartest security people on the planet could come to some sort of collective conclusion on the FBI-Apple debate. But that wasn’t the case today during the annual Cryptographers’ Panel at RSA Conference.

The debate over whether Apple should assist the FBI in unlocking an accused terrorist’s iPhone has moved through separate and disparate court rulings and has been headline news in the mainstream media. While the two sides are pretty defined—Apple on the side of privacy and against the legal precedent its assistance would set, and the FBI on the side of national security and the emotional arguments that accompany it—the opinions of the panel were not in lockstep.

Adi Shamir, a crypto pioneer and co-developer of the RSA algorithm, stood with the FBI and argued that Apple had misstepped in not anticipating all possible ways law enforcement could request data. He also reasoned that this is a one-time request for one device and that the government’s request is not unreasonable.

“Here, the FBI had been waiting for a long time for the ideal situation and they found it,” Shamir, a resident of Israel said. “This is a case where it’s clear those people are guilty. They are dead; their constitutional rights are not involved. This is a major crime where 14 people were killed. The phone is intact. All of this aligns in favor of the FBI. Even though Apple has helped in countless cases, they decided not to comply this time. My advice is that they comply this time and wait for a better test case to fight where the case is not so clearly in favor of the FBI.”

Ron Rivest, Shamir’s colleague on the RSA algorithm along with Len Adelman, quickly disagreed with Shamir and said the precedent set if Apple is legally compelled to help the FBI would be “breathtaking in scope.”

“What the FBI is asking is not just for this one phone, but it’s asking a third party to do something they don’t normally do,” Rivest said. “It seems inappropriate. This debate belongs in Congress. They should make a law that guides us in the future with better balances.”

Apple did earn a legal victory yesterday when a New York judge ruled against the FBI and said the government’s stance using the All Writs Act to back up its claims against Apple cannot be used. Brooklyn federal magistrate James Orenstein said the FBI’s expansive interpretation of the All Writs Act would not withstand constitutional scrutiny.

Moxie Marlinspike, a first-time panelist, said that Apple’s decision to relinquish control of its devices’ crypto keys served to make its customers’ products safer—an unusual move among tech providers, he said. He added that defiance in the face of the law has helped to overturn many statutes deemed unreasonable, pointing toward gay marriage and the legalization of marijuana as two examples.

“I might have an unpopular opinion, but chances are there’s nothing on this device,” Marlinspike said. The phone was issued to San Bernardino shooter Syed Farook by his employer San Bernardino County; Farook had already destroyed two personal iPhones, and this one was found left in a drawer by the FBI.

“This was not his private device. The FBI already has the server-side logs and [an older] iCloud backup. They have a tremendous amount of information. They’ve said they need this information because they might be missing something. I’m of the opinion that law enforcement should be hard. … The FBI is saying they consider their surveillance capabilities as something that is for our social good. I don’t necessarily think that is good.”

Rivest, along with fellow remaining panelists and this year’s Turing Award winners Whitfield Diffie and Martin Hellman, sided with Apple.

“You’re opening a can of worms here that is the wrong way to go,” Rivest said. “The road to hell starts with a backdoor. These systems we have are so fragile, that trying to have extra keys, duplicate keys or new ways of taking things apart isasking all kinds trouble. The good of the country depends on having strong security. I believe people have the right to a private conversation and law enforcement has many other means at their disposal.”

Categories: Government, Privacy

Comments (3)

  1. Dr. Hilliard Haliard
    1

    A textualist interpretation of Kerckhoffs’ Principle would seem to imply that Apple had already failed its customers: If the manufacturer can disable the wiping to enable brute-forcing the PIN, there is no real security there, only a speed bump. But I guess that’s what a PIN is anyway. The main takeaway is that Shamir is right.

  2. Jarth
    3

    Now this conflict of interests is in the public Apple was irrevocably forced into being unable to play with the FBI. At least in public. I consider this whole “public trial” a spoof.

Comments are closed.