Apple goofed in several ways in fight with FBI over data encryption, renowned cryptographer says
The company should assist the FBI now and pick a different case to make its stance, Adi Shamir said
Adi Shamir, co-creator of the widely used RSA cryptographic algorithm, believes that Apple should have assisted the FBI in decrypting the iPhone of one of the San Bernardino shooters, and chosen to resist in a future situation.
That’s not because the specifics of this particular case justify the FBI’s request, but because the case itself lays the wrong “battleground” for Apple to make a stand.
During the Cryptographers’ Panel at the RSA Conference in San Francisco on Tuesday, Shamir said that Apple had “goofed” in several ways.
First, the company tried to put itself in a situation where it could honestly claim that it can’t recover data from iPhones, but left open a loophole that the FBI is now trying to take advantage of, he said.
Then the company decided to fight the FBI on a battleground that’s clearly in the agency’s favor: The crime was very serious and its emotional impact on the public was high, the shooters are undoubtedly guilty and they’re both dead so their constitutional rights don’t come into play, the cryptographer said.
Shamir believes that Apple should have complied with the FBI’s request in this particular situation, especially since it helped the agency recover data from other iPhones in the past, and later choose to make its stance in a different case that wouldn’t be so aligned with the FBI’s arguments against widespread, unbreakable encryption.
The company should also close the existing loophole as soon as possible, so it can honestly claim in the future that it can’t assist the FBI, he said.
He believes that any precedent that could be set now by assisting the FBI could later be invalidated through legislation passed in Congress.
Cryptographer Ronald Rivest, the R in RSA, is not so sure and is very concerned about a potential “breathtaking” precedent set by this case.
In his opinion, this is not about just one device, because even if the brute-force loophole is closed, the FBI could use the same power in the future to force Apple or other companies to “decap chips.”
Decapping refers to a variety of techniques that use strong acids and lasers to remove the epoxy coating of integrated circuits, exposing their semiconducting die and potentially allowing the extraction of sensitive data directly from it.
Rivest said that while he sympathizes with the victims of the San Bernardino attack and their families, he believes that what the FBI is asking Apple to do is wrong and could open a can of worms.
Moxie Marlinspike, a security researcher and creator of popular communication apps that use end-to-end encryption, argued that law enforcement should be difficult. If enforcement of the law were perfect, social change would be impossible, he said.
For example, homosexual relationships or the use of cannabis were illegal for a long time across the U.S. Those activities have been decriminalized in many states, because enforcement of laws against them was not perfect and large numbers of people were able to engage in those activities without going to prison.
All members of the panel, which also included public-key cryptography pioneers Whitfield Diffie and Martin Hellman, agreed, in one way or another, that a serious public discussion is needed before the FBI is granted the power to compel companies to do something that they wouldn’t normally do in order to undermine encryption.