Highlights of RSA Conference Crypto DebateApple, FBI, Going Dark and Beyond
In previous years, heading into the annual RSA Conference in San Francisco, key themes included endpoint security, advanced persistent threats, nation-state attackers and threat intelligence.
See Also: Threat Horizons Report
But this year, the sheer pace of updates in the latest installment of Crypto Wars 2.0 - encapsulated by the FBI versus Apple battle - seemed to outpace anyone's attempt to gain control of the "spin cycle." Changes were simply coming too fast to try to do more than anything but keep up.
Here are five crypto debate highlights from the conference:
1. Justice Department: Hearts and Minds Campaign
How ironclad is the court order obtained by the FBI, which requires Apple to help it unlock an iPhone seized during the course of the investigation of the San Bernadino, Calif. shootings? Loretta E. Lynch, Attorney General of the United States, argued in an RSA keynote that the Department of Justice needs to be able to "fully investigate" crimes and broadly called on the technology industry to make that happen. "We have to be engaged in open dialog so that we can draw on each other's resources, hear each other's concerns and draw on each other's perspective."
Asked what sort of middle ground she might be proposing, however, Lynch said "the middle ground is to devolve to what the law requires." Her "it's either the government's way, or the highway" argument drew audible hissing from the audience, suggesting that if the government is currently executing a backdoor-related "hearts and minds" campaign - as it appears to be doing, likely hedging its bets against related court cases failing - then it has failed to sway large swaths of the U.S. technology sector. Indeed, some of the biggest names in technology are backing Apple's side (see Apple, FBI Battle Before House Judiciary Committee).
2. No One Party Line
But not all U.S. officials or legislators in attendance at RSA voiced agreement with Lynch. House Homeland Security Committee Chairman Michael McCaul, R-Texas, for example, noted in a session that the law will always lag behind technology. He said that where the crypto debate is concerned, he wants to assemble a panel of experts to find the best way forward.
U.S. Secretary of Defense Ashton Carter also dismissed any attempt to add backdoors to products. "I'm not a believer in backdoors," he said at the conference. "It's not realistic and it's not technically accurate."
3. Cryptographers Agree: Backdoors are Bad
Five out of five famous cryptographers also agree: Backdoors are bad. That was the message at RSA's opening day "Cryptographers' Panel" (see RSA Conference Debates Apple vs. FBI).
For proof, the sixth panelist - security and privacy expert Moxie Marlinspike, founder of Open Whisper Systems - referenced Juniper Networks, and its ScreenOS firmware, which security experts believe was backdoored by up to three countries' intelligence agencies, beginning with what many believe was the U.S. National Security Agency (see Who Backdoored Juniper's Code?).
Ironically, however, if the NSA was behind the initial backdoor, that enabled rivals or adversaries to then add their own backdoors. Juniper devices, however, are widely used, including by U.S. government agencies, such as the Office of Personnel Management, Marlinspike said. That raises some interesting - and as yet unanswered - questions. "It's entirely possible that a U.S. government backdoor was eventually used to compromise the U.S. government," he said.
4. Going Dark Warning
In her RSA speech, Attorney General Lynch repeated U.S. government warnings that its investigatory capabilities are being eroded as more people begin using devices and services that offer encryption. "As you know, the going dark problem is a very real threat to law enforcement's mission to protect public safety and ensure that criminals are caught and held accountable," she said.
5. Expect End-to-End Encrypted Messaging
But at the conference, Marlinspike referenced Apple's plans to build a device that not even it could hack, thus taking itself out of the loop when it comes to anyone - FBI or otherwise - attempting to conduct surveillance on its customers (see Report: Apple Building iPhone It Can't Hack). He said that in light of the FBI attempting to compel Apple to bypass security features built into its devices, and following Edward Snowden's NSA revelations and the realization that the FISA court was rubber-stamping U.S. government requests, the push for default crypto was only natural.
In fact, he predicted that Apple's move will be emulated by many more technology firms, and that everything from Facebook Messenger to the WhatsApp mobile messaging app would soon build in end-to-end encryption by default.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.