Apple goofed in several ways in fight with FBI over data encryption, renowned cryptographer says

The company should assist the FBI now and pick a different case to make its stance, Adi Shamir said

Adi Shamir, co-creator of the widely used RSA cryptographic algorithm, believes that Apple should have assisted the FBI in decrypting the iPhone of one of the San Bernardino shooters, and chosen to resist in a future situation.

That's not because the specifics of this particular case justify the FBI's request, but because the case itself lays the wrong "battleground" for Apple to make a stand.

During the Cryptographers' Panel at the RSA Conference in San Francisco on Tuesday, Shamir said that Apple had "goofed" in several ways.

First, the company tried to put itself in a situation where it could honestly claim that it can't recover data from iPhones, but left open a loophole that the FBI is now trying to take advantage of, he said.

Then the company decided to fight the FBI on a battleground that's clearly in the agency's favor: The crime was very serious and its emotional impact on the public was high, the shooters are undoubtedly guilty and they're both dead so their constitutional rights don't come into play, the cryptographer said.

Shamir believes that Apple should have complied with the FBI's request in this particular situation, especially since it helped the agency recover data from other iPhones in the past, and later choose to make its stance in a different case that wouldn't be so aligned with the FBI's arguments against widespread, unbreakable encryption.

The company should also close the existing loophole as soon as possible, so it can honestly claim in the future that it can't assist the FBI, he said.

He believes that any precedent that could be set now by assisting the FBI could later be invalidated through legislation passed in Congress.

Cryptographer Ronald Rivest, the R in RSA, is not so sure and is very concerned about a potential "breathtaking" precedent set by this case.

In his opinion, this is not about just one device, because even if the brute-force loophole is closed, the FBI could use the same power in the future to force Apple or other companies to "decap chips."

Decapping refers to a variety of techniques that use strong acids and lasers to remove the epoxy coating of integrated circuits, exposing their semiconducting die and potentially allowing the extraction of sensitive data directly from it.

Rivest said that while he sympathizes with the victims of the San Bernardino attack and their families, he believes that what the FBI is asking Apple to do is wrong and could open a can of worms.

Moxie Marlinspike, a security researcher and creator of popular communication apps that use end-to-end encryption, argued that law enforcement should be difficult. If enforcement of the law were perfect, social change would be impossible, he said.

For example, homosexual relationships or the use of cannabis were illegal for a long time across the U.S. Those activities have been decriminalized in many states, because enforcement of laws against them was not perfect and large numbers of people were able to engage in those activities without going to prison.

All members of the panel, which also included public-key cryptography pioneers Whitfield Diffie and Martin Hellman, agreed, in one way or another, that a serious public discussion is needed before the FBI is granted the power to compel companies to do something that they wouldn't normally do in order to undermine encryption.

Join the CSO newsletter!

Error: Please check your email address.

More about AppleFBIRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts