Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security, encryption experts: Congress is the answer to Apple v. FBI

Tim Greene | March 8, 2016
The world’s top security and encryption experts who spent time last week at RSA Conference 2016 trying to figure out how to keep devices and communications secure yet also enable criminal investigations came up with nothing except to punt the issue to the U.S. Congress.

Congress may have a tough time passing a law that protects encrypted communication, says James Lewis, director and senior fellow at the Center for Strategic and International Studies, who also spoke on the panel. That’s because it would be too easy to say a politician failed to protect the country in the face of threats. “I voted for terrorism,” he says. “That’s how it will be spun. This will never come to a vote.”

But if nothing is done before another act of terror that might have been prevented with a backdoor law, then Congress will act without reflection and come up with a bad law, says McCaul. “We cannot wait for the next attack,” he says. “After the attack rationality will be thrown out the window.”

He summed up the current options facing Congress: support creation of the study commission, amend CALEA to address encrypted communications, do nothing.

Meanwhile, cryptologist Adi Shamir, who helped develop the RSA public-key cryptosystem, said during an RSA panel that in the absence of any new law, Apple and other vendors of encryption devices ought to make ones that even they could not decrypt. That way they could say their products are secure and that they would be unable to comply with court orders like the one facing Apple.

Speaking on a different panel, former CIA Director Mike McConnell said that while he favored such backdoors 20 years ago, now he doesn’t. “The nation is literally being raped for its intellectual property,” he says. And one way to help stop that is strong encryption properly applied.

He was once an advocate of the Clipper Chip, encryption hardware where the keys to decrypt were held in escrow so law enforcement could crack the communications. Since then he has come to see that the country is digitally dependent and that its corporate secrets must be kept. “Ubiquitous encryption is something our nation needs to have,” he says.

Trevor Hughes, president and CEO of the International Association of Privacy Professionals who sat on the same panel, says that privacy and security isn’t an either-or proposition. Rather it’s a situation where both have to be addressed, but it also has to remain open to renegotiation. The conversation has to continue indefinitely to respond to new technology as it is developed, he says.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.