U.S. Cyber Command chief and NSA director Admiral Michael Rogers and United States Attorney General Loretta Lynch both took the stage at the RSA Security Conference in San Francisco yesterday to appeal for cooperation with the cyber-security industry.
Secretary of Defense Ashton Carter will keynote later today and probably will make a similar appeal. The nation’s most powerful national security, defense and law enforcement leaders speaking to the largest security conference reveal Washington’s urgent desire to mend and deepen relationships with the security industry.
Overtures that it was possible to protect citizens’ security without violating their privacy were repeated frequently and sounded like Lynch and Rogers were using the same playbook. They also repeated partnership offers to the 35,000 representatives of cybersecurity companies attending the RSA conference. But neither ventured to offer any specifics or explained how transparency would prevent the partnerships from devolving into new Snowden-like revelations of mass surveillance if the public-private cooperation becomes too close.
+ NOT AT THE SHOW? See all the news as it happens +
Rogers appeal was more credible in comparison to the Lynch’s because Cyber Command and NSA have vendor relationships with many security companies and the Department of Justice (DOJ) has an adversarial relationship, including its recent controversial support of a magistrate’s order to force Apple to unlock one of the San Bernardino terrorist’s iPhones.
Rogers took the high ground spending more time reporting on Cyber Command’s operational progress in training and preparing 6,200 security specialists by 2018 to protect critical infrastructure and respond to cyber emergencies. He spent less time talking about NSA’s intelligence gathering activities that he carefully reassured the audience would be directed against international sources and nation states.
After Lynch finished her prepared speech Bloomberg Television’s Emily Chang interviewed her. Chang led with questions about the dispute with Apple to unlock the San Bernardino terrorist’s iPhone. Tim Cook has said that complying to the FBI’s request would put the privacy of iPhone owners at risk.
Lynch tried to sidestep Apple’s strong brand affinity and the audiences’ distrust by saying: “It’s a great company that makes beautiful products.” But later she tried to isolate Apple’s position by questioning “Do we let one company decide this issue for all of us?...Do we want one company to say this is how investigations are going to be conducted and no other way?”
She positioned Apple’s unlocking of the iPhone as critical evidence in thoroughly investigating the murder of the 14 victims in San Bernardino.
Questioned by Chang over a Brooklyn Magistrate’s refusal yesterday to grant a similar order to compel Apple to unlock an iPhone Lynch said it was unfortunate and it would be appealed. Asked about an additional 12 iPhones that law enforcement wants Apple to unlock Lynch said that in the past Apple had unlocked iPhones under similar orders and were simply asked to do it again. She also equated the locked iPhone contents to evidence of a crime contained in a box of files in a locked house for which prosecutors were only asking Apple to unlock the door.
Reading between the lines there are really two points of contention. First, the FBI wants Apple to circumvent the security on the San Bernardino murder’s older iPhone’s security so that the data isn’t erased after 10 failed attempts to guess the lock code and to remove the increasing delay between unlock code attempts. But doing this would release a key to unlock iPhones into the wild that bad actors, criminals and nation states could use to compromise iPhone owners’ privacy and steal their data.
Second, some legal experts worry that this is a carefully selected case that will set a precedent that the FBI can use later to force Apple to create a backdoor to unlock iPhones using Apple’s newest nearly-unbreakable encryption.
Few conference attendees or speakers supported Lynch. They shared Apple’s position that encryption weakened to allow court ordered access by law enforcement could not be kept secret and that one day criminals or nation states would exploit the weakness.