The cryptographers in question are Ron Rivest, MIT Institute Professor, MIT; Adi Shamir, professor, Computer Science Department, Weizmann Institute of Science, Israel; Whitfield Diffie, cryptographer and security expert, Cryptomathic; Moxie Marlinspike, chief technology officer, Whisper Systems; and Martin Hellman, professor emeritus of electrical engineering, Stanford University.
The five were participating in a panel discussion at the RSA Cryptographic Conference which was held in San Francisco last week. The panel was moderated by Paul Kocher, president and chief scientist, Cryptography Research division of Rambus.
The FBI obtained the order on February 16 and when Apple refused to pay heed, the agency asked the issuing court on February 19 to compel the company to comply. Apple has filed a motion asking for the order to be dismissed.
The order revolves around an iPhone 5c belonging to the San Bernardino County Department of Public Health; it was being used by Syed Rizwan Farook, one of its employees, and one of two people who participated in a mass shooting that left 14 people dead in December.
He asked how a trade-off could be done, whether anybody could be compelled to do anything. "I think you're opening a can of worms here which is really the wrong way to go," said Rivest, one of the three who was involved in developing public key cryptography and the R in RSA.
"The systems we have are so fragile, that trying to have extra keys, extra means in and ways of taking them apart are just asking for all kinds of trouble," he said. "The good of the country depends on having strong security universally."
Hellman tended to agree. "When you take a holistic view, you can see that the FBI is right now really frustrated at not being able to get at that phone and I sympathise with them," he said.
He mentioned former NSA director Bobby Inman — who had tried to jail Hellman and Diffie in the 1970s when they challenged the US government's longstanding domestic monopoly on cryptography — who had told an interviewer from a Stanford alumni magazine that his attitude today would be that rather than trying to make sure that Diffie and Hellman were going to damage the NSA's information collection capabilities, he would be interested in how quickly the pair were going to make crypto systems available in a form that would protect proprietary and government information. Inman had cited the theft of some plans for the F-35 fighter-bomber in this connection.
Hellman said law enforcement interests were not limited to getting at the iPhone 5C in question, but in preventing crime. Mentioning the fact that former NSA director Mike Hayden had come out with a statement that the FBI director James Comey was wrong in the Apple case, Hellman added that what was needed was a discussion to figure out what was right for the US, rather than for a particular government agency or company.
Shamir — the S in RSA — took a diametrically opposite position. "I think we are confusing several separate issues," he said. "The tension between the FBI, or law enforcement in general, and the technology industry has existed for a long time and the question is where do you put the line.
"Some people claim that the current discussion is related to the issue of placing of backdoors in encryption technologies. I don't think this is the case. The FBI is asking Apple to do something very specific: the FBI will give Apple a particular phone and ask Apple to privately open up that particular phone. It has nothing to do with placing trapdoors in millions of telephones around the world."
Said Shamir: "There is also the issue of mass surveillance. Again, I think that we are confusing the issue. It's the case of a single phone. Of course, it can set a precedent, I'm aware of that. But if you look carefully at this issue, I think that it falls squarely on the side of helping the FBI in investigating a particular case, a particular device, doing something that Apple is capable of doing."
Shamir said that in his opinion, Apple had goofed up in several ways. "First was that they tried to put themselves in a position where they will be able to honestly tell the FBI, 'sorry as much as we would like to help you, we are technically unable to do so'. They made changes in the operating system, they no longer keep keys to various pieces of information, so they tried to protect themselves against exactly this situation, but they failed because they did not close this particular loophole where the FBI can point out a very specific way in which Apple can help them.
"So, in my opinion, they should, as quickly as possible, close this loophole and roll out a new update in the operating system that will really prevent them from helping the FBI in the future. Then they'll be able to use this argument. At the moment, they cannot make the argument."
Shamir said the second Apple goof-up was in choosing their battleground. "You know in Sun Tzu, The Art of War, he says that in order to win you have to choose very carefully where you are fighting. Here, the FBI had been waiting for a long time for the ideal situation from their perspective and they found it. They wanted to force the issue and this is a case in which it's clear that those people (involved) are guilty. They are dead so their constitutional rights are not involved. They did a major crime, they killed 14 people. The phone was found intact.
"Almost everything is aligned in favour of the FBI. And even though Apple helped in countless numbers of previous cases and supplied the information, they decided not to comply this time. My advice would have been that they should have complied this time and waited for a better test case to fight, where the case is not going to be so clearly in favour of the FBI."
He said it was the rule of law that would eventually decide things. "Apple is right in fighting it, possibly all the way to the Supreme Court. But if eventually, the legal decision would be that Apple should comply, they should try to change some laws in Congress."
Marlinspike said there had been several references recently to the US government's efforts to weaken cryptography. "I think we should at least acknowledge that the whole reason we are actually having this discussion is because Apple decided to make products that actually serve their customers and I think we should applaud them for that. This is very unusual in today's world where a lot of people are selling out their customers and mining their data," he said.
The security researcher, who is also known as Matthew Rosenfeld or Mike Benham, said his view on the issue might be unpopular. "The thing is, I think the chances are there is nothing (of importance) on this device (the iPhone 5C)," he said. "This isn't the shooter's personal phone which he intentionally destroyed, it's his work phone issued by the county (of San Bernardino) which he left in a drawer.
"The FBI already has all the suicide call logs that they got from the cellphone carriers and they have an iCloud back-up. They might have had a more recent iCloud back-up if they had not messed up and reset the iCloud password before prompting the device to sync. So they have a tremendous amount of information but what the FBI seems to be saying is, we need this because we might be missing something. And obliquely they are asking us to take steps towards a world where that isn't possible. And I don't know that that's the world that we want to live in."
He added: "I actually think that law enforcement should be difficult. And I think that it should actually be possible to break the law. In the US we've seen, in many states recently, the legalisation of gay marriage as well as the legalisation of marijuana in some states and these are held up as the triumph of the democratic process.
"But I think we also have to acknowledge that those developments would not be possible without the ability to break the law. How would we know that we wanted to legalise same-sex marriage if nobody had ever been allowed to have a same-sex relationship before because of the sodomy laws that are on the books in many states and have been enforced until now? How would we know that we ever wanted to legalise marijuana if nobody had been able to successfully consume marijuana because drug laws had been completely enforced?
"The FBI seems to be saying that we should consider their surveillance capability as something that is for our social good and I don't necessarily think that that is true."
Diffie said the great moral victory of his lifetime was gay rights. "It was a felony in the 1950s to have gay sex. Look at (Alan) Turing. Now that's been settled, gays can get married."
Turning to Marlinspike, he said, "and I agree with you completely that the difference between a free society and a totalitarian society is in large part the difference in being answerable for your actions. You do something society doesn't like, you might get beat up for it. In a tyranny you build mechanisms to deny people the opportunity to have control of their actions. Like, for example, going to their cellphones and breaking in directly. It isn't a matter of, if you don't tell us you'll go to jail; you don't have to tell them, they will simply steal from you.
"I think this is part of a much, much larger issue. You've heard me say, we're doing something we've never done since five or seven thousand years ago, that's when we moved into cities which were things made by people. We are moving into digital media, we're moving our culture into digital media. But there's another aspect to this: in some sense, all societies in the past over the long run were democratic. That's where all the political power, all the productive power, all the things were done by human beings. And we are moving into an era where the confrontation between people and machines, the interaction of people and machines is the major issue of this era. And who control machines is going to be who controls the world."
Hellman added that though he was in agreement with the FBI he would be signing an amicus brief supporting Apple's position asking that the order be vacated. "As Adi (Shamir) said it might set a precedent, most people I talked to said it would set a precedent. It wouldn't be so bad if (when) they get into the phone, they then tell us what was on it so that if it's as we think, that there's nothing on it, we can say it was useless. But I suspect they will try to classify it and prevent that from happening."
Shamir responded that it was necessary to remember that a precedent could be changed by a new law passed in Congress. "The precedent is not something that will stay forever. I think it would be helpful for the audience to have a mental image not of a phone, but of the police confiscating a safe which presumably contains some incriminating evidence about a crime. Are the police right in approaching the manufacturer of the safe and asking for the design in order to know where to drill in order to open the safe in the easiest possible way?
"We are not talking about asking the company to put backdoors that will make the safe weaker. Just to help them open that particular safe. I think it's reasonable."
Hellman said if this became a precedent, there were thousands and thousands of requests, "not only from the federal government but state and local governments and not just from this country but China and other authoritarian governments. Many of the people I've talked to feel that Apple will have to build a universal backdoor, instead of something specific to each phone, something general that provides a break-in system, and if that gets out then we're in big, big trouble."
Rivest said that though he was not a lawyer he liked looking at legal documents because they were interesting. "And I think the precedent that would be set here if the judge in that San Bernardino case ruled in favour of the FBI would be rather breathtaking in its scope, because what the FBI is essentially asking here is that it can ask any third party, whether related to the case or not, to do anything that's not explicitly prohibited by law.
"They could come into any other company to decrypt the chips, under the All Writs Act. So the precedent is not just for opening a particular phone that Apple happen to have manufactured, it's basically asking an unrelated third party — because Apple is unrelated to the terrorism case here — to do something which they don't normally do to help the FBI with its research.
"And it's important to separate the moral feelings you have about helping the FBI that tugs at your heartstrings — and the San Bernardino case is one where you feel sympathy for the victims and want to help them — that's one level of judging what's going on.
"The other is the legal question and there what the FBI is asking for seems inappropriate; this debate really belongs in Congress where Congressional representatives can, as you say, make the law that guides us towards a future that has potentially better balances."