In Science essay, professor says FBI approach to investigations puts security at risk
In an essay to be published on June 17, 2016 in Science magazine Susan Landau, professor of cybersecurity policy at Worcester Polytechnic Institute (WPI), argues that the FBI's recent and widely publicized efforts to compel Apple Computer to write software to unlock an iPhone used by a terrorist in California reflects an outdated approach to law enforcement that threatens to weaken the security of all smartphones, potentially putting the private information of millions of smartphone users at risk and undermining the growing use of smartphones as trusted authenticators for accessing online information.
The Science essay grew out of testimony Landau delivered in March before a hearing of the U.S. House Judiciary Committee [Landau's testimony begins at 3:35:44]. In that forum, Landau countered the argument of FBI director James Comey that encrypted devices (which Comey has characterized as "warrant-proof spaces") hinder the agency's ability to investigate crimes. Landau says the FBI is looking at smartphones through a 20th century lens, a perspective that is particularly troubling given the potential for smartphones to either replace or augment static passwords as authenticators for logging into computers or accessing online accounts.
Login credentials are a favored target of hackers, Landau says, since they can provide access to valuable data and leave computer systems open to attack. More and more, companies like Facebook and Google and even some high-level government agencies are using smartphones as authenticators to make online resources significantly more difficult to breach. But for smartphone authentication to be effective, smartphones, themselves, must be secure.
Landau says the FBI's efforts to weaken smartphone security reflect its outdated approach to investigating crime and its inadequate resources for conducting modern cyber investigations. Landau argues that the agency needs to invest in building up its own "21st century investigative savvy," including creating "an investigative center with agents with deep technical understanding of modern communications technologies and computer science."
With the ability to develop new surveillance approaches and tools matched to the latest advances in communications technologies, the agency will no longer need to seek to weaken the devices that people, corporations, and government agencies worldwide depend on to securely communicate, transact business, and transmit sensitive information.