WPI Cybersecurity Policy Professor Susan Landau Testifies Before Congressional Hearing on Encryption and Security
Susan Landau, professor of cybersecurity policy at Worcester Polytechnic Institute (WPI), was one of four individuals invited to testify today before a hearing of the U.S. House Judiciary Committee titled, “The Encryption Tightrope: Balancing Americans’ Security and Privacy.” Also testifying were James Comey, director of the Federal Bureau of Investigation (FBI); Bruce Sewell, senior vice president and general counsel for Apple Inc.; and New York County district attorney Cyrus Vance.
The hearing focused on the balance between the need for strong security measures to protect the often private, sensitive, and commercially valuable information people keep on their smartphones and the desire of the FBI and other law enforcement agencies to access information on those phones when they become evidence in the investigation of criminal cases or acts of terrorism, such as the December 2015 attack on the Inland Regional Center in San Bernardino, Calif., by Syed Farook and his wife.
At the FBI's request, a judge on the Central California District Court has ordered Apple to write new software that will permit the FBI to circumvent built-in security safeguards that are preventing investigators from unlocking Farook's iPhone and gaining access to the encrypted information it contains. The FBI has argued that the safeguards, which will delete all data stored on the phone if investigators make 10 incorrect attempts to guess the phone's four-digit passcode, are hindering an investigation that could reveal future security threats. Apple has contested the order, arguing that if it is forced to create this software to circumvent the security features on one phone, such software could fall into the hands of criminals or foreign governments, putting all iPhones at risk. "It would be the equivalent of a master key, capable of opening hundreds of millions of locks," Apple wrote in a communications to its customers.
In her testimony, Landau urged Congress to weigh the intelligence gains that might be realized by unlocking a single phone against the potential risks of making all smartphones vulnerable to attack. She noted that because smartphones are now ubiquitous, and because most people use a single phone for both personal use and work, our phones contain all manner of proprietary information: "And so access to U.S. intellectual property lies not only on corporate servers—which may or may not be well protected—but on millions of private communications devices."
Landau said weakening built-in security on smartphones could worsen the serious security threat the national already faces. "In the last decade, the United States has been under an unprecedented attack," she wrote in her submitted testimony. "In 2010, the Department of Defense Deputy Undersecretary William Lynn said the theft of U.S. intellectual property 'may be the most significant cyber threat that the United States will face over the long term.'" Protecting U.S. intellectual property, including protecting data on smartphones, "is crucial to U.S. economic and national security," Landau wrote.
The risk of weakening security on smartphones is all the more worrisome when one considers that smartphones are poised to become authentication devices. Landau noted that using smartphones instead of passwords to log into services and servers can make online transactions more secure ("a smartphone is something you have, which makes it more secure than 'something you know,'" she wrote). "Where security matters, authenticating thorough the device that is always in your pocket and owned by you is a much more secure way to handle your login credentials than the systems we've been using up to now."
She noted that for this method of authentication to be effective and secure, the contents of the phone need to be protected and accessible only to the phone's owner. "That's why locking down the phone is so crucial to security," she wrote. "Rather than providing us with better security, the FBI's efforts will torpedo it."
Landau questioned the FBI's claims that strong encryption and security features on mobile devices prevent the agency from conducting investigations. In fact, she noted that there are workarounds that could allow data on a phone to be accessed without using a passcode. For example, iPhones are designed to upload data to Apple's iCloud while the phone charges. This will only occur if the password for the phone and iCloud match, and unfortunately the FBI asked the San Bernardino Health Department (Farook's employer) to change his iCloud password before the phone could be synchronized. Other forensic methods exist for "jailbreaking" phones, Landau noted.
She also noted that the National Security Administration (NSA) faced a similar hurdle in the late 1990s, as strong encryption began to be commonly used for communications over digital networks. The NSA adapted, she wrote, taking advantages of vulnerabilities in computer systems and networks to continue its efforts to gather intelligence. In fact, she continued, as an agency that must be concerned both with intelligence gathering and securing information vital to national security, the NSA has been an advocate for strong encryption and security for smartphones.
She argued that the FBI continues to use a 20th century approach to investigations, which leads it to seek weaker, not stronger, forms of security "in the misguided desire to preserve simple, but outdated, investigative techniques."
"We need 21st century techniques to secure the data that 21st century enemies—organized crime and nation-state attackers—seek to steal and exploit. Twentieth century approaches that provide law enforcement with the ability to investigate but also simplify exploitations and attacks are not in our national security interest. Instead of laws and regulation that weaken our protections, we should enable law enforcement to develop 21st century capabilities for conducting investigations."
Landau urged Congress to invest in upgrading the FBI's technological capabilities and its recourses so it can adapt to modern-day challenges, much as the NSA did. "Developing such capabilities will involve deep changed for the Bureau, which remains agent-based, not technology-based.
"Encryption and other protections …. secure our systems, and should never be undermined," she wrote. "Instead, the FBI must learn to investigate smarter; you, Congress, can provide it with the resources and guidance to help it do so. Bring FBI investigative capabilities into the 21st century. That is what is needed here, and not undermining the best security that any consumer device has to date."
"We have the option to press companies to develop as secure and private devices as they can, or to press them to go the other way," she concluded. "Let us make the right decision, for our safety, long-term security, and humanity."
Before joining the WPI faculty, Landau was a senior staff privacy analyst at Google and a Distinguished Engineer at Sun Microsystems. She is the author of Surveillance or Security: The Risks Posed by New Wiretapping Technologies (MIT Press), which won the 2012 Surveillance Studies Book Prize from the Surveillance Studies Network. With Whitfield Diffie, the inventor of public-key cryptography, she wrote Privacy on the Line: The Politics of Wiretapping and Encryption (MIT Press 1998; revised in 2007), which received the 1998 Donald McGannon Communication Policy Research Award and the 1999 IEEE-USA Award for Distinguished Literary Contributions Furthering Public Understanding of the Profession. She is also the primary author of the 1994 Association for Computing Machinery (ACM) report Codes, Keys, and Conflicts: Issues in US Crypto Policy. She has written about security issues in Science, the Washington Post, the Chicago Tribune, Scientific American, and other publications. She is a fellow of the Association for Computing Machinery and the American Association for the Advancement of Science, and she was recently inducted into the Cybersecurity Hall of Fame.