Tech protection

Hey there, time traveller!
This article was published 10/02/2018 (2826 days ago), so information in it may no longer be current.

On Dec. 2, 2015, married couple and “homegrown” terrorists Syed Rizwan Farook and Tashfeen Malik killed 14 people and wounded 22 in a mass shooting in San Bernardino, Calif. Before they were gunned down by police, the couple smashed their smartphones to prevent law enforcement from accessing their communications and data. Still, the FBI was able to obtain a (locked) iPhone used by Farook at his place of employment and sought to determine if it contained any useful data that might assist in their investigation.

However, a key element of Apple’s security features is that 10 successive failures to correctly enter the user’s password will result in a complete wiping of a phone’s data. In order to avoid this, the agency asked Apple to grant them “exceptional access” to the device, a request which the company rejected. In an extraordinary move, Apple was taken to court by the FBI to compel the company to essentially disable its own products.

The case eventually led to highly publicized Congressional judicial hearings in March 2016, where renowned American cybersecurity expert and author Susan Landau testified in defence of Apple’s right to decline the FBI exceptional access and to maintain its encryption protocols, arguing that law enforcement has every right to try to decrypt devices in their investigations, but that tech companies are under no obligation to make it easy for them.

With Listening In, Landau expands upon her testimony by setting the broader — and urgent — contexts for why cybersecurity and encryption measures must be made as robust as possible, even against the investigatory powers of law enforcement.

A professor at the Worcester Polytechnic Institute and 2015 inductee into the National Cybersecurity Hall of Fame, Landau is the author of several previous books on the debate over privacy versus security, including Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (2011) and Privacy on the Line: The Politics of Wiretapping and Encryption (1998, authored with Whitfield Diffie, co-creator of modern digital cryptography protocols).

In her new book, Landau’s prose makes what could have been highly technical information accessible for the non-expert reader, and her analysis is sobering indeed.

The stakes, Landau argues, are incredibly high, and not only concerning our personal privacy. Our world is so hyper-connected at every level that many of our daily online activities depend upon encrypted information, as do the governments, institutions, utilities and corporations — and most recently, cryptocurrencies — that make the modern world as we know it function.

Because of this, we are all potentially vulnerable to cyberattack, whether from criminals, hackers or agents of foreign governments seeking to destabilize other nations or interfere in their elections. Landau cites such notorious incidents as the 2007 Russian cyberattacks on Estonia — which targeted the government, banks and newspapers — as well as the 2015 attacks on Ukraine’s power plants. North Korean hackers even went after the Sony Corporation to punish it for its 2014 comedy The Interview, a film which centred on a plot to assassinate leader Kim Jong-un.

In the face of such global threats, Landau argues, it would be disastrous at all levels for technology companies such as Apple to build into their devices a “back door” for purposes of exceptional access by legitimate investigators. Such technical information could never be kept secret and would surely fall into the hands of hackers, criminals or terrorists, who would swiftly exploit it and render all such devices untrustworthy and therefore worthless. For Apple, Microsoft and other tech companies, such an event would prove an existential threat.

Yet the cybersecurity risks we are facing are not merely technological. In her final chapter, Landau turns to Russia’s interference in the 2016 U.S. election, stressing that, as disruptive as cyberattacks on critical infrastructure and governments can be, the highly sophisticated use of hacked emails, trolls, fake news, social media, threats against journalists and propaganda threatens the very foundations of civil society and democracy itself.

With the fate of democracy and the global networked society in the balance, Landau concludes, governments must do all they can to strengthen cybersecurity and enable us to protect ourselves, not legislate ways for such measures to be bypassed.

Michael Dudley is a librarian at the University of Winnipeg.