NPR logo
Why Digital Security Is An 'Arms Race' Between Firms And The Feds
  • Download
  • <iframe src="https://www.npr.org/player/embed/469527566/469545433" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Why Digital Security Is An 'Arms Race' Between Firms And The Feds

Privacy & Security

Why Digital Security Is An 'Arms Race' Between Firms And The Feds

Why Digital Security Is An 'Arms Race' Between Firms And The Feds
  • Download
  • <iframe src="https://www.npr.org/player/embed/469527566/469545433" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Worcester Polytechnic Institute professor Susan Landau is sworn in alongside Apple General Counsel Bruce Sewell (left) and New York County District Attorney Cyrus Vance at a congressional hearing on encryption on March 1. i

Worcester Polytechnic Institute professor Susan Landau is sworn in alongside Apple General Counsel Bruce Sewell (left) and New York County District Attorney Cyrus Vance at a congressional hearing on encryption on March 1. Samuel Corum/Anadolu Agency/Getty Images hide caption

toggle caption Samuel Corum/Anadolu Agency/Getty Images
Worcester Polytechnic Institute professor Susan Landau is sworn in alongside Apple General Counsel Bruce Sewell (left) and New York County District Attorney Cyrus Vance at a congressional hearing on encryption on March 1.

Worcester Polytechnic Institute professor Susan Landau is sworn in alongside Apple General Counsel Bruce Sewell (left) and New York County District Attorney Cyrus Vance at a congressional hearing on encryption on March 1.

Samuel Corum/Anadolu Agency/Getty Images

The Apple-FBI standoff, where Apple is refusing to write special software that would help investigators crack into an iPhone of one of the San Bernardino shooters, is largely viewed as a battle between privacy and security.

At the high-profile congressional hearing on encryption last week, FBI Director James Comey argued that increasingly strong encryption is making smartphones "warrantproof." Apple's General Counsel Bruce Sewell testified that complying with the FBI's request would create a dangerous tool that the bad guys could abuse.

Related NPR Stories

But Susan Landau, a professor of cybersecurity policy at Worcester Polytechnic Institute, presents another way of looking at the issue:

"(The FBI's) approach has been 'make it simple for us to investigate' instead of 'let's secure communications and devices, and we'll come up with a way to investigate whatever we need to,' " she tells NPR's Ari Shapiro.

She argues that the challenge shouldn't be to make data on iPhones or other devices easier for law enforcement to access — making it also easier for hackers or other governments to access — but to make devices as secure as possible, while funding the FBI's own development of better digital investigation tools.

Below are a few excerpts of Landau's conversation with Shapiro, in addition to the audio above.


Interview Highlights

On why letting Apple resist the FBI's request and urging the FBI to develop tools to access secured data aren't mutually exclusive

That's exactly the situation we've got with the National Security Agency. We know that the NSA breaks into devices and communications that the companies think are secure, and the companies work to make them more secure. I'm asking that the FBI develop that expertise, target it narrowly; when a technology company becomes aware that one of their systems is easy to break into, they then leapfrog and develop better technology.

Security is always an arms race of this sort. But if Apple develops the technology, it becomes a target.

On why the FBI having its own technology to crack into an iPhone is less of a risk than Apple building that technology

We know that the Chinese, the Russians, lots of our opponents are building this technology, too. Each time Apple improves the quality of its security, our opponents have to improve their (tools). So the FBI developing it is of course a security risk that Apple is going to counter. But it's less of a security risk than if Apple has it, where it's a central point for opponents to get into and then break phones that they target.

On what it would take for the FBI to develop the technology

They need expertise in telecommunications, from the physical layer all the way to the virtual layer, that is the computer layer. They also need deep expertise in computer science. They'll need teams of people who understand the different devices. They'll need to have people who understand the technology now, the technology in six months to two years from now and where communications technology is going in the two- to five-year period.

We're talking here of a budget of hundreds of millions, not billions — but not the $40 million that they're currently devoting.

On why the FBI can't just ask the NSA for help in the post-Sept. 11 information-sharing world

Information-sharing is different than technology-sharing. When the NSA builds technology, it doesn't want that technology showing up in court. If the NSA were to share its technology with the FBI, the FBI brings court cases and the technology would have to show up there. So yes, there'll be some duplicative effort, but you don't want the NSA technology in court.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.