acm-header
Sign In

Communications of the ACM

ACM News

In ‘listening In,’ a Surveillance Expert Warns That No Secret Is Safe


View as: Print Mobile App Share:
Seal of the U.S. Federal Bureau of Investigations

Considering the history, and future, of cybersecurity.

Credit: Undark.org

On December 2, 2015, Syed Rizwan Farook and his wife, Tashfeen Malik, stormed into a holiday party in San Bernardino, CA, began shooting, and killed 14 people before dying themselves in a shootout with the police. Searching for clues to the motive, the FBI went straight to Farook's iPhone. When agents failed to unlock the device, they tried to enlist Apple's help, asking the company to write new software that would do the trick.

In a historic move, Apple pushed back, arguing that the so-called master key would undermine security for iPhone users across the globe.

The case—which would eventually become moot after a third-party investigator helped the agency lawfully hack into the smartphone—seemed, on the face of it, to pit the government's need to protect citizens against a citizen's right to privacy. But the debate is much more nuanced than that, argues the cybersecurity expert Susan Landau in her instructive new book "Listening In: Cybersecurity in an Insecure Age."

Formerly a privacy analyst at Google and now a professor at Tufts University, Landau was a key expert called to testify on the San Bernardino case. (She is also the author of "Surveillance or Security? The Risks Posed by New Wiretapping Technologies" and co-author of "Privacy on the Line: The Politics of Wiretapping and Encryption.") In her latest book, Landau claims that Apple v. FBI marks a new era in the cybersecurity debate.

The dawn of the digital revolution and interconnectivity, she writes, has opened a whole new paradigm for nefarious behavior: "As the Russian attacks on the 2016 presidential campaign demonstrated, the Digital Revolution radically changed what our assets are and how those assets can be stolen or attacked."

The market for connected devices is skyrocketing. Consider the IoT, the so-called Internet of Things — the vast army of appliances, vehicles, televisions, and everything else whose functioning depends on a web connection. In 2016, there were 6.4 billion of these devices, according to a report from the consulting firm Gartner, Inc; by 2020, the number is expected to more than double. Many IoT devices store highly sensitive personal data — bank account details, emails, contact lists. And while this new technology may be useful to law enforcement, it can also serve as a barrier when the information is locked, as the FBI learned in San Bernardino. "[S]ecuring communications and devices puts different societal needs—needs that have changed dramatically since the onset of the Digital Revolution—on a collision course," Landau writes.

"Listening In" provides a detailed overview of the history of cybersecurity, dubbing the current debate the "second Crypto War." By her account, the first Crypto War began in the 1970s and centered around export controls over the security of devices. It ended in the 2000s, she writes, when both the U.S. and the European Union lifted these controls with respect to devices fitted with the supposedly hack-proof technology called end-to-end encryption — an apparent victory for security. The current debate centers around "exceptional access" for government agencies like the FBI. Landau finds the idea highly problematic and makes several convincing arguments against it.

 

From Undark.org
View Full Article

 


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account