Landau - Listening in: cybersecurity in an insecure age

Listening In

Cybersecurity in an Insecure Age

SUSAN LANDAU

Yale UNIVERSITY PRESS

New Haven and London

Copyright 2017 by Susan Landau.

All rights reserved.

This book may not be reproduced, in whole or in part, including illustrations, in any form (beyond that copying permitted by Sections 107 and 108 of the U.S. Copyright Law and except by reviewers for the public press), without written permission from the publishers.

Yale University Press books may be purchased in quantity for educational, business, or promotional use. For information, please e-mail (U.K. office).

Set in Minion type by Integrated Publishing Solutions,

Grand Rapids, Michigan.

Printed in the United States of America.

Library of Congress Control Number: 2017944412

ISBN 978-0-300-22744-4 (hardcover : alk. paper)

A catalogue record for this book is available from the British Library.

This paper meets the requirements of ANSI/NISO Z39.48-1992 (Permanence of Paper).

10 9 8 7 6 5 4 3 2 1

Dedicated to my walking buddiesboth two- and four-legged
without whom this book would not have been written.

In February 2016 the Judiciary Committee of the US House of Representatives invited me to testify on encryption. Cryptography protects data in motioncommunicationsand data at restparticularly data stored on smartphones, laptops, and other digital devicesfrom prying eyes. The encryption issue has bedeviled US law enforcement since the early 1990s. Because encryption was becoming a default on consumer devices, law enforcements worst fears were finally coming true. Not only were smart criminals and terrorists using encryption to hide their plans, as they had been doing so for quite some time, but now the less savvy ones were as well.

FBI director James Comey was pressing Congress to require that exceptional access be built into encryption systems, enabling law enforcement to access communications or open devices with legal authorization. But the FBIs seemingly simple request was anything but. If you make it easier to break into a communication system or a phone, its not just government agents with a court order who will get in. Bad guys, including criminals and other sophisticated attackers, will also take advantage of the system. Weakening security is exactly the wrong move for a world fully dependent on digital communications and devices to conduct personal, business, and government affairs.

This argument is not new; for quite some time my colleagues and I have been saying that securitypersonal, business, and national securityrequires widespread use of strong encryption systems. That means encryption systems without back doors, front doors, or any other form of easy access. But while encryption undoubtedly makes investigations harder to conduct, law enforcement has alternative tools at its disposal. This was the message I was bringing to Congress.

The congressional hearing played out against the background of a dispute between Apple and the FBI involving a locked iPhone. In December 2015, two terrorists in San Bernardino, California, killed fourteen members of the county Health Department. The terrorists themselves were killed in a shootout, but the FBI recovered extensive evidence related to their plans, including an Apple iPhone issued by the county to one of the perpetrators, who had been employed by the Health Department. The FBI sought to have Apple write software to unlock the phones security protections. When the company refused to do so, the law enforcement agency took Apple to court, which initially ruled in the governments favor.

At the Judiciary Committee hearing, James Comey railed against warrant-proof spaces and the difficulties locked devices presented to keeping Americans safe. Apples general counsel and I presented a different narrative: in a world of increasing cyberattacks, communications and data required stronger protections. Weakening them is the last thing we should be doing. Surely the FBI could find other ways to open the phoneessentially hacking in under a court order (a practice known

Discussion raged for weeks. Which approach offers more security? Forcing Apple to undo the protections the company had carefully designed for the iPhone? Or leaving these protections in place, potentially not accessing the terrorists communications, but leaving everyone elses phone secure? Then, after having testified in court and in Congress that only Apple could undo the phones security protections, the FBI had a surprise announcement. Law enforcement didnt need Apples help after all; a contractor had found a way to unlock the phone. The immediate problem of Apples secure phone went away.

The problem of that particular iPhone had been resolved, but the FBIs fear of going darkof losing the ability to listen in or collect data when this information was encryptedremained. As spring turned to summer, I found myself explaining over and over the complexities of our digital worldhow much we stored on our devices, how much data was at risk, how easy it was to break into systems, and how useful phones might be for authenticating ourselves and thus preventing that theft. Our cybersecurity risks have intensified over the last two decades as the Internet has become an integral part of peoples personal and business lives. In the wake of the Judiciary Committee hearing, I spoke on this topic in Washington, DC, California, South Korea, and Germany; at the National September 11 Memorial and Museum; and on NPR and the BBC. But it was clear that many more people needed to understand the complexities and risks of the situation than I could reach with my talks. I decided to write this book.

That was August 2016. But even as I was writing, the story was changing in remarkable ways. For decades policymakers

The Russians, who have long used disinformation as a technique for influencing events, turned the tools of cyberexploitation against the Democratic Party and, in particular, Hillary Clintons presidential candidacy. Using common forms of cyberattack, the Russians stole emails from the DNC, the Democratic Congressional Campaign Committee, and from the private account of John Podesta (chair of Clintons presidential campaign). The email leak, combined with false news stories that were favorable to Republican candidate Donald Trump and unfavorable to Clintonand Twitter bots that brought them much attentionwere new forms of disruption. The leaks and false news drove US press stories and attention, creating a very negative effect for Clinton in the waning days of the 2016 election. This Russian attack was different from anything the United States had anticipated when the military had practiced cyberwar games.

The issue of cybersecurity was no longer only about preventing Chinese hackers from stealing fighter plane plans to use for their own military, or about the US militarys use of sophisticated cyberattack weapons to destroy centrifuges at an Iranian nuclear facility (as discussed in the chapters that follow). Now it was about protecting vastly larger swathes of societythe press, universities, research organizations (the latter

When the FBI supports exceptional access, and tech companies resist it, the FBI is not weighing the demands of security versus privacy. Rather, it is pitting questions about the efficiency and effectiveness of law enforcement against our personal, business, and national security. Instead of security versus privacy, this is an argument of security versus security. And although the FBIs goals are to improve law enforcements ability to conduct investigations, the proposed meansweakening encryption and the security of phonesrisk a far greater harm.

The encryption debate, a subject that previously occupied only techies and policy wonks, has now become critically important to national security. How do we secure ourselves in the face of the Digital Revolution, in which our world is increasingly being controlled through bits? This revolution has brought humanity tremendous economic, technological, scientific, and cultural benefits. But it also provides bad actors with the ability to steal and disrupt at a distance, performing serious mischief at scale.