Annie Gaus | March 04, 2016

At RSA security conference, fears of a ‘slippery slope’ in Apple decryption debate

The RSA conference is one of the largest gatherings of cybersecurity vendors, researchers and programmers in the world, with an estimated 40,000 attendees descending upon San Francisco's Moscone Center this week. This year, the conference coincided with a looming debate over decryption that could have far-reaching implications for the security industry.

At the center of that debate is Apple's refusal to decrypt an iPhone belonging to the 'San Bernadino shooter,' Syed Farook, who led a mass shooting in December 2015.

Among cybersecurity vendors at the RSA conference, many expressed concerns that decryption – in this case, a formal request by the FBI that Apple unlock the phone – would constitute a slippery slope.

“If the government wants to do it, believe me, they can do it,” said Khalid Noufal, a director at SecureNinja, a cybersecurity education and training company. Noufal added, however, that among his peers at the conference, the majority expressed sympathy with Apple: “They don’t want this to turn into carte blanche,” he said.

“Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution,” Apple CEO Tim Cook wrote in an open letter in Feburary. “But it ignores both the basics of digital security and the significance of what the government is demanding in this case.”

Apple has argued that, despite the government’s insistence that the unlocking tool would be used only on Farook’s phone, “once created, the technique could be used over and over again, on any number of devices.”

Amy Baker of Wombat Security, a security education platform, echoed such concerns that the tool could be too easily replicated and abused by criminals: “We’re already losing that battle,” she said.

While some vendors shied away from publicly commenting on the developing legal case, many expressed broader concerns over government access to private data.

“That’s why this case is so important – it affects every company that captures and stores personally identifiable information,” explains Charley Moore, CEO at Rocket Lawyer and a former securities attorney. “Since that’s basically everyone that does business online or via an app, it’s a really big case.”

Read the article on Silicon Valley Business Journal