image: Susan Landau, professor of cybersecurity policy at Worcester Polytechnic Institute (WPI) view more
Credit: Worcester Polytechnic Institute
Worcester, Mass. - June 12, 2016 - In an essay to be published on June 17, 2016 in Science magazine Susan Landau, professor of cybersecurity policy at Worcester Polytechnic Institute (WPI), argues that the FBI's recent and widely publicized efforts to compel Apple Computer to write software to unlock an iPhone used by a terrorist in California reflects an outdated approach to law enforcement that threatens to weaken the security of all smartphones, potentially putting the private information of millions of smartphone users at risk and undermining the growing use of smartphones as trusted authenticators for accessing online information.
[To request a copy of the essay, please contact Science at 1-202-326-6440 or scipak@aaas.org.
The Science essay grew out of testimony Landau delivered in March before a hearing of the U.S. House Judiciary Committee [Landau's testimony begins at 3:35:44]. In that forum, Landau countered the argument of FBI director James Comey that encrypted devices (which Comey has characterized as "warrant-proof spaces") hinder the agency's ability to investigate crimes. Landau says the FBI is looking at smartphones through a 20th century lens, a perspective that is particularly troubling given the potential for smartphones to either replace or augment static passwords as authenticators for logging into computers or accessing online accounts.
Login credentials are a favored target of hackers, Landau says, since they can provide access to valuable data and leave computer systems open to attack. More and more, companies like Facebook and Google and even some high-level government agencies are using smartphones as authenticators to make online resources significantly more difficult to breach. But for smartphone authentication to be effective, smartphones, themselves, must be secure.
Landau says the FBI's efforts to weaken smartphone security reflect its outdated approach to investigating crime and its inadequate resources for conducting modern cyber investigations. Landau argues that the agency needs to invest in building up its own "21st century investigative savvy," including creating "an investigative center with agents with deep technical understanding of modern communications technologies and computer science."
With the ability to develop new surveillance approaches and tools matched to the latest advances in communications technologies, the agency will no longer need to seek to weaken the devices that people, corporations, and government agencies worldwide depend on to securely communicate, transact business, and transmit sensitive information.
###
Before joining the WPI faculty in 2014, Landau was a senior staff privacy analyst at Google and a Distinguished Engineer at Sun Microsystems. She is the author of Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (MIT Press), which won the 2012 Surveillance Studies Book Prize from the Surveillance Studies Network. With Whitfield Diffie, the inventor of public-key cryptography, she wrote Privacy on the Line: The Politics of Wiretapping and Encryption (MIT Press 1998; revised in 2007), which received the 1998 Donald McGannon Communication Policy Research Award and the 1999 IEEE-USA Award for Distinguished Literary Contributions Furthering Public Understanding of the Profession. She has written about security issues in Science, the Washington Post, the Chicago Tribune, Scientific American, and other publications. She is a fellow of the Association for Computing Machinery and the American Association for the Advancement of Science, and she was inducted into the Cybersecurity Hall of Fame in October 2015.
About Worcester Polytechnic Institute
Founded in 1865 in Worcester, Mass., WPI is one of the nation's first engineering and technology universities. Its 14 academic departments offer more than 50 undergraduate and graduate degree programs in science, engineering, technology, business, the social sciences, and the humanities and arts, leading to bachelor's, master's and doctoral degrees. WPI's talented faculty work with students on interdisciplinary research that seeks solutions to important and socially relevant problems in fields as diverse as the life sciences and bioengineering, energy, information security, materials processing, and robotics. Students also have the opportunity to make a difference to communities and organizations around the world through the university's innovative Global Projects Program. There are more than 45 WPI project centers throughout the Americas, Africa, Asia-Pacific, and Europe.
Journal
Science