Apple and the FBI Testify Before Congress

The FBI’s James Comey, Apple’s Bruce Sewell, New York District Attorney Cyrus Vance, and noted security and encryption expert Dr. Susan Landau testified before a congressional committee today about concerns surrounding the encryption built into smartphones — and, more specifically, the iPhone.

I listened to most of the hearing today, so I have some thoughts; but, first, Geoff Dyer and Tim Bradshaw report for the Financial Times:

James Comey, director of the FBI, said that the introduction of enhanced encryption on smartphones was creating a new area of communication and information “that nobody else can get into”, even with a court order.

“Our job is simply to tell people there is a problem,” Mr Comey said. “If there are warrant-proof spaces in American life, what does that mean and what are the costs of that?” He added: “The tools we use to keep you safe are becoming less and less effective.”

Bruce Sewell, Apple’s chief counsel, said the company was “in an arms race with criminals, cyberterrorists and hackers”.

“There is probably more information stored on that iPhone than a thief could steal by breaking into your house,” he said. “The only way we know to protect that data is through strong encryption.”

He also angrily rebutted the FBI’s claim that stronger encryption on iPhones was part of a marketing strategy, a suggestion he said “makes my blood boil”.

“We don’t take out billboards for our security. We don’t take out ads for our encryption,” he said. “We’re doing this because we think it’s the right thing to do.”

This is a pretty good summary.

Both sides of this debate — Comey and Vance on one; Sewell and Landau on the other — framed this not as an issue of privacy vs. security, but as security vs. security. Similarly, this was not a partisan issue — supporters and detractors from both sides came from both parties, almost in equal numbers. I found this common ground very intriguing, especially with how divisive the present American political landscape is.

It was also surprising to see how many pointed questions Comey received today. Usually, intelligence agencies are treated gently at these kinds of hearings, but the questioning committee was openly skeptical of the FBI’s motives, their capability to restrict backdoor access to law enforcement only, and their transparency with lawmakers of their existing activities. The only exceptions to this came from Sen. Luis Gutierrez of Illinois, and Sen. Trey Gowdy of South Carolina.

Gowdy, by the way, got pretty testy when Sewell attempted to clarify a question from him pertaining to a hypothetical scenario wherein Apple would feel compelled to comply with a similar court order. Sewell repeatedly stated that it was not the content of the phone that mattered; rather, they would comply with the law. Sewell implied that Apple does not believe this is a case where the order is in the best interests of its users or the national security of the country.

Gowdy also spent quite a lot of time asking both Comey and Sewell to contrast a surgeon being ordered to operate on a subject to acquire evidence — say, a bullet trapped under the skin — against Apple being conscripted by the government to develop a tool against their will to extract data from an iPhone. Gowdy said that this would be constitutional. However, in Winston v. Lee, the U.S. Court of Appeals held that the “proposed surgery would violate respondent’s right to be secure in his person and the search would be ‘unreasonable’ under the Fourth Amendment”. This doesn’t necessarily favour Apple so much as it does Syed Farook as a user, or the San Bernardino County as the phone’s owner.

Dr. Landau, meanwhile, killed it. She was the most direct and comprehensive speaker of the lot, to no great surprise. Over the course of the hearing, it became painfully clear just who was well-versed in encryption and technological limitations, and who was not. Make no mistake: this is a hard subject to understand, but many of the warnings and concerns raised by Landau did not feel adequately addressed. She made factual assertions about why weakening encryption on this one iPhone would weaken them all, and she supported her testimony with clear explanations. But because this is such a challenging topic, most of the Congressional staff seemed mystified as to why something could be technically impossible.

Hesitantly, I feel like the Landau-Sewell tag team was able to make some ground, especially with how much Comey was getting scolded for the information security failings of the Department of Justice and other U.S. government departments.

But, as Sen. Jim Sensenbrenner of Wisconsin noted, Congress’ decision may not be in Apple’s favour, as Sewell did not bring any legislative text with him. And that worries me a little. While I firmly believe laws should be drafted and proposed by lawmakers like Sensenbrenner instead of private companies and lobbyists, it’s also worth noting that Sensenbrenner was one of the primary authors of the USA PATRIOT and USA FREEDOM acts, bad acronyms and all.

For more, you can watch the entire five-hour hearing on C-Span, or read the Guardian’s decent live blog.