The Encryption Tightrope; Balancing Americans' Security And Privacy : March 01, 2016The House Judiciary committee launches its discussion on the role of smartphones, encryption, technology companies, and law enforcement.
- And we're live! If you have the ability to watch the stream, its being hosted by YouTube and can be found here.
1:04 - And here we go.
1:05 - Rep. Bob Goodlatte: "encryption is a good thing"
1:05 - Goodlatte is spelling out exactly why encryption "must play an ever-increasing role and the companies that develop it must be encouraged to increase its effectiveness."
1:06 - "significant legal questions arising from laws governing surveillance", including CALEA, and others.
1:06 - "society has been walking a tightrope for generations in attempting to balance the need for citizen's communications with the needs of law enforcement."
1:07 - "a national debate has begun discussing the positive and negative implications of encryption"
1:08 - encryption "tests the basic framework" for law enforcement's gathering of evidence in a crime.
1:08 - "perennial question that has challenged us for years."
1:08 - "it is also true that this technology has been a devious tool of malefactors."
1:09 - He's now going over the San Bernardino iPhone 5c saga.
1:10 - "this particular case has some very unique factors involved" and may not be a good case to hang precedent.
1:10 - Points to yesterday's denial of All Writs Act in NYC.
1:10 - "too complex to be left to the courts"
1:11 - "must find a way for physical security to not be at odds with information security"
1:12 - The YouTube feed is frozen, but our coverage goes on! Find it on C-Span 3, if you've got it on your cable channel.
1:12 - Rep John Conyers (D-MI)
1:12 - "it is not an accident that the HJC is the committee with primary jurisdiction regarding government surveillance."
1:13 - "it is here, in this committee room, that the house begins to make decisions about the tools and methods available to law enforcement"
1:13 - "strong encryption keeps us save, even as it protects our privacy"
1:14 - "former secretary of homeland security Chertoff testified that in his experience strong encryption laws helps law enforcement more than it hinders any agency in any given case."
1:14 - "benefits to ... civil liberty gained from encryption outweighs the broader risks from weakening encryption"
1:14 - "universal strong encryption will protect all of us"
1:14 - "lockboxes in our lives that only we can open"
1:15 - Calling out FBI, DOJ for calling for backdoors in encryption. Citing technical experts telling HJC that backdoors are dangerous.
1:16 - Companies have warned us that it would cost millions of dollars to implement, and put them at a competitive disadvantage across the world.
1:16 - "terrorists and other criminals will simply resort to other tools" if encryption is weakened or outlawed
1:17 - "what concerns me .. in the middle of a congressional debate that the FBI would ask a federal magistrate for special access to secure products that this administration has so far refused permission to provide"
1:17 - Email to Post cited "although the legislative environment towards encryption is hostile today, it could turn in the event of a terrorist attack or criminal event where strong encryption could hinder criminal investigation"
1:18 - Doubts about wisdom of applying the All Writs Act.
1:18 - Conyers spelling out usage of All Writs Act as "not the best course of action"
1:19 - Use of All Writs in this case is "exploiting a national tragedy to pursue a change in the law."
1:20 - Regarding NYC denial of All Writs Act: "we could say the same about the FBI's request in California"
1:20 - "this committee, and not the courts, is the appropriate place to consider these consequences even if the results are not what's desired by some in the law enforcement community."
1:20 - Conyers yields.
1:21 - Director James Comey takes the witness stand.
1:22 - Given five minutes.
1:22 - "hardest issue I've confronted in government"
1:23 - "first, the logic of encryption will bring us... to a place where all of our conversations will be totally private"
1:23 - second: lot of good to encryption
1:24 - third: there will be a cost to this. For two centuries, warrants have been fine to observe conversations and search papers.
1:24 - fourth: these two things are increasingly impacting law enforcement and security. Cites ISIS use of encryption. Major impediment to anti-terrorism work.
1:25 - "cannot decrypt that which is covered by strong encryption"
1:25 - San Bernardino summarized. Left behind three phones, cheaper phones smashed, 5c left locked.
1:26 - Skipping major details about FBI, SB law enforcement handling of phone, and password changes. Also skipping Apple's turn-over of the data it has.
1:27 - "it is not our job how to tell the american people" how to walk the tightrope. "our job to tell the people that there is a problem"
1:27 - (This is a significant lightening of his previous positions.)
1:27 - "my job is to offer thoughtful explanations of the tools the FBI has"
1:27 - "there are no demons in this debate"
1:28 - Comey Q+A
1:28 - Goodlatte: debate about All Writs Act. Used in this case to compel Apple to bypass auto-erase. How do you respond to characterization of age of All Writs Act?
1:29 - Comey: "old doesn't mean bad"
1:29 - Constitution old or older than All Writs Act.
1:29 - Used all the time, passed when the "Constitution was a baby"
1:30 - Cases at hand about reach of All Writs Act. How far does it extend? Courts will sort this out. Problem LE is seeing all over the country.
1:30 - Goodlatte: NYC decision cites CALEA. Comey hasn't read decision.
1:30 - "lots of lawyers, paid for lots of hours of work" forthcoming.
1:31 - Q: if FBI successful, not really a one time request. Set a precedent?
1:31 - A: "Sure, potentially." Cites technical problems with newer phones, cites precedent will be future used.
1:32 - Q: How comfortable that what you are asking (key, code for unlock) that what you are asking for will remain secure?
1:32 - A: Comey doesn't see it this way. "already a door on the iPhone, take the vicious guard dog away and let us pick the lock." Cites iPhone 6 as more secure than 5c.
1:33 - iCloud not encrypted, Apple "good at protecting information and innovation" "I think these people are pros"
1:33 - Conyers: Said that Apple has no interest in helping law enforcement in any criminal case, and this is about marketing. Are companies like Apple generally cooperative to requests? Did Apple assist with this investigation?
1:34 - A: In general, "all American companies want to be helpful." "I don't question their motives."
1:35 - Q: Elaborate on precedent use for unlock/tools.
1:35 - A: "this case in San Bernardino is about this case" cites victim survivors and emotional involvement. "this case is SB is not about the FBI, Apple, Congress. Nothing more than doing a competent investigation in a criminal case."
1:36 - Q: Will the FBI return to the court to demand more assistance in the future after this case if precedent set?
1:36 - A: "of course"
1:37 - Q: If you succeed, you will have won the authority to access encrypted devices. Since taking your position at the bureau, and given that you've been denied this so far, can you appreciate that this appears to be little more than an end-run around committee.
1:37 - A: Denies claim. "investigating horrific terrorist attack in San Bernardino" "Reasonable argument" to use All Writs Act. Understand frustration at broader conversation. Does not solve the problem we're all wrestling with.
1:40 - Steve Chabot (R-OH) Q: (enters App developers committee testimony) A few weeks back the FBI counsel acknowledged use of Clinton's private email server. Unrelated question to the matter at hand.
1:40 - A: close to investigation, but not much to say at this point.
1:41 - Q: If Apple chose to comply with FBI demand, given time and finances to create the tool, what about a small business? Wouldn't a mandate to a startup be a "huge burden"
1:41 - A: "I think it might be." Considered in court by judge.
1:42 - Q: re: Email Privacy Act, FBI previously voiced frustration with technology in hands of criminals and non-criminals. Would it be possible to better train our FBI officers to keep up with our changing world?
1:42 - A: Basically, yes. "Problem we face is that all of our lives are on these devices" If warrant-proof "big problem"
1:44 - Jerrold Nadler (D-NY) Q: Two terrorists dead, co-conspirator dead. Phone calls tracked already, and everybody spoken to. Found that SB attack not planned or coordinated by ISIS. (confirmed by FBI) Have you eliminated the concern of connection to overseas.
1:44 - A: Not seen any evidence of overseas connection.
1:45 - Q: Given that, (spells out timeline of Apple involvement, including password change). Points out possibility of password change blocking further data collection. Why did the FBI advise password change?
1:46 - A: "live investigation" "investigation not over" "mistake made in that 24 hours after the attack where the county at the FBI's request took steps which made it impossible to back up to iCloud." "We'd still be in litigation"
1:46 - Q: 50 days later, warrant served. Given critical nature of information, why so long?
1:47 - A: Whole lot of conversations with other companies, to find out if they could do it short of going to court.
1:47 - Q: However courts resolve, at some point we'll be asked to change the law. If congress passed a law to force encryption, would that force bad actors to stop using encryption?
1:47 - A: "it would not."
1:48 - Q: (clarifying question, and answer)
1:48 - A: Invoking CALEA. "Bad guys could not make their own phones"
1:48 - "Potentially, people could say that I love this American device" but buy elsewhere.
1:49 - Documents in record: encryption patents entered into record, additional press reports.
1:51 - Darrell Issa (R-CA) Q: You in the case of Apple, you demand that Apple invent something. If true, question is FBI is premier law enforcement with labs second to none, testifying that you and/or contractors could not achieve break-in without demanding unwilling partner?
1:51 - A: Correct. Worked very very hard on this.
1:51 - Q: Did you demand source code?
1:51 - A: No.
1:52 - (question points to misunderstanding of how encryption works on smartphones - MW)
1:52 - Q: Is the burden so high on you that you couldn't defeat this?
1:53 - A: "we wouldn't be litigating if we could."
1:53 - Q: 5c, running iOS 9. Asking about de-chipping phone.
1:53 - A: "no idea"
1:54 - (Q is using disk drive analogy to flash memory, as in "remove the disk drive")
1:54 - (Q is talking about blind bit-copies of NVRAM to allow the FBI to keep going infinitely on attempts)
1:55 - Q: how can you come before this committee if you can't answer the question about if you've tried everything?
1:55 - A: (he's the director, not a chip engineer, basically)
1:56 - (implication is that the FBI hasn't done everything before addressing Apple)
1:56 - A: "high confidence" that all avenues are expired, under the help of Apple engineers.
1:58 - Zoe Lofgren (D-CA) Q: "bad cases make bad law" I think this might be a prime example of this rule. What is the rule of law, where are we going with this? "china removed provisions about backdoors in December."
1:58 - Q: Did you think of foreign policy implications when motion filed in SB?
1:59 - A: "I think about it broadly" but not in this case in particular. "I don't have good visibility" into China.
2:00 - Q: Apple has done a good job of protecting its code. Juniper Networks had a vulnerability, putting everybody's data at risk in FBI, State Department, DOJ. Still don't know what was taken. Did you think about Juniper Networks?
2:00 - A: "No, but I think about that and a lot of similar intrusion and hacks all day long."
2:02 - Q: Cites iCloud hack (celebrity accounts hacked from 2014). 2015: patch in response to concerns about brute force of iCloud. Anticipating further steps by Apple to encrypt and protect OS. Lofgren has all kinds of messaging apps fully encrypted, not just phone-level encryption. If she were a terrorist, she could use any of those apps, and nothing the US govt could do.
2:03 - Ted Poe (R-TX): Fourth amendment. Nowhere in the "Fourth Amendment does it say terrorist cases, or fear cases should the right be waived."
2:04 - Q: Situation where issue is not lawful possession. (A: agreed). Issue is if government can force Apple to give them the "golden key to unlock the safe" Fair statement?
2:04 - A: No.
2:04 - Q: (clarifies) This is not the only phone in question. There are other phones that FBI can't get into?
2:04 - A: "Sure, law enforcement frequently has phones that they can't unlock"
2:04 - Q: How many phones do you have?
2:05 - A: "A lot"
2:05 - Q: What would prevent the FBI from throwing this software at all other phones?
2:06 - A: Cites the one phone, citing just the disabling of the 10-try block. In theory get a 5c with the same data, and the customized software.
2:06 - Q: So not the key, just asking Apple to turn off the security software?
2:06 - A: (yes)
2:07 - Q: Congress has to resolve this problem to determine what the expectation of privacy is? Key, no key?
2:07 - A: "courts are competent to resolve narrow question of all writs." Collision between private and public can't be resolved in the courts.
2:08 - Steve Cohen (D-TN) Q: Limitations in permitting the FBI to look into certain records?
2:09 - A: "I like the way we do our work" re: warrants
2:09 - Q: what if limits are placed with life in jeopardy, terrorism, etc?
2:10 - A: "I don't know, and haven't thought about it well enough." believes that FBI shouldn't be setting the parameters. Wiretaps only available for "really serious stuff"
2:11 - Appears to be a recess for other House business.
2:11 - (good, I need something to drink! - MW)
2:15 - (the questions so far have been hard on the FBI. It'll be interesting to see if the same tone is maintained with the Apple attorney - MW)
2:20 - (My impression on the hearing is that the committee has thus far made it clear they think it, not the courts, should be deciding this. - CM)
2:38 - Here we go, round two!
2:39 - Director Comey returns for Q+A
2:39 - Jason Chaffetz (R-UT)
2:40 - Q: When has it been the function of the government to function as an agent of the government to perform something that it can't do.
2:40 - A: (Comey) invokes All Writs Act as an example.
2:40 - Q: FBI didn't do what Apple suggested, pointing to iCloud password reset.
2:40 - A: (doesn't know)
2:41 - Q: Could have gone to a known Wi-Fi access to backup, right?
2:41 - A: "does not solve full problem" and wouldn't get anything.
2:41 - Q: Metadata inspectable (like calls, location) in this case?
2:42 - A: "my understanding is that we can see most of the metadata" time of contact, numbers assigned to caller, everything except content.
2:42 - A: iMessage has limitations on what the FBI can see
2:42 - Q: location tracking content or metadata (delving into linguistics and hair-splitting)
2:42 - A: it can, sometimes.
2:43 - Q: nobody on the panel able to see what the guidance is for the case, in regards to what the FBI is doing with geolocation.
2:43 - Q is delving into stingrays, et cetera.
2:43 - (not really sure what relevancy the question has to the hearing - MW)
2:44 - A: "I don't have a great answer, but I'll go find out."
2:44 - Q: to what degree in this case or broadly can you search social media?
2:44 - A: "Social media is a feature of all of our lives, so it is a feature in our investigations."
2:46 - Hank Johnson (D-GA) Q: Constitution framers right to privacy (fourth amendment). Grants authority to search and seize, papers and effects against unreasonable searches and seizures.
2:46 - Q: Implied responsibility of the government on occasion to search and seize.
2:46 - A: "yes"
2:47 - Q: Circumstances where in hot pursuit or time of arrest there are exceptions. Some times warrant not needed.
2:47 - A: Exigent circumstances, yes.
2:47 - Q: Technology has brought us to the point where Law Enforcement is pre-empted from being able to search and seize.
2:48 - A: "technology has allowed us to have zones of complete privacy"
2:48 - Q: Zone of impunity, where security of americans can be put at risk.
2:48 - A: "Fair description."
2:49 - Q: Seem reasonable that the framers meant to exempt any domain from its authority (meandering questions, not sure what the point is, other than to give the government an out to search anything, at any time - MW).
2:49 - A: Founders probably doubted that there would be any place that the government could not go.
2:50 - Q: Reasonable to extend 4th amendment search and seizure to accommodate modern devices?
2:50 - A: "Kind of question that the government can answer"
2:51 - Tom Marino (R-PA): Is the bureau asking to turn over the "penetration code" or asking Apple to help get the "penetration code"
2:51 - A: Options given, FBI wouldn't have to maintain the code. Apple could keep it safe.
2:53 - Q: what is your position on notching up the level on members of the FJC to issue warrants for such penetration (above magistrate level).
2:53 - A: "Haven't thought about that." "Think they're fully capable of dealing with these issues."
2:55 - Judy Chu (D-CA): Fear and anxiety in constituents. Many in area who want answers, many who feel conflicted about putting privacy at risk. Under Federal law, no requirement for tech companies to maintain keys for encryption. How can we insure that not making legal or technical backdoors to empower foreign governments?
2:55 - A: "Talk to all sides, people who are experts." "The most creative and innovate people in our country have not had an incentive to solve this problem."
2:56 - A: "judgements have been made that are not irreversible." citing pre-2014 unlock ability, and it not being "the end of the world."
2:57 - Q: Has the FBI pursued other methods to crack the phone such as from the NSA?
2:57 - A: Yes, welcome additional suggestions. Discusses problems with multiple versions. FBI has not found a way to break the 5c with iOS 9. (technology marches on- MW)
2:58 - Q: Safe manufacturers are not required to maintain combinations. Despite this, LE has figured out how to break into those. How does this differ?
2:58 - A: No safe in the world that can't be opened. We'll blow the door off. Comparison inept.
2:59 - (this is why car/house metaphors for this issue are clumsy - MW)
3:00 - Q: Trey Gowdy (R-SC) Claims bias to public safety. Right to trial not much good if you're dead. Concern of advocacy for evidence-free zones. "Determine if we as a society will accept that." Says that NYC case is a drug case, and national security cases differ.
3:01 - A: "that's my worry, and why its so important we have this conversation."
3:01 - A: Hitting on Baton Rouge locked diary on phone case.
3:02 - Q: "most of us in varying degrees love our bodies, and the physical integrity of our bodies." Citing surgical procedures, blood draws against will of defendant. Force doctor, nurse to operate on a person to get evidence. How would they (Apple) tell you to do it?
3:03 - A: "They would say what they've said, which I believe is in good faith" designed to be immune to government warrant, and Apple inspection. Hopes people will take a step back, based on a balance.
3:04 - Q: "Apple wants us to weigh and balance privacy, except they've done it for us." (Missing the point of the discussion - MW)
3:06 - Ted Deutsch (D-FL) Q: "if this was as easy as public safety or privacy" we'd all opt for public safety. Confused about "tool that you would need to take away 'the vicious guard dogs' is a tool that would disable the auto-erase." Some confusion if there's another tool you're seeking to rapidly enter passwords.
3:07 - A: Yes, three tools 1) disable auto-erase 2) disable time-delay between failures 3) set up so electronic guesses can be submitted.
3:07 - Q: expect Apple to preserve or destroy tool?
3:07 - A: "I don't know"
3:08 - Q: In a world where there are awful people, we would like a pack of vicious guard dogs to keep this data safe. Public safety issue here as well. Refutes surgical procedure analogy. When tool created, fear is tool may be used by others. Not a binary either/or issue.
3:08 - A: Good question, notes Apple states in good faith that there are risks in making this tool.
3:09 - Q: if usable in more than one phone, then public safety concerns if bad guys got access are very valid?
3:09 - A: "sure" "how reasonable is that concern" Needs to be sorted by both sides.
3:10 - Q: question taking place in a domestic framing. What about international use of any unlock tool?
3:10 - cedes to Ron DeSantis (R-FL): Q: preserving evidentiary value or getting at the data?
3:10 - A: Both, but if had to choose info first.
3:11 - Q: Best analogous case to what you're trying to do?
3:12 - A: "Everyone in the US to some degree has to cooperate with law enforcement." Courts must decide what the limits are.
3:13 - Q: Have you gotten an order under All Writs to have a defendant produce the code? A: Don't know of such a case.
3:13 - Q: Concern that if companies are making more keys/backdoors, is that making more liabilities for cyberattacks?
3:13 - A: "potentially, sure."
3:14 - Q: How would you provide assurances to companies that the tools wouldn't escape?
3:14 - A: In this case, you keep the tool. FBI trusts Apple to safeguard the tools.
3:16 - Luiz Gutierrez (R-IL): Comment that director is answering the questions as posed, as opposed to obfuscation. Good to get information, and not pass judgement. Suggest that the conversation continue. Notes trust of FBI, and distrust of other humans "at other levels" so the discussions need to continue.
3:20 - Steve King (R-IA) Concerns with ISIS, if congress diminishes access to this phone, will it embolden terrorist groups?
3:21 - A: "profound implications for counter-terrorism work." Cites Snowden revelations forcing encryption.
3:21 - (skipping the implications of applications, not Apple, being a possible problem)
3:22 - (Comey has clearly spoken to PR people pre-appearance. The message he's giving is less demanding, and more conciliatory and persuasive than in the last two weeks - MW)
3:25 - Karen Bass (D-CA): Constituents not supportive, had a hard time believing that the FBI couldn't already do this. How have so many others cracked iPhones. Between all intelligence agencies, how has this not happened?
3:25 - A: 16 agencies consulted. "if we could have done this quietly and privately, we would have done it."
3:27 - Comey claims that with blocks removed, that the phone can be penetrated in 26 minutes or less.
3:28 - Raul Labrador (R-ID)
3:28 - Q: You can go to a landlord, can you make me a key for a property. This is very different? A: Yes.
3:29 - Q: In this case Apple has never created the key, as far as we know. A: Yes.
3:31 - Q: maybe one of the reasons that Apple isn't doing this, is because they get hacked. If you make that key, you're opening up vulnerabilities. A: "I see the argument"
3:33 - Cedric Richmond (D-LA): Enters into record press reports about encryption holding up criminal investigations.
3:34 - Detailing Brittany Mills case, where a diary is locked in a phone. Showcasing surviving family.
3:35 - Q: are we in danger of creating an underground criminal sanctuary?
3:35 - A: "We are in danger of that" cites "awesome" devices like iPhone making a different world. "Privacy is awesome, but stopping this kind of savagery, pedophilia and murder that hides in these dark places is incredibly important."
3:36 - (why did it take the representative to get Apple and the DA in the case together? -MW)
3:37 - Q: Cites hack risk in the Ukraine, where trip members were informed to leave phones behind on the plane, powered off. Does Russia have enough technology advantage to get in, and the FBI can't?
3:37 - A: "some countries have different control over their infrastructure, and make providers make accommodations for surveillance." "We are a rule of law country."
3:39 - Suzan Delbene (D-WA): Tech background. Don't you think that reversion to earlier (hackable) OSes is an oversimplification of the issue?
3:39 - A: "I would expect technology companies to continue to improve their security" however "not the companies job to maintain the public safety."
3:40 - A: "Business model problem"
3:40 - Q: Talking about phones today, growth of Internet of Things will make this discussion more problematic.
3:42 - Q: "Discussion is between security and security" (meaning between national security, and personal security)
3:42 - A: "larger societal problem" is the collision between securities.
3:44 - Hakeem Jeffries (D-NY): No demons, not questioning Apple's motives. DOJ has, is that correct?
3:44 - A: "DOJ believes that motives are market position" which he has sympathy for.
3:45 - A: "Apple has a legal obligation to maximize shareholder value" so market share is a legitimate obligation.
3:45 - Q: Feb 18 NYC press conference, law enforcement says that Apple is engaging in "Corporate irresponsibility"
3:46 - A: "I wouldn't characterize it that way."
3:47 - Q: tech available today, Americans have the opportunity to choose between privacy or unfettered data access? (Apple versus Facebook? -MW)
3:47 - A: "I don't accept that premise."
3:49 - Statement before ceding: American citizen is choosing the value of privacy, something we should respect as congress is attempting to craft a solution.
3:50 - David Cicilline (D-RI) Different than all the examples about producing items in your custody. Different kind of warrant, as compelling third party to create IP that doesn't exist.
3:50 - A: Vague yes.
3:51 - Q: Different than simply asking somebody to produce something that they're in possession of.
3:51 - A: Goes back to Landlord example. (some confusion - MW)
3:52 - Q: Said repeatedly that the government can't unlock the phone on its own. NY case referred to, government argued in an unrelated case that it has technology to override the password security feature (rep seems to not be familiar with different models and oses - MW)
3:52 - A: Points out differences in phones and iOS versions between NYC and SB. "5c, iOS 9, we don't have that capability."
3:53 - Q: This authority needs to come from congress
3:53 - A: Comey Disagrees.
3:54 - Q: What do you recommend? (Believes All Writs, CALEA doesn't allow for ordering Apple to make the tool - MW)
3:54 - A: "I'm not prepared to make a recommendation."
3:55 - (last one for Comey!) Scott Peters (D-CA) - "the notion of invulnerable communications is something we should all be concerned about."
3:56 - No sign of letters from Google, Microsoft, or others.
3:56 - Comey excused.
3:56 - Time for Apple's attorneys.
3:58 - Bruce Sewell introduced.
3:59 - Cyrus Vance introduced.
4:00 - Sewell: reiterates that the victims has Apple's "deepest sympathies" and that Apple has "no sympathy" for terrorists. Notes 24/7/365 law enforcement compliance team.
4:01 - "center of an extraordinary circumstance"
4:01 - being asked to "Create an OS that does not exist."
4:03 - (I still think a big thing here for Apple in this is Apple Pay. Without nearly unbreakable encryption, the banks wouldn't go for it. -MW)
4:03 - (aside, Sewell has shifted to his paper copy of his speech - MW)
4:06 - Susan Landau (WPI professor) opening statements. Smartphones have "absolutely everything" to do with security and privacy.
4:07 - Smartphones poised to be authenticators, including in some government agencies. (and Apple Pay! -MW)
4:08 - Precedent means that Apple will have to maintain the codebase, because of multiple requests by law enforcement. At some point, the process is subvert-able when it becomes a routine process.
4:09 - "CALEA is a security nightmare"
4:10 - "law enforcement needs to develop 21st century technology" for investigations, by themselves. "Congress can help."
4:10 - (interesting tack to take, not Apple's problem to break into the phone, but if the government builds a center, then that's okay - MW)
4:12 - Cyrus Vance: testifying for national DA's association. Here to discuss the state and local level point of view.
4:13 - (Vance has claimed that he has 175 phones that he will request to be unlocked if the FBI prevails)
4:14 - "criminals are laughing at us" regarding iOS 8 and encryption. Inmate in NY prisons calls it "a gift from god."
4:15 - Vance: pointing out iOS 7 was different, saying that Apple acknowledged police data requests, among others.
4:16 - Vance now claims 205 phones await unlocking.
4:16 - Houston 100, 46 in CT, "few of thousands of Phones taken into evidence" per year.
4:17 - "time is not a luxury for state or local law enforcement"
4:18 - Chairman: reiteration of the "business model" question. Sewell: "every time I hear this, my blood boils" We don't put up billboards that market our encryption. "protecting the security and privacy of iPhone users is the right thing to do"
4:19 - Sewell: Judge Orenstien said that apple's position was "conscientious"
4:20 - Chairman: Previous levels of encryption are fine, but current models are allegedly not good. What do you think? Sewell: path to encryption started in 2009, not recently. iOS 7 and 8 differed because encryption algorithm changed.
4:20 - Chairman: Moving end-to-end, why? Sewell: "Apple is in an arms race with criminals, cyber-terrorists, hackers"
4:22 - Chairman: If FBI succeeds in getting the order, however long that takes, and Apple has to develop the "device" to bypass the 10-times-entry erasure, once entered, there may be all manners of other restrictions (apps, et cetera)
4:23 - Sewell: Pernicious apps we see is "Telegraph." A method of providing absolutely uncrackable communications. If Apple forced to make a new OS, "it will weaken our safety and security but not affect the terrorists in the least."
4:24 - Conyers to Landau. Did encryption exist before the invention of the iPhone? A: Yes, existed for centuries, debates for decades. White House changed rule in 2000.
4:25 - Conyers: Any difference between asking Apple to break its own encryption and what the FBI has demanded in California. (confusing question)
4:26 - Conyers to Sewell: repeated question, difference between making Apple to break encryption, and asking Apple assist the FBI to break encryption. A: No difference.
4:27 - Q: Apple working against law enforcement, and that it no longer responds to legal demands? Sewell: Absolutely false. Dedicated individuals available to participate instantly.
4:28 - Q: Why is Apple taking this stance? What is at stake in San Bernadino A: Not about the SB case, this is about the safety and security of every iPhone. This isn not about the difference between the 5c and 6, the tool that needs to be made will be universal.
4:30 - Jim Sensenbrenner (R-WI): FBI attempting to enforce a lawful court order. Why is Congress the best place to decide this issue. Sewell: Because it will end up in Congress anyhow. Ex Parte orders, such as the original order is not an extension of the debate, its a way to cut off the debate.
4:30 - Sewell: No bill to consider.
4:31 - Q: what policy would Apple support
4:31 - Sewell: Asking for debate. Apple has no proposal or solution at this time.
4:31 - Sewell: Not a security versus privacy issue.
4:31 - Q: Snowden induced. "You're not going to like what comes out of congress."
4:32 - A: We will follow the law that Congress comes up with.
4:32 - Q: "When are we going to hear what you do like?"
4:34 - A: We believe that Apple has articulated our position.
4:37 - Nadler: to Vance: FBI limited request to one device, you mentioned you have over 200 iPhones. Precedent setting? A: "There may very well be an overlap in litigation." Vance seeks a framework where there are standards for a court to authorize access.
4:38 - Q: 600 encryption products online, 400 open source, made by foreign entities. Would law force bad actors to use us-approved sources? Landau: "absolutely not" Apple encryption is easy by default, regular person using phone has security. Law would weaken us, but not change it for the bad guys.
4:39 - Q: debating something that is undoable? A: That's right.
4:40 - Q (to Sewell): Limiting principle in SB case? A: No. Q: several defenses laid out by Apple. A: "What we're being asked to do is write a new OS." Code to speech is well established, so this is compelled speech. Also, speech which Apple does not make. Fifth amendment is forced labor.
4:41 - Q: Nadler to Sewell: any place in history where things are commandeered, not in war? A: No.
4:43 - Q: do you know of any shredder company that's been told that it needs to make technology to reassemble shredded documents? A: multiple nos.
4:44 - Issa: back on the mirroring conversation from about four hours ago. A: Apple has no idea about the condition of the phone.
4:44 - (de-chipping is stupidly labor expensive, and risky - MW)
4:45 - Sewell: Apple has never been asked for its source-code.
4:46 - Lofgren: Q: If Apple is served with a warrant, and it has it, it surrenders it? A: Yes.
4:47 - Q: if it was possible to do something to get just this one thing, without anything else being exposed, would you have a problem with that? A: "How do you create the right kind of analogy for this situation?" If Apple had a perfect box that contents inside were invulnerable, it would have made it.
4:48 - A: The FBI is asking us to make a break-in tool, and put it in this perfect box, which doesn't exist.
4:48 - Q: is it possible for Apple to defeat the 10-time erase? A: Apple is being asked to do three things, and it can, but the question is the cost of doing it.
4:50 - Q to Landau: As a practical matter, asking Apple to do this is unachievable. A: the FBI request is wrong, and Apple will in fact have to make a universal key, and a routine process, which get subverted.
4:51 - Q to Sewell: If I take my iPhone to Russia, can they break in? A: with respect to the phone, on iOS 8, effectively impossible. At the internet level, there are sophisticated techniques there are vulnerabilities.
4:52 - Poe (ex-prosecutor and judge): Two cases, San Bernardino as well as NY case. Believes fourth amendment doesn't count here because of ownership of phone. US is supposed to lead on privacy, but other countries seem to have more concern about privacy.
4:53 - Poe to Sewell: Explain how this is a first amendment or fifth amendment issue. (Seems that this has been answered - MW)
4:53 - A (Sewell): Code is speech, this isn't speech that Apple wants to make. Fifth protects from protection against conscription.
4:54 - Q: how does this affect Apple in other countries?
4:54 - A: Sewell: affects customers, affects everyone who owns an iPhone, data can be compromised. "America should be leading on this issue, and the world is watching."
4:56 - Q: What is your solution? Would one option not be Congress preventing the back door from being imposed on tech companies? A: "that is certainly one possibility"
4:56 - Q: if the courts rule that you have to develop the technology, would that be able to be used on all the other phones? A: Yes.
4:57 - Q: Would other countries (China named) then demand? A: to date, we do not have demands in other countries, just in this one. If Apple is ordered it would be a "hot minute" before Apple gets requests from other countries.
4:58 - Johnson to Vance: Difference between a company being ordered to use "reasonable technical assistance" versus a civil subpoena or court order the delivery of information in custody. A: "not sure there is a difference."
4:59 - A: "we know that criminals are using these devices to commit crimes" so "companies have to adapt to the realities of the product that they created."
5:01 - Q to Landau: Should the government have the ability to use its best efforts to accomplish a technical feat? A: Not a lawyer, but it is a security mistake. "target of organized crime and nation states" if Apple makes the tool.
5:03 - Same question to Sewell: "reduces the safety and security." Q: what about the security and safety of those who may be affected by an ongoing situation where information is sought? A: "that's what makes this such a hard issue" balancing two discrete security issues.
5:04 - Gowdy: Q under what circumstances would you make this tool? A: "privacy, security, personal safety"
5:06 - (contentious back-and-forth between the question that is being answered) Sewell said that Apple will follow the law. Sewell: "We don't have legislation to propose today." Gowdy demanding answer today.
5:07 - A: "It is my firm belief that legislation can be drafted."
5:09 - Voice exemplars brought up by Gowdy. Gowdy back on forcing doctors to perform procedures in the name of law enforcement.
5:11 - Deutch to Sewell: Confused by focus on forced surgical procedures, then you can force a company to break into a phone. Points out discrepancy between analogy and what Apple is being asked to do. Discuss three factors that Apple is being demanded to make.
5:12 - Sewell: Capabilities of bad actors increasing. 1) Method to suppress data deletion after 10 failed attempts. 2) Time delay between successive attempts. (tailored to situation where phone is stolen to defeat brute force attack). 3) re-write touchscreen control code, to allow for bypass of manual entry of passcodes.
5:13 - Q to Sewell and Vance: If you can guarantee that this is one phone, then this can be disposed of, then do it. Question is, is that the case actually?
5:14 - Vance: "if this code is created, and you are looking at the risk to other apple phones in the world, those phones will have to come to Cupertino."
5:15 - Sewell disagrees. Q: will hackers be able to find a way around the Cupertino requirement? Sewell: yes. Suggestion made that Apple send a hard drive to the FBI to get this done.
5:16 - Vance: "i respectfully disagree" with Apple, but confesses that Sewell's knowledge of the company is great. "can't answer how likely it is" that the code will escape.
5:17 - Vance seeking more information from Apple on risk of code escaping.
5:17 - Vance: consequence now that families are not getting justice.
5:19 - Landau: Not addressing the future of devices as authenticators of identity. Risk is that somebody will come into Apple and will get the ability to get a phone that should not be decrypted.
5:19 - Vance: What about the victims whose cases are sidelined while an academic discussion is being had about encryption.
5:21 - Lofgren: interested in comment about vulnerabilities introduced with compliance with FBI order.
5:22 - Landau: Loss is not academic or theoretical, if key is made. Country will be "extremely vulnerable" with weakened encryption. Points to break-in in Ukraine power grid caused by issue.
5:23 - Landau: Big picture at stake. What law enforcement is asking for is weakening the future. Law enforcement needs to develop the same skills the NSA has, in dealing with decryption. Funding well below what it should be.
5:26 - Gutierrez reiterates that phones are subject to bad actors as it is. Balance needs to be struck
5:28 - Richmond: reiterates Louisiana case where phone can't be penetrated. If the FBI developed technology where the phone could be penetrated, would Apple have a position?
5:28 - Sewell: Apple would have no position on it.
5:29 - Richmond: Reiterates the question. Sewell: yes, I'd have a problem with that, as it would be a security issue.
5:29 - Richmond: does anybody you know at Apple have the ability or the knowledge to unlock that phone? Sewell: No.
5:30 - Richmond: Does anybody have the ability to unlock the phone. A: Short of creating something new, no.
5:30 - Landau: Arms race ongoing in encryption.
5:31 - Landau: believes that the FBI should develop in-house the ability to break into phones. Mindset of FBI 20 years old.
5:32 - Richmond: terrorist has a nuclear bomb location on the phone, and he dies. How long would it take Apple to develop the tool? Sewell: look at all the data surrounding that phone. In one hour after Malaysia Air crashed, Apple had engineers working with law enforcement.
5:33 - Richmond: Clarifying the position that Apple has been cooperative with Louisiana DA.
5:35 - (floor clearing out, this may be coming to an end - MW)
5:37 - Sewell: liable if Apple fails to close known security vulnerabilities.
5:38 - Landau: bad encryption, or weak encryption is dangerous, and will increase in danger.
5:39 - Chair: China "cloud" in China. What's stored in that cloud?
5:40 - Sewell: Number of things in the China cloud -- no personal data is there, unless individual has a Chinese address. Movies, books, iTunes music are there.
5:40 - Chairman: Cost to make the move from US to China.
5:41 - Sewell: time is instant, labor cost is monumental.
5:42 - Sewell on privacy: if we cede to the FBI's demands, then privacy is at risk. Safety and privacy at risk if the tool is made.
5:42 - Chairman: no method that exists that Apple could unlock phone and let the FBI know what is in there?
5:42 - Sewell: Apple is not aware of such a method.
5:43 - Chairman: Related to China move, what is the cost of developing the tool? Sewell: undue burden is the compromise to security, not time or cost.
5:43 - Sewell: This isn't a one-phone issue, don't believe that it is contained or can be contained to one phone.
5:44 - Jeffries to Sewell: extensive record of cooperation from Apple with San Bernardino? Sewell: yes, for over 75 days. Jeffries laying out schedule of requests from FBI.
5:46 - Jeffries: issue about building anti-encryption tool, not about Apple's cooperation with FBI. Sewell: being asked to make a method to hack the iPhone.
5:47 - Jeffries to Vance: Asking about greater good, as spelled out by Scalia ruling in the late eighties.
5:47 - Vance: "picture we are seeing from the state perspective is that Apple will strike that balance, with no access by law enforcement, even with a warrant."
5:48 - Vance: we had a balance before, and Apple unilaterally changed it.
5:52 - Cicilline: Asking if there's some threshold that Apple should be mandated in "narrow category" to implement cellphone break-in.
5:53 - Sewell: Spend a lot of time thinking about how to assist customers in extreme situations, and the consequences of devices we create. Passcode unlock does not lend itself to a limited use. Reminds the panel that the tool does not exist.
5:54 - Sewell: warrants have been responded to in this case.
5:55 - Landau: There are non-Apple ways to get into the phone, risking the data. However, the FBI hasn't developed the technology to do so, and the NSA won't share.
5:57 - Lofgren (again): changing of the password on the 5c. What did that do?
5:58 - Sewell: Had the password not been changed, an auto-backup could have happened, and the iCloud backup would have been available to the FBI. Connect to a known Wi-Fi source, and it will start to auto-backup. Changing the iCloud password broke the connection between the phone and iCloud.
5:59 - Chair: Does the Chinese government have access to the Apple iCloud? Sewell: Unaware of a Chinese hack through Apple? No.
5:59 - Panel is concluded. Questions can be submitted for five days.