Apple General Counsel Bruce Sewell on Tuesday testified before the House Judiciary Committee that his company should not be required write new code for software that would weaken the security of the iPhone in the wake of the San Bernardino, California, terrorist attacks.
The FBI wants Apple to take action that would put the privacy and security of millions of the company’s customers at risk, he said.
Apple has no sympathy for terrorists, said Sewell, who noted that the company immediately cooperated with authorities in the investigation.
The request not only sets a dangerous precedent, but would open the company to countless other requests in the future, putting the security of all those involved in jeopardy, he said. Congress should settle the debate based on a thoughtful and honest conversion on the facts.
“Most importantly, the decisions should be made by you and your colleagues as representatives of the people, rather than through warrant based on a 220-year-old statute,” Sewell told the committee in prepared testimony.
During questions and answers with committee members, Sewell pushed back on the notion Apple was engaged in some sort of marketing exercise in its quest to fight the order. The government claimed in some court filings that Apple had complied numerous times with the requests until they were made public.
Apple was doing what was in the best interests of its shareholders, FBI Director James Comeytold the committee, noting that he had previously worked in a corporate capacity and understood the company’s corporate accountability.
Microsoft plans to file an amicus brief on behalf of Apple this week in its court battle with the Department of Justice and the FBI, a spokesperson for Apple told the E-Commerce Times.
Congress should take the lead on deciding how to balance the issues involved with accessing data on encrypted devices, Manhattan District Attorney Cyrus Vance Jr. testified at the House hearing.
Ninety-five percent of the criminal cases in the U.S. are handled by state and local law enforcement agencies, and Apple’s switch to default device encryption in 2014 has severely hampered their ability to investigate many criminal cases, he said.
As of November, Vance’s office was locked out of 111 smartphones running iOS 8 or higher, he said, citing a report released by the DA’s office, called “Report on Smartphone Encryption and Public Safety.” The number has grown to 175 devices since then, representing 25 percent of the phones received by his office’s cyber lab.
With more users migrating to the newer operating systems, investigators can’t access half of the phones coming into the DA’s office, he said. The phones are involved in investigations of attempted murder, child pornography, sex trafficking, sexual abuse of a child and other crimes.
The district attorney in Harris County, Texas, has more than 100 iPhones that it can’t access, involving cases of human trafficking, violent sex crimes and other crimes, said Vance, who also was representing theNational District Attorneys Association. Prosecutors in Cook County, Illinois, can’t access 30 devices, and authorities in Connecticut can’t access 46 devices.
His office has drafted language for legislation that would require designers of operating systems to provide a way for law enforcement to access unencrypted data on the phones as long as they had a warrant, he said. The legislation would not require the makers to do anything themselves unless the encryption was part of the design.
Other telecom and technology companies have received official requests for data, Vance noted. Verizon received 149,810 in the first half of 2015; Facebook received 17,577 during the same period.
FBI Fighting Last Battle
Law enforcement is using outdated methods and laws to combat a 21st century problem, Susan Landau, who teaches cybersecurity policy atWorcester Polytechnic University, testified. Many law enforcement agencies lack the tools and expertise to fight modern cybercriminals and terrorists using new technologies.
Counter to claims by FBI Director Comey, encryption has been an issue for decades, dating back to at least the 1970s, she said. Other experts in the private sector have ways of accessing the data that the FBI insists only Apple can provide.
Landau, a former policy analyst at Google and distinguished engineer at Sun Microsystems, cited the Chaos Computer Club, a group of European hackers that has exposed flaws in security systems over 30 years. The group last year demonstrated that it could recover data on security chips using electron microscopes.
Landeau’s testimony echoed the wider security community and computer security experts that Apple should not be forced to reengineer its devices, said Mark Jaycox, civil liberties legislative lead at theElectronic Frontier Foundation.
“Director Comey kept on urging Congress to handle this issue — clearly implying legislation — despite the fact that President Obama and the administration said they did not plan on proposing or supporting any legislation,” he told the E-Commerce Times.
“The law enforcement witnesses appear to not understand the technology or wide-ranging precedent at stake in this case,” Jaycox said, adding that committee members did seem to be trying to understand the technological details.
“A majority of the committee appear to be on Apple’s — and the Constitution’s — side,” he said.
TheAmerican Civil Liberties Union on Wednesday announced that it will file a friend-of-the-court brief supporting Apple’s fight against the FBI request to create software that will open encrypted iPhones.
The brief notes that Congress deliberately withheld authority from the government to require that technology companies bypass the security built into their own devices.
“Law enforcement may not commandeer innocent third parties into becoming its undercover agents, its spies or its hackers,” the brief states.