Apple’s top legal official on Tuesday appeared before the U.S. House Energy and Commerce Committee and reiterated the company’s willingness to help law enforcement on active cases and cooperate on long-term solutions, despite its contentious legal battle with the FBI over the encrypted iPhone used in the San Bernardino terrorist attack.
Apple “works daily on an operational level” with law enforcement on a number of cases, General Counsel Bruce Sewell told legislators. Among past collaborations were one that involved child abduction and a case in which lives were saved.
The company is willing to work with law enforcement when they cannot crack the code on encrypted data, he said in response to questioning.
Despite its cooperative stance, Apple would not be able to establish some sort of lockbox to provide law enforcement with a key to access encrypted data without risking the security of its data platform, Sewell said.
“We haven’t figured out a way that we can create an access point and then create a set of locks to protect access through that access point,” he said in response to questioning. “The problem is the key to that lock will ultimately be available somewhere.”
Sewell was one of several encryption and cybersecurity experts who testified at the hearing. His testimony followed remarks by a top FBI official and two local law enforcement experts.
His concerns about the vulnerabilities of a backdoor were echoed by Matthew Blaze, an associate professor of computer and information science at the University of Pennsylvania, who testified that he discovered the same kind of vulnerabilities in the backdoor Clipper Chip encryption device, which the National Security Agency introduced in the 1990s.
Sewell pushed back hard against suggestions in the local law enforcement officials’ testimony that Apple had provided source code to the Chinese government and that Apple had a created a key to access encrypted data 19 months ago but threw it away.
He also balked at suggestions that Apple had decided to provide passcode encryption with its next generation of iCloud, saying nothing has been announced.
Prefer to Stay In-House
In earlier testimony, Amy Hess, executive assistant director for science and technology at the FBI, conceded that the bureau should not rely on “gray hats” to help it access encrypted data going forward.
However, the FBI is not equipped to handle encrypted data investigations on its own, she added.
“These types of solutions that we do employ and we can employ require a lot of highly skilled, specialized resources that we may not have readily available to us,” Hess said in response to questioning.
The Electronic Frontier Foundation has expressed the hope that when the FBI calls on outside parties for help, it will then share with Apple or other technology firms any information gained about vulnerabilities exploited to access data, said Parker Higgins, a spokesperson for the organization.
However, that issue was not addressed at the hearing, he told the E-Commerce Times.
The growing use of encryption in messaging apps and mobile phones has led to real consequences for police investigations on the local level.
During a six-month period ending in March of this year, the New York Police Department was locked out of 67 Apple devices connected with 23 felonies, 10 homicides, two rapes and one case in which two officers were shot in the line of duty, said NYPD Chief of Intelligence Thomas Galati in testimony before the committee.
“In every case we have the file cabinet, as it were, and the legal authority to open it, but we lack the technical ability to do so because encryption protects the contents of those 67 Apple devices,” he testified.
The Indiana State Police examined 1,000 mobile phones related to crimes, testified Captain Charles Cohen, commander, intelligence and investigative technologies.
An estimated 40 percent of the phones involved in Internet crimes against children contain encryption that prevents forensic examination.
Apple and other tech companies should censor the apps that are allowed in their libraries, rejecting those that contain encryption capabilities that might thwart future investigations, according to several officials. That suggestion raised the ire of a number of privacy and technology advocates.
“The suggestion that app stores could be used to censor encryption apps is beyond the pale,” said Ross Schulman, Co-Director of New America’s Cybersecurity Initiative.
“The only way to truly keep encryption apps out of the United States would be to recreate the Great Firewall of China,” he told the E-Commerce Times. “The suggestion would be wholly destructive to commerce within the United States and anathema to the First Amendment.”