Encryption & Key Management , Governance & Risk Management , Next-Generation Technologies & Secure Development

Apple, FBI Battle Before House Judiciary Committee

Neither the FBI Director Nor Apple's Top Lawyer Budge from Positions
Apple, FBI Battle Before House Judiciary Committee
FBI Director James Comey

The impasse over whether Apple should help law enforcement crack open encrypted iPhones continued during a House hearing, as neither the FBI director nor Apple's top lawyer budged from their positions.

See Also: The Dark Side of AI: Unmasking its Threats and Navigating the Shadows of Cybersecurity in the Digital Age

FBI Director James Comey and Apple General Counsel Bruce Sewell couldn't even agree on whether the government was asking Apple to create a backdoor to unlock the iPhone 5c used by one of the San Bernardino shooters.

"I hear folks talking about keys and backdoors; I don't see that this way," Comey told the House Judiciary Committee on March 1. "There's already is a door on the iPhone. Essentially, we're asking Apple to take the vicious guard dog away [and] let us try to pick the lock."

FBI Director James Comey discusses the risks associated with the inability to crack open encrypted devices.

But in explaining that the government essentially is asking Apple to build a new operating system for the iPhone to bypass password protections, Sewell testified that the government is "asking for a backdoor into the iPhone, specifically to build a software tool that can break the encryption system, which protects personal information on every iPhone. ... Building that software tool would not affect just one iPhone, it would weaken the security for all of them."

Conflicting Court Orders

The Judiciary Committee hearing came after two federal magistrates issued conflicting orders on whether the government should compel Apple to help law enforcement open locked iPhones. A U.S. magistrate in Brooklyn, N.Y., on Monday denied a request by federal authorities to force Apple to retrieve data from an iPhone involved in a narcotics case (see Apple Wins Legal Round Over Unlocking a 2nd iPhone). On Feb. 16, a magistrate in California ordered Apple to help the FBI disable security features that prevent access to data on the iPhone used by Syed Rizwan Farook, one of the San Bernardino shooters who killed 14 people (see Apple Blasts Judge's iPhone Backdoor Order).

Apple General Counsel Bruce Sewell makes the case against creating a backdoor.

Sewell took exception to Comey's contention that the tool the government is asking Apple to build would only apply to the iPhone 5c and not subsequent generations of the smartphone. "There is no distinction between 5C and 6 in this context," Sewell said. "The tool we're being asked to create will work on any iPhone that is in use today. It is extensible; it is common. The principles are the same. The notion that this is somehow only about opening one lock, or that there is some category of locks that can't be opened with the tool that they're asking us to create is a misnomer."

Arguing Merits of Positions

Both witnesses took the opportunity to make their cases on what they see as the merits of their positions.

Comey said authorities would be at a disadvantage in collecting evidence from the devices that could prevent a terror attack or solve a crime without access to the iPhones. "We are seeing more and more cases where we believe significant evidence resides on a phone, a tablet or a laptop - evidence that may be the difference between an offender being convicted or acquitted," the FBI director said. "If we cannot access this evidence, it will have ongoing, significant impacts on our ability to identify, stop and prosecute these offenders."

Responding to the government's contention in the San Bernardino case that Apple puts marketing needs before civil responsibility, Sewell said when he hears such accusations, his "blood boils."

"This is not a marketing issue," he says. "That's a way of demeaning the other side of the argument. We don't put up billboards that talk about our security. We don't take out ads that market our encryption. We're doing this because we think that protecting the security and privacy of hundreds of millions of iPhone users is the right thing to do. ... To say that it's a marketing ploy or it's somehow about PR, really, really diminishes what should be a serious conversation involving this Congress, the stakeholders, the American people."

Legislative Solution

A number of committee members said they expect Congress to address the impasse with legislation, although there was no consensus among the lawmakers on how such a law would be structured.

Rep. Jim Sensenbrenner, R-Wis., expressed frustration with Sewell for not offering any legislative solutions. "You haven't said what Apple would support," Sensenbrenner said. "All you been doing is saying, 'No, no, no, no.'"

Sensenbrenner said without Apple's suggestion, drafting of the legislation would be left to lawmakers' own devices. "We'll be very happy to do that, but I can guarantee you that you aren't going to like the results," he said.

During the hearing, Comey conceded that against Apple's advice, the FBI encouraged San Bernardino County, Farook's employer, to reset the iCloud password for the device. Doing so made it impossible for investigators to access data from the iPhone backed up on iCloud.

But even if authorities didn't reset the password, Comey said he believes that not all of the data would have been retrievable. "I think that I'd still be here talking about it otherwise," he said.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.