iPhone Encryption: 7 Reasons Why Feds Want It Cracked
Testimony from the FBI and National District Attorney's Association speak to the range of issues that have them fighting Apple's encryption practices. These seven snippets offer a summary of their positions.
Next week, the Judiciary Committee plans to meet again with the long-term goal of finding an agreeable balance between encryption technologies and the ability for law enforcement to enforce the law.
Apple CEO Tim Cook got the country's attention Feb. 16, when he posted an open letter to customers describing Apple's position and what it believes is a matter that should be considered by Congress. Encryption and the daily cyberattacks leading to calls for ever-greater amounts of it make headlines daily.
Here, we focus on the other side's stated positions, drawing from testimony that FBI Director James Comey and a representative of the National District Attorney's Association (NDAA), Cyrus Vance, submitted before the Committee March 1.
1. Apple proves every day that it already has the capability to bypass iPhone users' passcodes.
"Apple has not addressed the fact that it already can, and frequently does, bypass iPhone users' passcodes. For example, Apple has the ability to access an Apple device remotely, such as when it tracks the location of a device and erases its contents remotely ("Find My iPhone") …" Vance testified.
"Apple has never explained why [mobile device management] -- tools that Apple enables and promotes, and which allow third parties to access a user's iPhone without a passcode -- do not compromise an iPhone user's security, while any software Apple develops in order to comply with a search warrant may fall into 'the wrong hands.'"
2. By switching to default device encryption in 2014, Apple effectively changed law-enforcement -- and it doesn't have the right to.
"Smartphone encryption has real-life consequences for public safety, for crime victims and their families, and for your constituents and mine. In the absence of a uniform policy, our nation will effectively delegate the crafting of national security and law enforcement policy to board rooms in Silicon Valley," Vance testified.
"That is, important responsibilities of our government will be carried out by Apple, Google, and other technology companies, who will advance the best interests of their shareholders, not necessarily the best interests of our nation."
3. The government doesn't want to access data -- Apple should access data for it.
"[We have] proposed a solution that we believe is both technologically and politically feasible: Keep the operating systems of smartphones encrypted, but still answerable to search warrants issued by neutral judges. We do not want a backdoor for the government to access users' information, and we do not want a key held by the government," Vance testified.
"We want Apple, Google, and other technology companies to maintain their ability to access data at rest on phones, pursuant to a neutral judge's court order."
Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!
4. With its encryption policy, Apple is essentially creating its own laws.
"Technology companies should not be able to dictate who can access key evidence in criminal investigations. No device or company … should be able to exempt itself from court obligations unilaterally. And they should not be able to write their own laws," Vance testified. "That authority should rest with the people's elected officials."
5. Apple's stance is motivated by its bottom line.
"Apple is not above the law, and its bottom line is not more important than the safety of Americans," Vance testified.
"In Mr. Cook's February 16, 2016, letter, he argues that the FBI's request for assistance in the San Bernardino case 'threatens the security of our customers.' Mr. Cook and his colleagues at Apple have effectively decided that they know better than our elected representatives and professionals in law enforcement how best to keep Americans safe."
6. Terrorists are advancing their causes through every available technology, while US law enforcement is being stymied by technology.
"Terrorist groups, such as ISIL, use the Internet to great effect. With the widespread horizontal distribution of social media, terrorists can spot, assess, recruit, and radicalize vulnerable individuals of all ages … As a result, foreign terrorist organizations now have direct access into the United States like never before," FBI Director Comey testified.
"Some of these conversations occur in publicly accessed social networking sites, but others take place via private messaging platforms. These encrypted direct messaging platforms are tremendously problematic when used by terrorist plotters. … If we cannot access this evidence, it will have ongoing, significant impacts on our ability to identify, stop, and prosecute these offenders."
7. The country needs to consider whether it's comfortable with the FBI "Going Dark."
The FBI frequently uses the term "Going Dark" to refer its technical inability to access communications and information that it has legal authority to access. Essentially, the organization is left in the dark about a matter.
Comey testified: "the Going Dark problem is, at base, one of technological choices and capability. We are not asking to expand the government's surveillance authority, but rather we are asking to ensure that we can continue to obtain electronic information and evidence pursuant to the legal authority that Congress has provided to us to keep Americans safe."
He continued, "The core question is this: Once all of the requirements and safeguards of the laws and the Constitution have been met, are we comfortable with technical design decisions that result in barriers to obtaining evidence of a crime?"
Michelle Maisto is a writer, a reader, a plotter, a cook, and a thinker whose career has revolved around food and technology. She has been, among other things, the editor-in-chief of Mobile Enterprise Magazine, a reporter on consumer mobile products and wireless networks for ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.