Not Backing Down on Backdoors, Apple Takes Privacy Fight to Capitol Hill
Congressional hearing comes one day after Apple wins 'major legal victory' that could impact outcome of California case
Apple and the FBI will take their high-profile encryption battle to Capitol Hill on Tuesday, with both sides calling on Congress to weigh in on the "watershed" privacy case—as well as the significant precedents it could set.
FBI Director James Comey, Manhattan District Attorney Cyrus Vance Jr., and Apple's senior vice president and general counsel, Bruce Sewell, will testify at a House Judiciary Committee hearing titled "The Encryption Tightrope: Balancing Americans' Security and Privacy."
"The FBI is asking Apple to weaken the security of our products," Sewell wrote in prepared testimony (pdf). "Hackers and cyber criminals could use this to wreak havoc on our privacy and personal safety. It would set a dangerous precedent for government intrusion on the privacy and safety of its citizens."
Vance, on the other hand, will urge (pdf) Congress to pass a law requiring companies like Apple to retain user keys for decrypting user data, according to testimony posted to the committee's website. A November proposal from Vance's office argued that Congress require any phone manufactured or sold in the U.S. "must be able to be unlocked, or its data accessed, by the operating system designer" pursuant to a court order.
Not doing so, Vance will argue, "cripples even the most basic steps of a criminal investigation."
But in a statement on Tuesday, digital rights group Fight for the Future warned that "what the FBI is asking Apple to do will make us less safe, not more safe."
"If we allow the government to set a precedent that they can force private companies to punch holes in the technological defenses that keep us safe, it’s not a question of if someone to will exploit that to cause harm to the public, it’s a question of when," Fight for the Future co-founder Holmes Wilson said. "Congress needs to listen to security experts by unequivocally supporting strong encryption and opposing backdoors."
The proceedings come one day after Apple "scored a major legal victory" when a judge in New York ruled that the U.S. government could not compel the tech company to unlock an iPhone so that investigators could analyze its data as part of a drug case.
In a 50-page ruling, Magistrate Judge James Orenstein found that the All Writs Act—the same law the government is citing in the San Bernadino case—did not justify the government's request. According to Reuters, "Orenstein also found that Apple was largely exempt from complying with such requests by a 1994 law that updated wiretapping laws."
Ars Technica writes that "[t]he ruling, the first of its kind on the topic, has no legal bearing on the outcome of the California case as they are proceeding in different federal judicial districts. Apple hopes, however, that that Riverside judge will be 'persuaded' by the decision, according to a company executive who was granted anonymity on a call with reporters."
Meanwhile, security and law enforcement experts told Politico this week, it's unlikely that investigators will find "much useful new information" even if they are granted access to the iPhone in question.
So why all the hubbub over one single smartphone?
Politico reports: "Critics say the FBI is picking a fight with Apple over long-standing tensions about the increasing impenetrability of the iPhone’s encryption, rather than acting from an immediate, pressing need to extract evidence."
Indeed, said former FBI special agent and whistleblower Colleen Rowley in a recent op-ed, Comey's assertion to the contrary is "disingenuous."
"Does he not know that the government’s 'Plan B' secret agenda to create 'work-arounds' to defeat encryption recently came to light?" Rowley wrote. "Does he expect us to believe that he was not part of the secret White House meeting last fall where senior national security officials ordered agencies to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.'s?"