Apple v FBI: The US Debates Privacy

Is there such a thing as security that  is so good that it's a danger to society? That's the bigger picture at hand as Apple continues to fight an order to unlock a terrorist's iPhone.

That fight made its way to Capitol Hill recently for a hearing in front of the House Judiciary Committee, the government body that covers matters relating to how law and order is enforced in the US.

Over the course of four meandering hours, representatives dived headfirst into the complexities of the case FBI director James Comey said is the most difficult issue he has ever had to deal with.

He told the committee that his organisation was seriously concerned by the growth of what law enforcement describe as "warrant-proof spaces" - the term given for methods of communication or storage that, even with the correct permission from the court, can't be accessed. Not by police and not by technology companies.

Apple has strong support among its users - and from the technology industry. "If we're going to move to a place where it's not possible to overcome that," Mr Comey warned, "that's a world we've never lived in before in the United States."

His demand that Apple assists his agency in weakening the iPhone's security was met with this from California Congresswoman Zoe Lofgren.
"The alternative [to strong encryption] is a world where nothing is private.

Apple was represented in this hearing by its lead counsel, Bruce Sewell.
Aside from customer letters, and a somewhat stage-managed interview with ABC, it's the first time the computing giant has been put under scrutiny over its refusal to comply with the FBI order.

Bruce Sewell said breaking into the iPhone would be dangerous. Sewell put in a strong performance thanks, largely, to the testimony of cryptology expert Prof Susan Landau - whose pivotal input I'll discuss later. Mr Sewell endured fierce exchanges with South Carolina Congressman Trey Gowdy, who was angry at what he deemed a lack of cooperation in this controversial case.

How is it possible, the Congressman offered, to live in a world where the FBI has the authority to stick a finger up someone's rear in search of drugs, but not the power to look at the locked iPhone of that same suspect? There's no simple answer to that, of course, though Apple might contest that law enforcement's capability to carry out such physically intrusive actions doesn't increase the general public's risk of exposure to an unruly finger or two.

But, crass comparison aside, Congressman Gowdy's heated questioning eventually arrived at this key point - if Apple won't comply with this order, he thinks the company must at least be forthcoming in sharing what it is actually prepared to do.

In a similar vein, the session's sound-bite moment came from the mouth of Congressman Jim Sensenbrenner, who scolded Apple for having the audacity to demand Congress do something without offering any solution itself.

"All you've been doing is saying 'no… no no'," the Congressman said.
"You're operating in a vacuum…You've told us what you don't like. You haven't told us one thing about what you do like. When are we going to hear about what you do like so Apple has a positive solution to what you are complaining about." Congress could, he added, continue unassisted by Apple, "but I can guarantee you aren't going to like the result".

Mother's diary
That's because, judging by some of the questioning during the session, some members of Congress consider it unfathomable that police cannot reach the information kept in Apple devices.

It's a barrier hindering many, many cases. Mr Comey could not say exactly how many phones the FBI wanted to unlock nationwide, other than that it was "a lot".

Later in the hearing, we learned that there are 205 locked iPhones currently held by police in New York alone.

We were reminded about a case involving Brittany Mills, an expectant mother who was shot and killed on her doorstep in Louisiana last year. Her baby boy died soon after. Ms. Mills - whose family attended the hearing - kept a personal diary on her phone that could contain crucial information about the murderer. The phone is locked, rendered unreachable by Apple's encryption software.

"I think about the nine-year-old girl who asked 'why can't they open the phone so we can see who killed my mother'," said Louisiana Congressman Cedric Richmond.

Mr Sewell said Apple had done a lot to help with that investigation, but without creating the kind of tool demanded by the FBI in the San Bernardino case, it would be unable to assist further.

Making a smarter FBI
But maybe someone else could?
Republican Congressman Darrell Issa - a favourite among tech enthusiasts thanks to his opposition to several bills considered to be anti-internet - gave Mr Comey a hard time over the process leading up to asking for Apple's help.

Mr Issa said the FBI had not explored all the options for accessing the data and circumventing Apple's security.

He said the FBI should be investing in bringing in people with that expertise, not relying on companies like Apple to do the work for them.
Point being - if the FBI could crack the phone itself, Apple's opposition would be irrelevant.

This call was backed up by the thoughts of Prof Landau, an independent cryptology expert who argued, with some force, that there was no way the FBI's request in San Bernardino could be carried out safely.

The so-called Islamic State has used encrypted app Telegram to announce attacks
She said that while Apple could no doubt keep the code required to crack Syed Farook's phone a secret, the real issue is what will happen when Apple is subjected to possibly hundreds of requests to do the same thing on other devices.

She said the surge of orders would mean Apple would need to create a faster process to handle the task, one that would by its nature be vulnerable to exploitation through interception, or perhaps a rogue employee.

Prof Landau insisted the only real course of action was for the FBI to invest heavily in becoming smarter - rather than compelling Apple to make its products less secure.

Because a weakened iPhone would have one critical side effect, she said. Criminals would simply use other, more secure methods to talk to each other - apps created by countries outside the US, offering encryption mechanisms even more secure than those offered by Apple currently.

Should that happen, the wishes of Congress matter not a jot.

"What you're saying," Congressman Jerrold Nadler asked Prof Landau, "is that we're debating something that's… undoable?
"That's right."

Ein News: 

« 8 in 10 IT Pros Believe Data Is Cloud Safer
Reduce Risk With Threat Intelligence »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

Brainwave GRC

Brainwave GRC

Brainwave GRC is a leading European software provider focused on Identity Analytics and intelligence to strengthen IT security and compliance.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

360 Total Security

360 Total Security

360 company is the largest provider of Internet and mobile security products in China.

Secucloud

Secucloud

Secucloud GmbH is a provider of high-availability cyber-security solutions, offering a cloud-based security-as-a-service platform, particularly for providers.

Horiba Mira

Horiba Mira

Horiba Mira is a global provider of automotive engineering, research and test services including services and solutions for automotive cybersecurity.

DFI

DFI

DFI is a global leading provider of high-performance computing technology across multiple embedded industries.

CertiPath

CertiPath

CertiPath create products and services that ensure the highest levels of validation for digital identities that attempt to access customers’ networks.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Componolit

Componolit

Componolit GmbH is a highly specialized company with a strong emphasis on trustworthy software, component-based systems and formal verification.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.

Nuke From Orbit

Nuke From Orbit

Nuke's mission is to put you back in control of your digital identity when your smartphone gets stolen.

CompassMSP

CompassMSP

CompassMSP deliver Managed IT and cybersecurity solutions designed to unleash your business's full potential.