Apple v FBI: The US Debates Privacy

Uploaded on 2016-03-07 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, NEWS-Cybersecurity News

Is there such a thing as security that  is so good that it's a danger to society? That's the bigger picture at hand as Apple continues to fight an order to unlock a terrorist's iPhone.

That fight made its way to Capitol Hill recently for a hearing in front of the House Judiciary Committee, the government body that covers matters relating to how law and order is enforced in the US.

Over the course of four meandering hours, representatives dived headfirst into the complexities of the case FBI director James Comey said is the most difficult issue he has ever had to deal with.

He told the committee that his organisation was seriously concerned by the growth of what law enforcement describe as "warrant-proof spaces" - the term given for methods of communication or storage that, even with the correct permission from the court, can't be accessed. Not by police and not by technology companies.

Apple has strong support among its users - and from the technology industry. "If we're going to move to a place where it's not possible to overcome that," Mr Comey warned, "that's a world we've never lived in before in the United States."

His demand that Apple assists his agency in weakening the iPhone's security was met with this from California Congresswoman Zoe Lofgren.
"The alternative [to strong encryption] is a world where nothing is private.

Apple was represented in this hearing by its lead counsel, Bruce Sewell.
Aside from customer letters, and a somewhat stage-managed interview with ABC, it's the first time the computing giant has been put under scrutiny over its refusal to comply with the FBI order.

Bruce Sewell said breaking into the iPhone would be dangerous. Sewell put in a strong performance thanks, largely, to the testimony of cryptology expert Prof Susan Landau - whose pivotal input I'll discuss later. Mr Sewell endured fierce exchanges with South Carolina Congressman Trey Gowdy, who was angry at what he deemed a lack of cooperation in this controversial case.

How is it possible, the Congressman offered, to live in a world where the FBI has the authority to stick a finger up someone's rear in search of drugs, but not the power to look at the locked iPhone of that same suspect? There's no simple answer to that, of course, though Apple might contest that law enforcement's capability to carry out such physically intrusive actions doesn't increase the general public's risk of exposure to an unruly finger or two.

But, crass comparison aside, Congressman Gowdy's heated questioning eventually arrived at this key point - if Apple won't comply with this order, he thinks the company must at least be forthcoming in sharing what it is actually prepared to do.

In a similar vein, the session's sound-bite moment came from the mouth of Congressman Jim Sensenbrenner, who scolded Apple for having the audacity to demand Congress do something without offering any solution itself.

"All you've been doing is saying 'no… no no'," the Congressman said.
"You're operating in a vacuum…You've told us what you don't like. You haven't told us one thing about what you do like. When are we going to hear about what you do like so Apple has a positive solution to what you are complaining about." Congress could, he added, continue unassisted by Apple, "but I can guarantee you aren't going to like the result".

Mother's diary
That's because, judging by some of the questioning during the session, some members of Congress consider it unfathomable that police cannot reach the information kept in Apple devices.

It's a barrier hindering many, many cases. Mr Comey could not say exactly how many phones the FBI wanted to unlock nationwide, other than that it was "a lot".

Later in the hearing, we learned that there are 205 locked iPhones currently held by police in New York alone.

We were reminded about a case involving Brittany Mills, an expectant mother who was shot and killed on her doorstep in Louisiana last year. Her baby boy died soon after. Ms. Mills - whose family attended the hearing - kept a personal diary on her phone that could contain crucial information about the murderer. The phone is locked, rendered unreachable by Apple's encryption software.

"I think about the nine-year-old girl who asked 'why can't they open the phone so we can see who killed my mother'," said Louisiana Congressman Cedric Richmond.

Mr Sewell said Apple had done a lot to help with that investigation, but without creating the kind of tool demanded by the FBI in the San Bernardino case, it would be unable to assist further.

Making a smarter FBI
But maybe someone else could?
Republican Congressman Darrell Issa - a favourite among tech enthusiasts thanks to his opposition to several bills considered to be anti-internet - gave Mr Comey a hard time over the process leading up to asking for Apple's help.

Mr Issa said the FBI had not explored all the options for accessing the data and circumventing Apple's security.

He said the FBI should be investing in bringing in people with that expertise, not relying on companies like Apple to do the work for them.
Point being - if the FBI could crack the phone itself, Apple's opposition would be irrelevant.

This call was backed up by the thoughts of Prof Landau, an independent cryptology expert who argued, with some force, that there was no way the FBI's request in San Bernardino could be carried out safely.

The so-called Islamic State has used encrypted app Telegram to announce attacks
She said that while Apple could no doubt keep the code required to crack Syed Farook's phone a secret, the real issue is what will happen when Apple is subjected to possibly hundreds of requests to do the same thing on other devices.

She said the surge of orders would mean Apple would need to create a faster process to handle the task, one that would by its nature be vulnerable to exploitation through interception, or perhaps a rogue employee.

Prof Landau insisted the only real course of action was for the FBI to invest heavily in becoming smarter - rather than compelling Apple to make its products less secure.

Because a weakened iPhone would have one critical side effect, she said. Criminals would simply use other, more secure methods to talk to each other - apps created by countries outside the US, offering encryption mechanisms even more secure than those offered by Apple currently.

Should that happen, the wishes of Congress matter not a jot.

"What you're saying," Congressman Jerrold Nadler asked Prof Landau, "is that we're debating something that's… undoable?
"That's right."

Ein News: 

« 8 in 10 IT Pros Believe Data Is Cloud Safer
Reduce Risk With Threat Intelligence »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

InfoSecurity Magazine

InfoSecurity Magazine

Infosecurity Magazine has over ten years of experience providing knowledge and insight into the information security industry.

RioRey

RioRey

The DDoS mitigation specialist, from single server to Enterprise wide carrier level networks the RioRey Solution provides effective immediate and easy to manage protection.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

FoxGuard

FoxGuard

FoxGuard develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

Dark Cubed

Dark Cubed

Dark Cubed is an easy-to-use cyber security software as a service (SaaS) platform that deploys instantly and delivers enterprise-grade threat identification and protection at a fraction of the cost.

Canadian Institute for Cybersecurity (CIC)

Canadian Institute for Cybersecurity (CIC)

The Canadian Institute for Cybersecurity (CIC) is a comprehensive multidisciplinary training, research and development, and entrepreneurial unit.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

Curtail

Curtail

Curtail keeps businesses running by using live traffic analysis to identify defects before software goes live, and detect and isolate security threats before they impact systems.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Guardian Digital

Guardian Digital

Guardian Digital makes email safe for business. Threat-ready business email protection. Fully supported.

Telsy

Telsy

Telsy is a security partner for ICT solutions and services. We help you implement effective security solutions that increase your risk mitigation ability and your responsiveness.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.

Hiya

Hiya

Hiya's mission is to secure voice with trust, identity and intelligence. We're protecting people from spam and fraud calls, and helping carriers secure their networks for all.