Apple v FBI: The US Debates Privacy

Uploaded on 2016-03-07 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, NEWS-Cybersecurity News

Is there such a thing as security that  is so good that it's a danger to society? That's the bigger picture at hand as Apple continues to fight an order to unlock a terrorist's iPhone.

That fight made its way to Capitol Hill recently for a hearing in front of the House Judiciary Committee, the government body that covers matters relating to how law and order is enforced in the US.

Over the course of four meandering hours, representatives dived headfirst into the complexities of the case FBI director James Comey said is the most difficult issue he has ever had to deal with.

He told the committee that his organisation was seriously concerned by the growth of what law enforcement describe as "warrant-proof spaces" - the term given for methods of communication or storage that, even with the correct permission from the court, can't be accessed. Not by police and not by technology companies.

Apple has strong support among its users - and from the technology industry. "If we're going to move to a place where it's not possible to overcome that," Mr Comey warned, "that's a world we've never lived in before in the United States."

His demand that Apple assists his agency in weakening the iPhone's security was met with this from California Congresswoman Zoe Lofgren.
"The alternative [to strong encryption] is a world where nothing is private.

Apple was represented in this hearing by its lead counsel, Bruce Sewell.
Aside from customer letters, and a somewhat stage-managed interview with ABC, it's the first time the computing giant has been put under scrutiny over its refusal to comply with the FBI order.

Bruce Sewell said breaking into the iPhone would be dangerous. Sewell put in a strong performance thanks, largely, to the testimony of cryptology expert Prof Susan Landau - whose pivotal input I'll discuss later. Mr Sewell endured fierce exchanges with South Carolina Congressman Trey Gowdy, who was angry at what he deemed a lack of cooperation in this controversial case.

How is it possible, the Congressman offered, to live in a world where the FBI has the authority to stick a finger up someone's rear in search of drugs, but not the power to look at the locked iPhone of that same suspect? There's no simple answer to that, of course, though Apple might contest that law enforcement's capability to carry out such physically intrusive actions doesn't increase the general public's risk of exposure to an unruly finger or two.

But, crass comparison aside, Congressman Gowdy's heated questioning eventually arrived at this key point - if Apple won't comply with this order, he thinks the company must at least be forthcoming in sharing what it is actually prepared to do.

In a similar vein, the session's sound-bite moment came from the mouth of Congressman Jim Sensenbrenner, who scolded Apple for having the audacity to demand Congress do something without offering any solution itself.

"All you've been doing is saying 'no… no no'," the Congressman said.
"You're operating in a vacuum…You've told us what you don't like. You haven't told us one thing about what you do like. When are we going to hear about what you do like so Apple has a positive solution to what you are complaining about." Congress could, he added, continue unassisted by Apple, "but I can guarantee you aren't going to like the result".

Mother's diary
That's because, judging by some of the questioning during the session, some members of Congress consider it unfathomable that police cannot reach the information kept in Apple devices.

It's a barrier hindering many, many cases. Mr Comey could not say exactly how many phones the FBI wanted to unlock nationwide, other than that it was "a lot".

Later in the hearing, we learned that there are 205 locked iPhones currently held by police in New York alone.

We were reminded about a case involving Brittany Mills, an expectant mother who was shot and killed on her doorstep in Louisiana last year. Her baby boy died soon after. Ms. Mills - whose family attended the hearing - kept a personal diary on her phone that could contain crucial information about the murderer. The phone is locked, rendered unreachable by Apple's encryption software.

"I think about the nine-year-old girl who asked 'why can't they open the phone so we can see who killed my mother'," said Louisiana Congressman Cedric Richmond.

Mr Sewell said Apple had done a lot to help with that investigation, but without creating the kind of tool demanded by the FBI in the San Bernardino case, it would be unable to assist further.

Making a smarter FBI
But maybe someone else could?
Republican Congressman Darrell Issa - a favourite among tech enthusiasts thanks to his opposition to several bills considered to be anti-internet - gave Mr Comey a hard time over the process leading up to asking for Apple's help.

Mr Issa said the FBI had not explored all the options for accessing the data and circumventing Apple's security.

He said the FBI should be investing in bringing in people with that expertise, not relying on companies like Apple to do the work for them.
Point being - if the FBI could crack the phone itself, Apple's opposition would be irrelevant.

This call was backed up by the thoughts of Prof Landau, an independent cryptology expert who argued, with some force, that there was no way the FBI's request in San Bernardino could be carried out safely.

The so-called Islamic State has used encrypted app Telegram to announce attacks
She said that while Apple could no doubt keep the code required to crack Syed Farook's phone a secret, the real issue is what will happen when Apple is subjected to possibly hundreds of requests to do the same thing on other devices.

She said the surge of orders would mean Apple would need to create a faster process to handle the task, one that would by its nature be vulnerable to exploitation through interception, or perhaps a rogue employee.

Prof Landau insisted the only real course of action was for the FBI to invest heavily in becoming smarter - rather than compelling Apple to make its products less secure.

Because a weakened iPhone would have one critical side effect, she said. Criminals would simply use other, more secure methods to talk to each other - apps created by countries outside the US, offering encryption mechanisms even more secure than those offered by Apple currently.

Should that happen, the wishes of Congress matter not a jot.

"What you're saying," Congressman Jerrold Nadler asked Prof Landau, "is that we're debating something that's… undoable?
"That's right."

Ein News: 

« 8 in 10 IT Pros Believe Data Is Cloud Safer
Reduce Risk With Threat Intelligence »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

CopSonic

CopSonic

Copsonic provide a technology solution based on ultrasonic waves to send secure and encrypted data between two devices in order to achieve authentication.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

InterVision

InterVision

InterVision is a leading Strategic Services Provider, assisting businesses in driving value and gaining a competitive edge by helping IT Leaders solve the most crucial challenges they face.

AXELOS

AXELOS

AXELOS develops best practice frameworks and methodologies used globally by professionals working primarily in IT management and cyber resilience.

VLATACOM Institute

VLATACOM Institute

Vlatacom Institute is privately owned accredited research and development institute, system integrator and turn-key solution provider. Areas of expertise include encryption and authentication.

R3I Ventures - House of DeepTech

R3I Ventures - House of DeepTech

The House of DeepTech is an incubator for deeptech entrepreneurs that are transforming global industries. Areas of interest include cybersecurity.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

BIRD Cyber

BIRD Cyber

BIRD Cyber is a program to promote collaboration on cybersecurity and emerging technologies aimed at enhancing the cyber resilience of critical infrastructure.

Marlink

Marlink

Marlink smartly integrates hybrid, future-ready network solutions so you can benefit from the best available connectivity and IT to accelerate your digitalisation and empower your remote operations.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.

Cassini

Cassini

Cassini Cyber Threat Intelligence (CTI) helps protect your organisation from cyber attacks using threat intelligence from trusted New Zealand agencies.