The highly publicized case pitting Apple against the Federal Bureau of Investigation underwent heavy scrutiny by a House panel full of privacy advocates on Tuesday. Their comments foreshadow how the encryption fight will look if it comes to Congress, as it likely will.
Many House Judiciary Committee members expressed grave concern at the FBI’s request for Apple to help investigators bypass the security systems on an iPhone belonging to one of the San Bernardino shooters.
“It may be that the alternative is a world where nothing is private,” said Rep. Zoe Lofgren (D-Calif.), who represents Silicon Valley. She was referring to FBI Director James Comey’s opening statement harkening to a future in which encryption makes everything private.
Lofgren outlined the privacy fears that have propelled the case to its high-profile status. “Once you have holes in encryption, the rule is — it’s not a question of if, but when, those holes will be exploited. And everything that you thought was protected will be revealed,” she said.
The case has sparked widespread attention because representatives of the privacy and tech communities worry that if Apple helps the FBI open the phone, it would weaken the security of all iPhones.
There is also skepticism about the FBI using the courts to go after Apple when neither President Obama nor Congress has enforced encryption mandates to date. Why can’t the FBI get into the phone on its own?
“The FBI is a premier law enforcement organization, with laboratories that are second to none in the world,” said Rep. Darrell Issa (R-Calif.), formerly the chairman of the Consumer Technology Association. “Are you testifying today that you and/or contractors that you employ could not achieve this without demanding an unwilling partner do it?”
Issa showed off his background in the tech industry — he founded the car alarm company Viper — by rattling off the details of the security system of the iPhone 5c (the type of phone the FBI says it needs access to). Issa said that by a process known as “mirroring,” the FBI could have made infinite numbers of copies of the phone and then launched as many open attempts on those cloned phones as needed, without any court order.
“I came out of the security business, and this befuddles me that you haven’t looked at the source code,” Issa pressed. “And you don’t really understand the disc drive to at least answer my dumb questions, if you will.”
Rep. Jason Chaffetz (R-Utah), who is also chairman of the House Oversight Committee, saw a different dynamic at work — government against private citizen. “When historically, with all the resources and assets of the federal government … has it been the function of government to compel or force a private citizen or a company to act as an agent of the government to do what the government couldn’t do?”
Comey responded that it’s happened many times, but Chaffetz was similarly skeptical that the bureau really needs the help of a private company such as Apple. He said the government already has access to metadata, which gives information on the location of individuals as well as who called them when.
Any bills to mandate companies to give up encrypted communications are certain to catch snags from lawmakers, especially in the House Judiciary Committee. But there are also members on board with the idea. Law enforcement and intelligence representatives say national security trumps all else. The phone in question could have ties to other terrorists, and the contents of the messages could also help give context on how terrorists in the U.S. operate.
The specifics of the gruesome killing late last year, the fact that the phone in question was owned by the local government, and the fact that its user is now dead (and a terrorist) all played into arguments from security hawks on the committee.
“I have colleagues and others who are advocating for these evidence-free zones. There are just going to be compartments of life where you are precluded from going to find evidence of anything,” Rep. Trey Gowdy (R-S.C.) warned.
The coalition of lawmakers supporting strong encryption has tended to be bipartisan, but so is the faction urging for members to remember national security interests.
For example, Rep. Hank Johnson (D-Ga.) said the laws should be updated to allow law enforcement access to needed evience. “It’s ridiculous that anyone would think that we would not be able to take our present circumstances and shape current law to appreciate the niceties of today’s practical realities.”
That testy debate is destined to come to Congress, as both Judiciary Chairman Bob Goodlatte (R-Va.) and John Conyers (D-Mich.) said at the hearing. How would Apple react? What would the tech giant want from it? That was what self-identified privacy hawk Rep. Jim Sensenbrenner (R-Wis.) wanted to know.
Without input, he said “I don’t think you’re going to like what comes out of Congress.”
“You’ve told us what you don’t like. You’ve said Congress ought to debate and pass legislation. You haven’t told us about one thing that you do like,” Sensenbrenner added.
“What we’re asking for is a debate on this,” Apple’s General Counsel Bruce Sewell answered. “I don’t have a solution for it. We think the problem here is we need to get the right stakeholders in the room.”
Sewell’s comments are closest to a proposal now in Congress to create a commission that would sort out the issue. House Homeland Security Chairman Rep. Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.) on Monday introduced legislation to do that, but intelligence chiefs think it’s too weak.
Senate Intelligence Committee leaders Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) are pressing forward on plans to help law enforcement get private companies to provide workarounds to encrypted system. The tech community, many of them with strong representation on the Judiciary Committee, is opposed.