Apple’s top attorney said complying with the FBI’s request to break into an iPhone will make everyone less safe — and will embolden the terrorists.
Apple’s General Counsel Bruce Sewell told lawmakers that Apple is in an arms race with cybercriminals, hackers and terrorists. He said the company wants to ensure that its customers’ information can’t be hacked.
Sewell said that by helping the FBI break into San Bernardino shooter Syed Farook’s iPhone, Apple would create a backdoor that could be exploited by hackers. Yet he noted that terrorists commonly use Telegram, an encrypted messaging system that law enforcement can’t spy on.
“It will weaken our safety and security, but it will not affect the terrorists,” Sewell said in testimony before the House Judiciary Committee hearing Tuesday.
The FBI’s director said that the whole debate about backdoors on the iPhone is misplaced.
FBI Director James Comey testified that Farook’s iPhone 5C already had a built-in vulnerability that investigators are trying to exploit. But they’re hoping to get Apple’s help.
“There’s already a door on that phone,” Comey said. “We’re asking Apple to take the guard dog away and let us pick the lock.”
The “door” Comey referenced is Farook’s passcode. The guard dog is a setting on the iPhone that erases all the phone’s data when 10 wrong passcodes are entered.
The FBI has asked Apple to create a software program to bypass the lock-out mechanism and allow it to guess as many passcodes as it wants. Apple has cited the First Amendment in its argument that the government cannot force it to write software it doesn’t want to.
The courts have agreed that “code is speech; we’re being told to speak by the government,” Sewell said. “This is speech that Apple does not want to make”
Apple believes that building such software would constitute a backdoor, potentially allowing anyone to reuse that code and break into other iPhones. And it opens the door for other entities and governments to demand access.
“If we are ordered to do this, it will be a hot minute before we get these requests from other places,” Sewell said, adding that America is the only country that has demanded Apple help bypass the encryption.
But Comey insists that there are no broad implications of the FBI’s request. It is simply trying to get into this one particular iPhone.
He acknowledged that it’s conceivable that the unlocking software could get into the wrong hands. But he said the FBI believes that hypothetical scenario to be an unreasonable argument against Apple’s cooperation.
“What if Apple engineers get kidnapped?” Comey asked rhetorically.
Cybersecurity professor Susan Landau testified that she disagreed with Comey’s premise. She said if Apple is constantly being forced to bypass locks, lapses in security will inevitably take place
Manhattan District Attorney Cyrus Vance testified that iPhone encryption “cripples even the most basic steps of a criminal investigation,” and it also prevents law enforcement from exonerating innocent people suspected of crimes.
Though Apple has chosen to fight the FBI in a very high-profile case of terrorism, Vance noted that state and local officials handle 95% of all criminal prosecutions in the United States. They deal with all sorts of criminals.
For example, Vance said his office has been frustrated in prosecuting three attempted murder suspects, people accused of sexually abusing a child, child pornographers, people charged with assault, robbers, and identity thieves among others.
Since Apple began encrypting iPhones by default in September 2014, Vance said his office has been locked out of 205 iPhones, or one quarter of the Apple devices that his office’s Cyber Lab obtained from suspects. In each of those cases, his office had a valid search warrant to obtain the information on the suspects’ phones.
Sewell argues the encryption is essential to keep customers’ information safe from increasingly sophisticated hackers.
He used a metaphor to explain, saying if there was a box that Apple could store keys to the iPhone (passcodes) in that the company was absolutely sure could never been broken into, it would.
“But we can’t guarantee that. It doesn’t exist,” Sewell said.
All who testified agreed that Congress needs to pass updated laws to clarify technology companies’ responsibility to turn over customers’ encrypted data. Though each welcomed a debate about the issue, none offered specific policy proposals during the hearing.