Congress Seems Pretty Angry About The FBI's Belief That The Courts Can Force Apple To Help It Get Into iPhones
from the good-for-them dept
Congressional hearings involving law enforcement and intelligence folks tend to be fawning affairs, with most of Congress willing to accept whatever these guys have to say. Sure, you'll always have a few people critical of certain aspects, but generally speaking, Congress is especially friendly to the FBI, NSA, CIA, etc. So it must have come as a bit of a shock to FBI Director James Comey that during a long House Judiciary Committee hearing yesterday, they seemed pretty pissed off at Comey's belief that the courts should force Apple to help him open up encrypted iPhones.One judiciary member questioned how the FBI managed to mess up so badly during the San Bernardino investigation and reset the shooter’s password, which is what kicked this whole controversy and court case in motion in the first place. And if the case was such an emergency, why did they wait 50 days to go to court? Another member questioned what happens when China inevitably asks for the same extraordinary powers the FBI is demanding now. Others questioned whether the FBI had really used all the resources available to break into the phone without Apple’s help. For example, why hasn’t the FBI attempted to get the NSA’s help to get into the phone, since hacking is their job?In some cases, they directly called out Comey for appearing to use the San Bernardino tragedy for political purposes:
[....]
More than anything, though, the members of Congress expressed anger that the FBI director didn’t follow through earlier on his stated intention to engage in a debate in Congress and the public about the proper role for encryption in society. Instead, he decided to circumvent that debate altogether and quietly go to court to get a judge to do what the legislative branch has so far refused to do.
“I would be deeply disappointed if it turns out the government is found to be exploiting a national tragedy to pursue a change in the law,” Rep. John Conyers (D-MI) told Comey.To be fair, contrary to what some articles are saying, this is not the first time Congress has been skeptical about the FBI's view on the encryption wars. A little less than a year ago, a hearing set up by a different committee, the House Oversight Committee included some similar points with Congressional reps being quite skeptical of the claims by law enforcement about the need for encryption backdoors. However, the drumbeat from Congress appears to be getting louder -- and that's a good thing.
[....]
“But what concerns me, Mr. Chairman, is that in the middle of an ongoing Congressional debate on this subject, the Federal Bureau of Investigation would ask a federal magistrate to give them the special access to secure products that this committee, this Congress, and the administration have so far refused to provide,” he said. “Why has the government taken this step and forced this issue?”
He went on to speculate that the reason could be found in an email from “a senior lawyer in the intelligence community,” obtained and published in part by the Washington Post in September 2015. The email said that the “the legislative environment [with respect to mandating backdoors] is very hostile today,” but that “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”
“I’m deeply concerned by this cynical mindset,” said Conyers, implying that the Department of Justice and the FBI might be exploiting the San Bernardino attacks in order to mandate backdoors.
Of course, some of the annoyance from Congress appears to just be about who gets to decide what happens here. That is, some of the anger seemed to be over the DOJ's decision to rush to the judicial branch, rather than let the legislative branch figure out what it wants to do. However, there's definitely a clear (and, amazingly, bipartisan) group of folks in Congress who recognize that the FBI's arguments about how it "needs" this information is a bunch of hogwash.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: all writs act, congress, doj, encryption, house judiciary committee, james comey, john conyers, mobile phones
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
"If we'd wanted it done that way, WE would have done it."
For a group used to being able to pass laws that affect the entire country, being ignored like that has got to sting.
[ link to this | view in thread ]
How a two step became a three step and then a no step.
Step two, executive co-opts the legislative. Example above.
Step three, whatever they want cause there is no one stopping them.
No step guessing game, which future chief executive will proclaim elections are a waste of time and money and appoint their-self as the first 'for life' chief executive in the US. Or is that the world?
[ link to this | view in thread ]
Uh oh! Time for the incriminating evidence to come out!
I bet some "friendly" "reminders" of what dossiers at FBI HQ contain will be made to certain key Reps and Senators in the next week. It's in the Grand FBI Tradition, after all.
[ link to this | view in thread ]
Just like we did on September 11th?
Yeah it would be a shame if we used something that terrorized the nation into giving up rights and freedoms in ways that we still don't even understand. Amazing how the Patriot Act was ready to go and just had to be appropriately named to get the support of congress to pass the wholesale destruction of rights and freedoms into law.
[ link to this | view in thread ]
Big takeaway from watching the hearing
I do not believe Director Comey's assertions, however, it's difficult to say whether Director Comey was intentionally misstating material facts under oath.
[ link to this | view in thread ]
So why don't they go after the iCloud backups?
Wasn't the idea to get the phone to auto backup when it connected to a recognised WiFi (work or home), until someone reset the password? Pick one of those, put a patch in place to always allow the phone to connect from that IP - phone does it's backup, job done.
That's got to be easier than back dooring the phone, simple to roll back, no-one else's security gets affected. Everyone is happy right?
[ link to this | view in thread ]
"normal" changes during election years
It's not bi-partisan so much as election year politics. It appears most of Congress's constituents are on Apple's side here, so they have to look ticked off, or they risk alienating voters.
Give it until December, and we'll be back to politics as usual.
[ link to this | view in thread ]
Re: Big takeaway from watching the hearing
Of course I don't believe for a second that they've even tried to given how valuable this phone is when it comes to setting the precedent that they so dearly want, so I'd say his statement was likely the 'least untruthful answer' he could think of at the time.
[ link to this | view in thread ]
Re: Big takeaway from watching the hearing
the "under oath" part is only relevant when there are meaningful penalties for getting caught lying.
[ link to this | view in thread ]
Re: Re: Big takeaway from watching the hearing
Does anyone really believe the phone wasn't immediately handed off to a capable team?
[ link to this | view in thread ]
The critters need to get out more.
[ link to this | view in thread ]
Re: "normal" changes during election years
Unlike presidents, there's a congressional election held every 2 years, so that 1/2 are staggered to the off times.
[ link to this | view in thread ]
Re:
'Another government might have forced [Company X] to undermine their own security so that government has access so it's okay if we do the same' is not a valid argument. That's replacing a possibility with a dead certainty.
[ link to this | view in thread ]
Re: So why don't they go after the iCloud backups?
[ link to this | view in thread ]
Re: Big takeaway from watching the hearing
[ link to this | view in thread ]
Earlier hearings [was Re: Re: Big takeaway from watching the hearing]
I've wondered about the whole Ashcroft hospital bed visit story. How much was real and how much was PR story-telling?
Transcript of May 15, 2007 Senate Judiciary Committee Hearing:
[ link to this | view in thread ]
Re: Re: Re: Big takeaway from watching the hearing
[ link to this | view in thread ]
Re: Re: Big takeaway from watching the hearing
[ link to this | view in thread ]
liar, liar
[ link to this | view in thread ]
You're infringing on *OUR* right to shake down Apple
[ link to this | view in thread ]
that's nothing like true. they can fuck up our freedom and give away our security like nothing you ever saw.
there are a few things these people are extremely good at.
[ link to this | view in thread ]
Re: Re:
We already know that Apple's entire encryption scheme hinges on generally weak pincodes that drive the system. I am not sure that having a patch which can only be applied by Apple would be as big a deal as all that.
[ link to this | view in thread ]
Re: liar, liar
Same basic bag job as the SEC did in 2007 - 2008. Appoint a moron, rob the joint blind, then feign outrage as you point at the scapegoat.
[ link to this | view in thread ]
Re: Re: Re:
Still, the chances that I'd put my trust in an iPhone right now fade between zero and zero.
[ link to this | view in thread ]
Handing the phone to a capable team.
In the 60s, the various alphabet agencies did not get along very well. Allegedly the DHS was supposed to be the diplomatic go-between to facilitate putting top men on cracking the phone.
There are white-pages suggesting that the phone's TPM is penetrable by a determined party.
But no, this situation is strongly indicative Comey and others (plenty of commenters on this site) wanted this incident to be used to force the issue of mandated backdoors in civilian technology.
Evidently the few cubic centimetres inside your skull is too much privacy for some people.
[ link to this | view in thread ]
Re: Re: Re:
(And before you say that they're not doing that this time, there's really no effective difference between decryption and removing the only thing preventing decryption. It's the difference between forcing someone to translate something they wrote in code directly versus forcing them to hand over the cipher they used and using that to decrypt the message yourself.)
Other than that there's also the fact that there is no possible way the code/patch/whatever would remain secure, and would get out, posing a very real risk to any number of other devices?
(And if your response is to claim that the code is worthless without something only Apple can provide, great, now how secure to you think that is?)
Other than the idea that once it's legally acceptable to force a company to defeat their own security the idea of a 'golden key' will have effectively been introduced without a single law being passed?
That once that becomes legally acceptable you can be sure that any company attempting to move towards encryption that they cannot break will be vilified as 'attempting to avoid their lawful obligations'(and don't think that's hyperbole, that's pretty much exactly what the response was towards Apple/Google's move towards encryption-by-default).
Other than those problems and several I'm sure I'm missing? Can't think of a single reason why people would have a problem with it.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
If that was truly the case, then the FBI should've already gained access, no?
This has already been explained to you.
Many times.
Yet you're still repeating the same. fucking. statement.
And you're still wrong.
Idiot.
[ link to this | view in thread ]
Related: CDCal ACLU amicus brief
ACLU Amicus Brief Supporting Apple's Opposition to Order to Help FBI Unlock iPhone (Mar 2, 2016)
Hearing date: Mar 22, 2016
Judge: Sheri Pym
I just caught the news about this from Reuters. I haven't read the brief yet.
[ link to this | view in thread ]
Re: Re: Re: Re:
Whether FBI, and Director Comey have been read into that access?
I suspect that the fact of access has leaked, and that's causing concern. Once the bare existence of an access method is disclosed, then people naturally wonder, ‘Well, exactly how did the government obtain access?’
[ link to this | view in thread ]
Re: Uh oh! Time for the incriminating evidence to come out!
The FBI has made enough off-color statements over the past few years that a few well placed articles could easily ruin a career or two, and possibly (though unlikely) even end in jail time.
The run-up to the elections (especially these ones) isn't a time for the FBI to pull something like this. Everyone in Congress and the Senate knows that they'll get election points for protecting the little guy's phone and sticking it to the FBI.
[ link to this | view in thread ]
Re: Just like we did on September 11th?
[ link to this | view in thread ]
Re: Re: Re: Big takeaway from watching the hearing
We're talking about an agency that routinely spends significant amounts of time and resources creating fake terrorist plots that it can then "thwart", rather than investing them identifying more potentially dangerous threats. The truth of the matter, when you look at the totality of their actions and not their words, is that they aren't really as concerned about the security of the general population as they are keeping them in fear.
[ link to this | view in thread ]
Re: Re: Re: Re: Big takeaway from watching the hearing
I didn't pay nearly as much attention to San Bernardino as I did in Boston. Especially as much as when Boston local news told people to “shelter-in-place”… and it began to look like occupied territory…
In the San Bernardino incident, when did resources begin flooding into the area? Before the early morning of December 3rd? (IIUC, the search warrant for the “Black Lexus IS300 California license plate #5KGD203” was issued at 2:27am on Dec 3, 2015. The “Apple make: iPhone 5C Model: A1532, P/N MGFG2LL/A, S/N FFMNQ3MTG2DJ” was seized from the Lexus.)
When did the massive response begin?
[ link to this | view in thread ]
Re: Re: Re: Re:
The pincodes are weak (6 digits is weak, sorry!). The only thing stopping them is the 10 strikes supervisor code that would lock them out.
My point is always the same: Apple has pushed hard the idea of their amazing encryption, how the secure chip thing makes it impossible (or just about) for anyone to access your data. Well, it's only true if they are taking the data and trying to decrypt it without the phone. With the phone in hand, it's only that tiny pincode that generally keeps you out.
Understanding that makes it easier for you to understand that they FBI isn't asking for the encryption to be broken or backdoored - only asking for the ability to try all the possible pincodes to access the phone and thus the data.
Otherwise, the judge would have just ordered apple to decrypt the file. That isn't what the order says, is it?
[ link to this | view in thread ]
Such Bullshit
Meanwhile the continued abuse of State Surveillance continues unabated!
[ link to this | view in thread ]
Re: Re: Re: Re:
Apple will not be decrypting anything. Red Herring. The security mods are related to a pincode, and not directly decrypting any files.
"Other than the idea that once it's legally acceptable to force a company to defeat their own security the idea of a 'golden key' will have effectively been introduced without a single law being passed? "
Except really there is no golden key. There is no magic "push this button and decode the content". Everyone goes on and on about encryption and such, not at all discussing that really want we are talking about here is only a pincode and a system that stops you after 10 tries. None of this is about the encryption chip or creating a backdoor or golden key.
Put another way: If you gave the requested modification to your average phone thief, it would still take them an eternity to try all the pincodes. Yes, someone with the right setup could probably brute force the phone in a few days, but most street corner hoods and fences would be stymied even with the "hack" on the phone. A golden key would be just that, click and it's open and unlocked and decoded. That just isn't the case here.
[ link to this | view in thread ]
Asking the wrong questions, again!
Also, why do they feel that Apple needs to become a slave of theirs to fix their incompetence when it happens?
Don't these guys even have cell phones themselves? Or are those shoe phones not working any more?
No wonder they think their own plots up-otherwise they'd be doing nothing but playing cards all day instead of real work.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
How long does it take for a new DRM scheme to be broken out in the wild? this is a key to creating something even more dangerous.
This is More of a digital WMD, and it will start an avalanche of disaster.
This will not just affect Apple but all smart phones and privacy in General.Stolen medical records, stolen finances.
This could trigger a digital apocalypse never seen before!
[ link to this | view in thread ]
Their Job
It really shows how dangerous this Comey is. He's attempting to set policy, a power he hasn't been granted nor is entitled to.
Congress needs to keep the FBI on a tight leash, especially while Comey heads the agency. He has no respect for the law. He has no respect for our system of government. He has no respect for democracy.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Uh oh! Time for the incriminating evidence to come out!
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
This isn't about a golden key though I believe that is the ultimate goal. This is about being able to conscript the services of a company against their will. Once Apple does it for the FBI Apple will eventually be forced to do it for the police. Apple will be forced to do it for the IRS. Law enforcement in every country where Apple sells phones will want Apple's assistance. Other countries can't force them but they can ban the importation of Apple products.
Comey's lack of integrity undermines the integrity of the FBI. Trying to impose his agenda by sidestepping the legislative process and manipulating the legal system shows complete contempt for the law and the people he is supposed to be serving.
He is a narcissist that's oblivious to the consequences of his actions and the impact of his personal crusade. He doesn't care about the potential economic consequences of the FUD he's generating about US technology companies. He's even oblivious to the fact that he's hurting his own case.
Last week congressmen and political candidates supported forcing Apple to comply. But Comey doesn't give up. He keeps pushing. He says one thing and does something else. A week later support for the very thing he wants begins to wane.
[ link to this | view in thread ]
Every keeps up this illusion that they 'messed up', the Digital Forensic's guys I know from the FBI etc are NOT that dumb.
Though there puppet masters Might be that sneaky and tactical to create a mess so that they can then confront Apple..
But hey, I'm cynical.. what do I know
[ link to this | view in thread ]
Re: Does China already have a backdoor?
Re: Does China have a backdoor? I believe so. We know for example that Cisco is accused of helping to design China's Golden Shield system, "with full knowledge that it was to be used for the suppression of the Falun Gong religion." (link below) With that in mind & knowing how China allows it own citizens to be mistreated by foreign corporations all in the name of money, I cannot believe that China would allow a corporation to exist in its country without the ability to access whatever it deemed important. With Apple's history of mistreatment of foreign workers being well documented, how much pressure would it take to ensure that a backdoor existed? read the "Two Faces of Apple"..(links below)
I can only hope that Tim Cook's stand here bodes well for the future of those workers mental & physical health. I would love to see the same passion from Tim Cook focused on protecting those workers in foreign countries.
https://www.techdirt.com/articles/20160113/06091133328/eff-wants-cisco-held-responsible-helping-chin a-track-torture-falun-gong-members.shtml
http://www.theguardian.com/technology/2011/apr/30/apple-chin ese-workers-treated-inhumanely
See footnotes for more links http://www.carnegiecouncil.org/publications/ethics_online/0068.html
.."the company has acknowledged violations to its supplier code of conduct related to issues such as wages, underage labor and working conditions in its 2012 annual supplier report" http://www.pcworld.com/article/256590/apple_foxconn_slammed_by_sacom_on_worker_abuse_in_china.html
[ link to this | view in thread ]
[ link to this | view in thread ]
Cynical I am
Re: G Thompson, I agree, they are not dumb. "And if the case was such an emergency, why did they wait 50 days to go to court?" They needed time to determine how best to get what they wanted. "He went on to speculate that the reason could be found in an email from “a senior lawyer in the intelligence community,” obtained and published in part by the Washington Post in September 2015. The email said that the “the legislative environment [with respect to mandating backdoors] is very hostile today,” but that “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
I am shocked, shocked I say, that you appear to have completely ignored the part of my comment addressing that concern. I mean I can totally understand how, given it was immediately below the comment you replied to and in parentheses no less, which makes text near impossible to read, but still.
The DOJ/FBI, via the courts, is demanding that Apple create custom code for the specific purpose of bypassing security measures such that the DOJ/FBI can gain access to the contents of the device. The difference between that and forcing a company to decrypt a device is nothing more than terminology, in both cases the underlying action, granting access to the content by disabling the security protecting it is the same.
Except really there is no golden key. There is no magic "push this button and decode the content".
Yes, there is, it's called 'You have been ordered to remove the security protecting the contents of this device, failure to do so will find you in contempt of court'.
That it can't be done immediately in this case is irrelevant, the precedent will have been set that companies can be forced to bypass their own encryption, and as I noted above you can be sure that any move towards encryption that they cannot defeat will be slammed as an attempt to make impossible their legal obligations, meaning that they will not be allowed to implement encryption or security features that doesn't have a glaring vulnerability built-in.
Put another way: If you gave the requested modification to your average phone thief, it would still take them an eternity to try all the pincodes. Yes, someone with the right setup could probably brute force the phone in a few days, but most street corner hoods and fences would be stymied even with the "hack" on the phone.
At the moment there's limited use for a device that tries pin-codes automatically and at high speeds, because any decently secured device has at the very least a delay between tries. Introduce code that can remove that delay and suddenly phone thieves and/or people interested in the contents of stolen phones have a very real interest in developing or acquiring a device that can do that, and at that point it's not 'will' they get it, but 'when'.
[ link to this | view in thread ]
Re: "If we'd wanted it done that way, WE would have done it."
So basically, the FBI has asked a judge to order Apple to comply anyway, despite the law being very clear on the matter using an old law that would have to be struck down as unconstitutional if the FBI gets what it wants.
Talk about burning bridges.
[ link to this | view in thread ]