Apple, FBI to face off in Congress over locked iPhone
The dispute between Apple and the FBI over unlocking the San Bernardino gunman's iPhone heads to Capitol Hill on Tuesday.
FBI Director James Comey and Apple senior vice president and general counsel Bruce Sewell are both scheduled to testify at a House Judiciary Committee hearing on encryption technology and the balance between security and privacy. New York District Attorney Cyrus Vance, Jr., whose office is seeking access to iPhones in criminal cases, will also testify at the hearing.
Apple is fighting a court order requiring it to help the FBI hack into a locked iPhone belonging to San Bernardino attacker Syed Farook. The Department of Justice wants Apple to create software to help it bypass a security feature that would wipe out data on the phone after ten wrong password attempts. While the government claims the request is limited to this individual case, Apple argues it would set a "dangerous" precedent.
"This is not a case about one isolated iPhone," Apple argued in a 65-page court filing last week. It said that creating "back door" access to the iPhone in question would make all of its customers' "most confidential and personal information vulnerable to hackers, identity thieves, hostile foreign agents, and unwarranted government surveillance."
In a prepared opening statement for the hearing, released by the House Judiciary Committee on Monday, Apple's top lawyer argues: "As we have told [the FBI] -- and as we have told the American public -- building that software tool would not affect just one iPhone. It would weaken the security for all of them."
The complete text of Sewell's opening statement reads:
Thank you, Mr. Chairman. It's my pleasure to appear before you and the Committee today on behalf of Apple. We appreciate your invitation and the opportunity to be part of the discussion on this important issue which centers on the civil liberties at the foundation of our country.
I want to repeat something we have said since the beginning -- that the victims and families of the San Bernardino attacks have our deepest sympathies and we strongly agree that justice should be served. Apple has no sympathy for terrorists.
We have the utmost respect for law enforcement and share their goal of creating a safer world. We have a team of dedicated professionals that are on call 24 hours a day, seven days a week, 365 days a year to assist law enforcement. When the FBI came to us in the immediate aftermath of the San Bernardino attacks, we gave all the information we had related to their investigation. And we went beyond that by making Apple engineers available to advise them on a number of additional investigative options.
But we now find ourselves at the center of an extraordinary circumstance. The FBI has asked a Court to order us to give them something we don't have. To create an operating system that does not exist -- because it would be too dangerous. They are asking for a backdoor into the iPhone -- specifically to build a software tool that can break the encryption system which protects personal information on every iPhone.
As we have told them -- and as we have told the American public -- building that software tool would not affect just one iPhone. It would weaken the security for all of them. In fact, just last week Director Comey agreed that the FBI would likely use this precedent in other cases involving other phones. District Attorney Vance has also said he would absolutely plan to use this on over 175 phones. We can all agree this is not about access to just one iPhone.
The FBI is asking Apple to weaken the security of our products. Hackers and cyber criminals could use this to wreak havoc on our privacy and personal safety. It would set a dangerous precedent for government intrusion on the privacy and safety of its citizens.
Hundreds of millions of law-abiding people trust Apple's products with the most intimate details of their daily lives - photos, private conversations, health data, financial accounts, and information about the user's location as well as the location of their friends and families. Some of you might have an iPhone in your pocket right now, and if you think about it, there's probably more information stored on that iPhone than a thief could steal by breaking into your house. The only way we know to protect that data is through strong encryption.
Every day, over a trillion transactions occur safely over the Internet as a result of encrypted communications. These range from online banking and credit card transactions to the exchange of healthcare records, ideas that will change the world for the better, and communications between loved ones. The US government has spent tens of millions of dollars through the Open Technology Fund and other US government programs to fund strong encryption. The Review Group on Intelligence and Communications Technology, convened by President Obama, urged the US government to fully support and not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software.
Encryption is a good thing, a necessary thing. We have been using it in our products for over a decade. As attacks on our customers' data become increasingly sophisticated, the tools we use to defend against them must get stronger too. Weakening encryption will only hurt consumers and other well-meaning users who rely on companies like Apple to protect their personal information.
Today's hearing is titled Balancing Americans' Security and Privacy. We believe we can, and we must, have both. Protecting our data with encryption and other methods preserves our privacy and it keeps people safe.
The American people deserve an honest conversation around the important questions stemming from the FBI's current demand:
Do we want to put a limit on the technology that protects our data, and therefore our privacy and our safety, in the face of increasingly sophisticated cyber attacks? Should the FBI be allowed to stop Apple, or any company, from offering the American people the safest and most secure product it can make?
Should the FBI have the right to compel a company to produce a product it doesn't already make, to the FBI's exact specifications and for the FBI's use?
We believe that each of these questions deserves a healthy discussion, and any decision should be made after a thoughtful and honest consideration of the facts.
Most importantly, the decisions should be made by you and your colleagues as representatives of the people, rather than through a warrant request based on a 220 year- old-statute.
At Apple, we are ready to have this conversation. The feedback and support we're hearing indicate to us that the American people are ready, too.
We feel strongly that our customers, their families, their friends and their neighbors will be better protected from thieves and terrorists if we can offer the very best protections for their data. And at the same time, the freedoms and liberties we all cherish will be more secure.
Thank you for your time. I look forward to answering your questions.
The Justice Department, in a strongly-worded court motion filed February 19, disputed Apple's characterization.
"The order does not, as Apple's public statement alleges, require Apple to create or provide a 'back door' to every iPhone; it does not provide 'hackers and criminals' access to iPhones; it does not require Apple to 'hack [its] own users" or to 'decrypt' its phones; it does not give the government 'the power to reach into anyone's device' without a warrant or court authorization; and it does not compromise the security of personal information," government lawyers argued.
Prosecutors said Apple's refusal to comply "appears to be based on its concern for its business model and brand marketing strategy."
In FBI Director Comey's opening statement, released Tuesday in advance of the hearing, he acknowledges the importance of strong encryption to the tech industry and consumers:
It is important for our global economy and our national security to have strong encryption standards. The development and robust adoption of strong encryption is a key tool to secure commerce and trade, safeguard private information, promote free expression and association, and strengthen cyber security.
We are on the frontlines of the fight against cyber crime, and we know first-hand the damage that can be caused by those who exploit vulnerable and insecure systems. We support and encourage the use of secure networks to prevent cyber threats to our critical national infrastructure, our intellectual property, and our data so as to promote our overall safety.
American citizens care deeply about privacy, and rightly so. Many companies have been responding to a market demand for products and services that protect the privacy and security of their customers. This has generated positive innovation that has been crucial to the digital economy. We, too, care about these important principles. Indeed, it is our obligation to uphold civil liberties, including the right to privacy.
However, he continues:
The benefits of our increasingly digital lives ... have been accompanied by new dangers, and we have been forced to consider how criminals and terrorists might use advances in technology to their advantage. For example, malicious actors can take advantage of the Internet to covertly plot violent robberies, murders, and kidnappings; sex offenders can establish virtual communities to buy, sell, and encourage the creation of new depictions of horrific sexual abuse of children; and individuals, organized criminal networks, and nation-states can exploit weaknesses in our cyber-defenses to steal our sensitive, personal information. Investigating and prosecuting these offenders is a core responsibility and priority of the Department of Justice. As national security and criminal threats continue to evolve, the Department has worked hard to stay ahead of changing threats and changing technology.
We must ensure both the fundamental right of people to engage in private communications as well as the protection of the public. One of the bedrock principles upon which we rely to guide us is the principle of judicial authorization: that if an independent judge finds reason to believe that certain private communications contain evidence of a crime, then the Government can conduct a limited search for that evidence. For example, by having a neutral arbiter -- the judge -- evaluate whether the Government's evidence satisfies the appropriate standard, we have been able to protect the public and safeguard citizens' Constitutional rights. ...
When changes in technology hinder law enforcement's ability to exercise investigative tools and follow critical leads, we may not be able to root out the child predators hiding in the shadows of the Internet, or find and arrest violent criminals who are targeting our neighborhoods. We may not be able to identify and stop terrorists who are using social media to recruit, plan, and execute an attack in our country. We may not be able to recover critical information from a device that belongs to a victim who cannot provide us with the password, especially when time is of the essence. These are not just theoretical concerns.
Both sides will have their say and face questions from lawmakers in the House Judiciary Committee hearing, scheduled to begin at 1 p.m. Eastern time on Tuesday.