FBI: Using third-parties to break encryption is not the sole solution
WASHINGTON --The FBI is facing an increasing struggle to access readable information and evidence from digital devices because of default encryption, a senior FBI official told members of Congress at a hearing on digital encryption Tuesday.
Amy Hess said officials encountered passwords in 30 percent of the phones the FBI seized during investigations in the last six months, and investigators have had "no capability" to access information in about 13 percent of the cases.
"We have seen those numbers continue to increase, and clearly that presents us with a challenge," said Hess, the executive assistant director of the FBI branch that oversees the development of surveillance technologies.
In her testimony to a subcommittee of the House Energy and Commerce Committee, Hess defended the Justice Department's use of a still-unidentified third party to break into the locked iPhone used by one of the two San Bernardino, California, attackers. But she said the reliance on an outside entity represented just "one potential solution" and that there's no "one-size-fits-all" approach for recovering evidence. She said she did not think that path should be the sole solution.
"These solutions are very case-by-case specific," she said. "They may not work in all instances. They're very dependent upon the fragility of the systems, the vulnerabilities we might find," she said, adding that cooperation between the government, academia and private industry was needed to come up with more solutions.
Asked about the FBI's reliance on a third party to get into the phone, and its inability to access the device on its own, Hess said the work requires "a lot of highly skilled specialized resources that we may not have immediately available to us."
Representatives from local law enforcement agencies echoed Hess's concerns. Thomas Galati, chief of the intelligence bureau at the New York Police Department, said officials there have been unable to break open 67 Apple devices for use in 44 different investigations of violent crime - including 10 homicide cases.
Still, despite anxieties over "going dark," a February report from the Berkman Center for Internet and Society at Harvard University said the situation was not as dire as law enforcement had described and that investigators were not "headed to a future in which our ability to effectively surveil criminals and bad actors is impossible."
The hearing comes amid an ongoing dispute between law enforcement and Silicon Valley about how to balance consumer privacy against the need for police and federal agents to recover communications and eavesdrop on suspected terrorists and criminals. The Senate is considering a bill that would effectively prohibit unbreakable encryption and require companies to help the government access data on a computer or mobile device when a warrant is issued.
Bruce Sewell, Apple's general counsel, touted the importance of encryption particularly in light of devastating breaches of sensitive government information - including at the IRS and the Office of Personnel Management.
"The best way we, and the technology industry, know how to protect your information is through the use of strong encryption. Strong encryption is a good thing, a necessary thing. And the government agrees," Sewell testified.
In response to questions raised at the hearing, Sewell said that the Chinese government had asked Apple for its source code within the last two years - and that Apple declined.
The long-simmering clash escalated in February after a judge in California directed Apple to help the FBI break into the phone used by Syed Farook, who along with his wife killed 14 people on Dec. 2 before dying in a shootout with police. The Justice Department last month said a third party had approached it with a way into the phone, effectively ending that court case. Another legal fight over a phone in a separate drug case is still pending in Brooklyn.
In that pending case, the Department of Justice filed papers April 8 in New York federal court stating that it will move forward with its demand that Apple help in unlocking the iPhone 5s that belonged to an alleged drug dealer. The Justice Department stressed that the method the FBI used to unlock the iPhone 5c in the San Bernardino case would not work on this other phone.
In February, NYPD Deputy Commissioner of Intelligence and Counterterrorism John Miller told "CBS This Morning" that it was important that the FBI be able to access the cellphone data when needed, and he said Apple CEO Tim Cook's statements that moving beyond the phone's encryption software would set a dangerous precedent.
"If you figure out the formula and crack open this phone to the point that we can try codes against it, you can tear that formula up, toss it in the fireplace and throw it away," Miller said. "So unless he thinks one of his trusted engineers is going to run out and tell the hacking world about this secret, I think that's a false flag."
Miller went on to add that the NYPD has run into conflicts with Apple in the past, when the company initially declined to create a "kill switch" that could erase all data on stolen iPhones.
"They said it couldn't be done until it became bad PR and then they figure it out in five minutes," Miller added. "Apple is capable of what Apple is capable of. They'll decide to do it when they think is right."