Congress Seems Pretty Angry About The FBI's Belief That The Courts Can Force Apple To Help It Get Into iPhones
from the good-for-them dept
Congressional hearings involving law enforcement and intelligence folks tend to be fawning affairs, with most of Congress willing to accept whatever these guys have to say. Sure, you’ll always have a few people critical of certain aspects, but generally speaking, Congress is especially friendly to the FBI, NSA, CIA, etc. So it must have come as a bit of a shock to FBI Director James Comey that during a long House Judiciary Committee hearing yesterday, they seemed pretty pissed off at Comey’s belief that the courts should force Apple to help him open up encrypted iPhones.
One judiciary member questioned how the FBI managed to mess up so badly during the San Bernardino investigation and reset the shooter?s password, which is what kicked this whole controversy and court case in motion in the first place. And if the case was such an emergency, why did they wait 50 days to go to court? Another member questioned what happens when China inevitably asks for the same extraordinary powers the FBI is demanding now. Others questioned whether the FBI had really used all the resources available to break into the phone without Apple?s help. For example, why hasn?t the FBI attempted to get the NSA?s help to get into the phone, since hacking is their job?
[….]
More than anything, though, the members of Congress expressed anger that the FBI director didn?t follow through earlier on his stated intention to engage in a debate in Congress and the public about the proper role for encryption in society. Instead, he decided to circumvent that debate altogether and quietly go to court to get a judge to do what the legislative branch has so far refused to do.
In some cases, they directly called out Comey for appearing to use the San Bernardino tragedy for political purposes:
?I would be deeply disappointed if it turns out the government is found to be exploiting a national tragedy to pursue a change in the law,? Rep. John Conyers (D-MI) told Comey.
[….]
?But what concerns me, Mr. Chairman, is that in the middle of an ongoing Congressional debate on this subject, the Federal Bureau of Investigation would ask a federal magistrate to give them the special access to secure products that this committee, this Congress, and the administration have so far refused to provide,? he said. ?Why has the government taken this step and forced this issue??
He went on to speculate that the reason could be found in an email from ?a senior lawyer in the intelligence community,? obtained and published in part by the Washington Post in September 2015. The email said that the ?the legislative environment [with respect to mandating backdoors] is very hostile today,? but that ?it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.?
?I?m deeply concerned by this cynical mindset,? said Conyers, implying that the Department of Justice and the FBI might be exploiting the San Bernardino attacks in order to mandate backdoors.
To be fair, contrary to what some articles are saying, this is not the first time Congress has been skeptical about the FBI’s view on the encryption wars. A little less than a year ago, a hearing set up by a different committee, the House Oversight Committee included some similar points with Congressional reps being quite skeptical of the claims by law enforcement about the need for encryption backdoors. However, the drumbeat from Congress appears to be getting louder — and that’s a good thing.
Of course, some of the annoyance from Congress appears to just be about who gets to decide what happens here. That is, some of the anger seemed to be over the DOJ’s decision to rush to the judicial branch, rather than let the legislative branch figure out what it wants to do. However, there’s definitely a clear (and, amazingly, bipartisan) group of folks in Congress who recognize that the FBI’s arguments about how it “needs” this information is a bunch of hogwash.
Filed Under: all writs act, congress, doj, encryption, house judiciary committee, james comey, john conyers, mobile phones
Companies: apple
Comments on “Congress Seems Pretty Angry About The FBI's Belief That The Courts Can Force Apple To Help It Get Into iPhones”
"If we'd wanted it done that way, WE would have done it."
I imagine most of the annoyance and anger is related to how the DOJ/FBI is basically trying to side-step congress entirely on the issue, usurping congress’ authority on deciding the matter by going straight to the courts instead and leaving congress to just be good little lackeys and pass whatever law is needed to support what the courts decide on.
For a group used to being able to pass laws that affect the entire country, being ignored like that has got to sting.
Re: "If we'd wanted it done that way, WE would have done it."
In fact, Congress HAS spelled out how they want ‘it’ done. CALEA specifically forbids what the FBI is trying to force Apple to do, but the FBI has basically decided CALEA doesn’t apply because reasons (that they refuse to disclose).
So basically, the FBI has asked a judge to order Apple to comply anyway, despite the law being very clear on the matter using an old law that would have to be struck down as unconstitutional if the FBI gets what it wants.
Talk about burning bridges.
How a two step became a three step and then a no step.
Step one, executive co-opts the judicial. FISA courts anyone?
Step two, executive co-opts the legislative. Example above.
Step three, whatever they want cause there is no one stopping them.
No step guessing game, which future chief executive will proclaim elections are a waste of time and money and appoint their-self as the first ‘for life’ chief executive in the US. Or is that the world?
Uh oh! Time for the incriminating evidence to come out!
Holy Spirit of J Edgar Hoover! As LBJ used to say, never get caught sleeping with a live pig, or a dead woman. And especially don’t have pictures taken.
I bet some “friendly” “reminders” of what dossiers at FBI HQ contain will be made to certain key Reps and Senators in the next week. It’s in the Grand FBI Tradition, after all.
Re: Uh oh! Time for the incriminating evidence to come out!
The difference being that this time, it would be highly likely that Comey would end up with a few “friendly” “reminders” on his desk that Reps and Senators aren’t the only ones who can have their dirty laundry aired.
The FBI has made enough off-color statements over the past few years that a few well placed articles could easily ruin a career or two, and possibly (though unlikely) even end in jail time.
The run-up to the elections (especially these ones) isn’t a time for the FBI to pull something like this. Everyone in Congress and the Senate knows that they’ll get election points for protecting the little guy’s phone and sticking it to the FBI.
Re: Uh oh! Time for the incriminating evidence to come out!
Also, as David Cameron should have learned (allegedly), never get caught with your dick in a dead pigs mouth.
Just like we did on September 11th?
“I would be deeply disappointed if it turns out the government is found to be exploiting a national tragedy to pursue a change in the law,”
Yeah it would be a shame if we used something that terrorized the nation into giving up rights and freedoms in ways that we still don’t even understand. Amazing how the Patriot Act was ready to go and just had to be appropriately named to get the support of congress to pass the wholesale destruction of rights and freedoms into law.
Re: Just like we did on September 11th?
Conyers voted Nay. Maybe one of the few people with any credibility on the subject.
Big takeaway from watching the hearing
From watching the hearing personally (on C-SPAN 3), the biggest takeaways for me were Director Comey’s repeated assertions, under oath, that the government lacks the capability to brute-force the San Bernardino iPhone 5c without compelling Apple’s assistance.
I do not believe Director Comey’s assertions, however, it’s difficult to say whether Director Comey was intentionally misstating material facts under oath.
Re: Big takeaway from watching the hearing
In which case he should have immediately pointed out that they have enlisted the NSA in an attempt to get at the contents of the phone, and the NSA failed.
Of course I don’t believe for a second that they’ve even tried to given how valuable this phone is when it comes to setting the precedent that they so dearly want, so I’d say his statement was likely the ‘least untruthful answer’ he could think of at the time.
Re: Re: Big takeaway from watching the hearing
It was a high-profile domestic terrorism incident, and potential foreign linkages would have obvious national security consequences.
Does anyone really believe the phone wasn’t immediately handed off to a capable team?
Re: Re: Re: Big takeaway from watching the hearing
This is the FBI we are talking about here. The only thing they are CAPABLE of is foiling terrorist plots that they come up with themselves.
Re: Re: Re: Handing the phone to a capable team.
…is exactly what I would have expected the FBI to do at first opportunity.
In the 60s, the various alphabet agencies did not get along very well. Allegedly the DHS was supposed to be the diplomatic go-between to facilitate putting top men on cracking the phone.
There are white-pages suggesting that the phone’s TPM is penetrable by a determined party.
But no, this situation is strongly indicative Comey and others (plenty of commenters on this site) wanted this incident to be used to force the issue of mandated backdoors in civilian technology.
Evidently the few cubic centimetres inside your skull is too much privacy for some people.
Re: Re: Re: Big takeaway from watching the hearing
Yes.
We’re talking about an agency that routinely spends significant amounts of time and resources creating fake terrorist plots that it can then “thwart”, rather than investing them identifying more potentially dangerous threats. The truth of the matter, when you look at the totality of their actions and not their words, is that they aren’t really as concerned about the security of the general population as they are keeping them in fear.
Re: Re: Re:2 Big takeaway from watching the hearing
This wasn’t some deranged shmuck shooting up a post office in a bygone era.
I didn’t pay nearly as much attention to San Bernardino as I did in Boston. Especially as much as when Boston local news told people to “shelter-in-place”… and it began to look like occupied territory…
In the San Bernardino incident, when did resources begin flooding into the area? Before the early morning of December 3rd? (IIUC, the search warrant for the “Black Lexus IS300 California license plate #5KGD203” was issued at 2:27am on Dec 3, 2015. The “Apple make: iPhone 5C Model: A1532, P/N MGFG2LL/A, S/N FFMNQ3MTG2DJ” was seized from the Lexus.)
When did the massive response begin?
Re: Big takeaway from watching the hearing
the “under oath” part is only relevant when there are meaningful penalties for getting caught lying.
Re: Re: Earlier hearings [was Big takeaway from watching the hearing]
Remember how the Jessica Lynch incident turned out to be a lot of story-telling?
I’ve wondered about the whole Ashcroft hospital bed visit story. How much was real and how much was PR story-telling?
Transcript of May 15, 2007 Senate Judiciary Committee Hearing:
Re: Big takeaway from watching the hearing
Well, he’s “right”. They can’t “brute-force” the phone at this point. Of course, that means they can’t do that one thing. It says nothing at all about any other possibilities.
Re: Re: Big takeaway from watching the hearing
Once they’ve learned the contents of the phone, they can’t brute-force the pin?
So why don't they go after the iCloud backups?
Wouldn’t it be much easier to patch the iCloud authentication to always authenticate for that one account, from a single IP address?
Wasn’t the idea to get the phone to auto backup when it connected to a recognised WiFi (work or home), until someone reset the password? Pick one of those, put a patch in place to always allow the phone to connect from that IP – phone does it’s backup, job done.
That’s got to be easier than back dooring the phone, simple to roll back, no-one else’s security gets affected. Everyone is happy right?
Re: So why don't they go after the iCloud backups?
Because the iCloud authentication isn’t just a yes/no flag. It’s a challenge/response system, and the servers can’t respond properly to the challenge from the phone unless they know the actual password.
"normal" changes during election years
It’s not bi-partisan so much as election year politics. It appears most of Congress’s constituents are on Apple’s side here, so they have to look ticked off, or they risk alienating voters.
Give it until December, and we’ll be back to politics as usual.
Re: "normal" changes during election years
I would imagine that there are some politicians who may be considering toning it down for a bit given the voter is pissed and in vote revolt mood.
Unlike presidents, there’s a congressional election held every 2 years, so that 1/2 are staggered to the off times.
What I think is so cute is Congress critters thinking that China doesn’t already have an Apple crafted back door. Do you think Apple is huge in that market by helping people keep their personal information away from the government?
The critters need to get out more.
Re: Re:
They may or may not have one currently, but if the DOJ forces Apple to undermine their own encryption? Then they will have one, right alongside every other government that would really like to have access to the ‘secure’ devices Apple is selling, until the security is less wall and more ‘totally secure and hidden(promise!)’ access doors.
‘Another government might have forced [Company X] to undermine their own security so that government has access so it’s okay if we do the same’ is not a valid argument. That’s replacing a possibility with a dead certainty.
Re: Re: Re:
I am sitting here trying to think why it’s a problem that a back door would exist that could only be applied with the phone in hand, and perhaps only with Apple’s cooperation in each case? Anyone else would be shit outta luck because they would have no way to apply any patch up firmware update without first killing off Apple’s insanely tough version control / update / upgrade / turns things into bricks system.
We already know that Apple’s entire encryption scheme hinges on generally weak pincodes that drive the system. I am not sure that having a patch which can only be applied by Apple would be as big a deal as all that.
Re: Re: Re: Re:
Well, that gets into my second big takeaway from watching the hearing… But after three hours of Director Comey’s testimony, I wasn’t quite as sharp listening to Mr Sewell’s testimony. I may need to re-watch the second panel. Especially to listen for the questions that weren’t quite asked of him in quite the right way.
Still, the chances that I’d put my trust in an iPhone right now fade between zero and zero.
Re: Re: Re: Re:
Other than the idea that the government/police can force a company to do something that they can’t force the owner of the device to do, decrypt the contents of the device?
(And before you say that they’re not doing that this time, there’s really no effective difference between decryption and removing the only thing preventing decryption. It’s the difference between forcing someone to translate something they wrote in code directly versus forcing them to hand over the cipher they used and using that to decrypt the message yourself.)
Other than that there’s also the fact that there is no possible way the code/patch/whatever would remain secure, and would get out, posing a very real risk to any number of other devices?
(And if your response is to claim that the code is worthless without something only Apple can provide, great, now how secure to you think that is?)
Other than the idea that once it’s legally acceptable to force a company to defeat their own security the idea of a ‘golden key’ will have effectively been introduced without a single law being passed?
That once that becomes legally acceptable you can be sure that any company attempting to move towards encryption that they cannot break will be vilified as ‘attempting to avoid their lawful obligations'(and don’t think that’s hyperbole, that’s pretty much exactly what the response was towards Apple/Google’s move towards encryption-by-default).
Other than those problems and several I’m sure I’m missing? Can’t think of a single reason why people would have a problem with it.
Re: Re: Re:2 Re:
“Other than the idea that the government/police can force a company to do something that they can’t force the owner of the device to do, decrypt the contents of the device?”
Apple will not be decrypting anything. Red Herring. The security mods are related to a pincode, and not directly decrypting any files.
“Other than the idea that once it’s legally acceptable to force a company to defeat their own security the idea of a ‘golden key’ will have effectively been introduced without a single law being passed? “
Except really there is no golden key. There is no magic “push this button and decode the content”. Everyone goes on and on about encryption and such, not at all discussing that really want we are talking about here is only a pincode and a system that stops you after 10 tries. None of this is about the encryption chip or creating a backdoor or golden key.
Put another way: If you gave the requested modification to your average phone thief, it would still take them an eternity to try all the pincodes. Yes, someone with the right setup could probably brute force the phone in a few days, but most street corner hoods and fences would be stymied even with the “hack” on the phone. A golden key would be just that, click and it’s open and unlocked and decoded. That just isn’t the case here.
Re: Re: Re:3 Re:
Nice how you define things for everyone else. Most of the backdoors I know of have locks, doesn’t mean they aint backdoors!!
How long does it take for a new DRM scheme to be broken out in the wild? this is a key to creating something even more dangerous.
This is More of a digital WMD, and it will start an avalanche of disaster.
This will not just affect Apple but all smart phones and privacy in General.Stolen medical records, stolen finances.
This could trigger a digital apocalypse never seen before!
Re: Re: Re:3 Re:
+Whatever
This isn’t about a golden key though I believe that is the ultimate goal. This is about being able to conscript the services of a company against their will. Once Apple does it for the FBI Apple will eventually be forced to do it for the police. Apple will be forced to do it for the IRS. Law enforcement in every country where Apple sells phones will want Apple’s assistance. Other countries can’t force them but they can ban the importation of Apple products.
Comey’s lack of integrity undermines the integrity of the FBI. Trying to impose his agenda by sidestepping the legislative process and manipulating the legal system shows complete contempt for the law and the people he is supposed to be serving.
He is a narcissist that’s oblivious to the consequences of his actions and the impact of his personal crusade. He doesn’t care about the potential economic consequences of the FUD he’s generating about US technology companies. He’s even oblivious to the fact that he’s hurting his own case.
Last week congressmen and political candidates supported forcing Apple to comply. But Comey doesn’t give up. He keeps pushing. He says one thing and does something else. A week later support for the very thing he wants begins to wane.
Re: Re: Re:3 Re:
Apple will not be decrypting anything. Red Herring. The security mods are related to a pincode, and not directly decrypting any files.
I am shocked, shocked I say, that you appear to have completely ignored the part of my comment addressing that concern. I mean I can totally understand how, given it was immediately below the comment you replied to and in parentheses no less, which makes text near impossible to read, but still.
The DOJ/FBI, via the courts, is demanding that Apple create custom code for the specific purpose of bypassing security measures such that the DOJ/FBI can gain access to the contents of the device. The difference between that and forcing a company to decrypt a device is nothing more than terminology, in both cases the underlying action, granting access to the content by disabling the security protecting it is the same.
Except really there is no golden key. There is no magic “push this button and decode the content”.
Yes, there is, it’s called ‘You have been ordered to remove the security protecting the contents of this device, failure to do so will find you in contempt of court’.
That it can’t be done immediately in this case is irrelevant, the precedent will have been set that companies can be forced to bypass their own encryption, and as I noted above you can be sure that any move towards encryption that they cannot defeat will be slammed as an attempt to make impossible their legal obligations, meaning that they will not be allowed to implement encryption or security features that doesn’t have a glaring vulnerability built-in.
Put another way: If you gave the requested modification to your average phone thief, it would still take them an eternity to try all the pincodes. Yes, someone with the right setup could probably brute force the phone in a few days, but most street corner hoods and fences would be stymied even with the “hack” on the phone.
At the moment there’s limited use for a device that tries pin-codes automatically and at high speeds, because any decently secured device has at the very least a delay between tries. Introduce code that can remove that delay and suddenly phone thieves and/or people interested in the contents of stolen phones have a very real interest in developing or acquiring a device that can do that, and at that point it’s not ‘will’ they get it, but ‘when’.
Re: Re: Re: Re:
While Apple may sign each update individually to confirm that the phone is connected to Apple, do you honestly believe that a human authorises every use of the key? That is actually weaker security than signing code once, as Apples signing key is available to a public facing server to sign individual update automatically.
Re: Re: Re: Re:
We already know that Apple’s entire encryption scheme hinges on generally weak pincodes that drive the system.
If that was truly the case, then the FBI should’ve already gained access, no?
This has already been explained to you.
Many times.
Yet you’re still repeating the same. fucking. statement.
And you’re still wrong.
Idiot.
Re: Re: Re:2 Re:
With almost overwhelming probability, the government has had access to the target iPhone.
Whether FBI, and Director Comey have been read into that access?
I suspect that the fact of access has leaked, and that’s causing concern. Once the bare existence of an access method is disclosed, then people naturally wonder, ‘Well, exactly how did the government obtain access?’
Re: Re: Re:2 Re:
I know you are trolling, but pay attention:
The pincodes are weak (6 digits is weak, sorry!). The only thing stopping them is the 10 strikes supervisor code that would lock them out.
My point is always the same: Apple has pushed hard the idea of their amazing encryption, how the secure chip thing makes it impossible (or just about) for anyone to access your data. Well, it’s only true if they are taking the data and trying to decrypt it without the phone. With the phone in hand, it’s only that tiny pincode that generally keeps you out.
Understanding that makes it easier for you to understand that they FBI isn’t asking for the encryption to be broken or backdoored – only asking for the ability to try all the possible pincodes to access the phone and thus the data.
Otherwise, the judge would have just ordered apple to decrypt the file. That isn’t what the order says, is it?
liar, liar
Comey is an admitted liar, ergo nothing he says can be reliably considered to be the truth. Totally ineffectual and unbelievable. Why is he still on his perch?
Re: liar, liar
Plausible deniability.
Same basic bag job as the SEC did in 2007 – 2008. Appoint a moron, rob the joint blind, then feign outrage as you point at the scapegoat.
You're infringing on *OUR* right to shake down Apple
What’s the world coming to, when someone can threaten Apple — the world’s most valuable public company — without even getting a campaign contribution!
The only thing they are CAPABLE of is foiling terrorist plots that they come up with themselves.
that’s nothing like true. they can fuck up our freedom and give away our security like nothing you ever saw.
there are a few things these people are extremely good at.
Related: CDCal ACLU amicus brief
United States District Court – Central District of California
ACLU Amicus Brief Supporting Apple’s Opposition to Order to Help FBI Unlock iPhone (Mar 2, 2016)
Hearing date: Mar 22, 2016
Judge: Sheri Pym
I just caught the news about this from Reuters. I haven’t read the brief yet.
Such Bullshit
We all know Congress is not really angry. They have a chance to stand around acting important and implying they give a shit.
Meanwhile the continued abuse of State Surveillance continues unabated!
Asking the wrong questions, again!
Why can’t Congress just ask Comey why his agency is so incompetent that they can’t even do basic things like make sure that they themselves don’t screw up the investigation?
Also, why do they feel that Apple needs to become a slave of theirs to fix their incompetence when it happens?
Don’t these guys even have cell phones themselves? Or are those shoe phones not working any more?
No wonder they think their own plots up-otherwise they’d be doing nothing but playing cards all day instead of real work.
Their Job
As much as I think congress is a bunch of fuckwads, legislation is their job. The court’s job is to intepret laws and the FBIs job is to enforce laws within the confines of the constitution.
It really shows how dangerous this Comey is. He’s attempting to set policy, a power he hasn’t been granted nor is entitled to.
Congress needs to keep the FBI on a tight leash, especially while Comey heads the agency. He has no respect for the law. He has no respect for our system of government. He has no respect for democracy.
Whatever seems pretty angry about Congress seeming pretty angry about FBI’s belief that courts can force Apple to help it get into iPhones.
>> One judiciary member questioned how the FBI managed to mess up so badly during the San Bernardino investigation and reset the shooter’s password,
Every keeps up this illusion that they ‘messed up’, the Digital Forensic’s guys I know from the FBI etc are NOT that dumb.
Though there puppet masters Might be that sneaky and tactical to create a mess so that they can then confront Apple..
But hey, I’m cynical.. what do I know
Does China already have a backdoor?
I do hope that the privacy rights of citizens will be protected. If not citizens will be the only ones without protection from whomever wants their data. We know that banks/bankers, doctors/medical files, corporations, lawyers, all security organizations, government employees/politicians, celebrities/sports stars & military will not be without encryption.
Re: Does China have a backdoor? I believe so. We know for example that Cisco is accused of helping to design China’s Golden Shield system, “with full knowledge that it was to be used for the suppression of the Falun Gong religion.” (link below) With that in mind & knowing how China allows it own citizens to be mistreated by foreign corporations all in the name of money, I cannot believe that China would allow a corporation to exist in its country without the ability to access whatever it deemed important. With Apple’s history of mistreatment of foreign workers being well documented, how much pressure would it take to ensure that a backdoor existed? read the “Two Faces of Apple”..(links below)
I can only hope that Tim Cook’s stand here bodes well for the future of those workers mental & physical health. I would love to see the same passion from Tim Cook focused on protecting those workers in foreign countries.
https://www.techdirt.com/articles/20160113/06091133328/eff-wants-cisco-held-responsible-helping-china-track-torture-falun-gong-members.shtml
http://www.theguardian.com/technology/2011/apr/30/apple-chinese-workers-treated-inhumanely
See footnotes for more links http://www.carnegiecouncil.org/publications/ethics_online/0068.html
..”the company has acknowledged violations to its supplier code of conduct related to issues such as wages, underage labor and working conditions in its 2012 annual supplier report” http://www.pcworld.com/article/256590/apple_foxconn_slammed_by_sacom_on_worker_abuse_in_china.html
Re: Anonymous Coward, “Re: Re: Re: Big takeaway from watching the hearing.” I agree that more often than not security forces work harder to keep citizens in fear than they do solving real crime. You need only see the amount of crime & corruption that takes place to know that it is true. They are ensuring that both their jobs, their pensions & their buddies securities firms are kept in business. Notice how they always need more money for new technologies to solve crimes? Sometimes 1 plus 1 does actually equal 2.
Cynical I am
To note: What is the biggest difference between business & consumer products & services? ~!~ Security ~!~
Re: G Thompson, I agree, they are not dumb. “And if the case was such an emergency, why did they wait 50 days to go to court?” They needed time to determine how best to get what they wanted. “He went on to speculate that the reason could be found in an email from “a senior lawyer in the intelligence community,” obtained and published in part by the Washington Post in September 2015. The email said that the “the legislative environment [with respect to mandating backdoors] is very hostile today,” but that “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”