Apple and the FBI spent five-and-a-half hours (!) testifying before Congress yesterday over the ongoing San Bernardino iPhone saga. And while there weren't any definitive conclusions, it was a chance for both sides to lay out their positions more clearly than ever before. Apple's General Counsel, Bruce Sewell, went up against FBI director James Comey at the hearing, which was overseen by the House Judiciary Committee.
To recap, the FBI wants Apple to help it unlock an encrypted iPhone tied to the San Bernardino case by building a customized version of iOS. Apple, on the other hand, argues that doing so would compromise security of every iPhone moving forward.
You can watch the entire hearing above, and follow our liveblog commentary here. Engadget's Roberto Baldwin summed up the day's events:
FBI Director James Comey was grilled pretty hard by the committee. The majority of the representatives seemed to favor Congress working on a law that benefits law enforcement, security and privacy. Comey continued to note that the courts should figure this out.
While Comey continued to say that this is about single device in a single case, New York DA Cyrus Vance was more forthcoming that law enforcement is being hindered by encryption and that he would like the ability to open the one New York already has in its possession.
Apple general counsel Bruce Sewell raised Apple's ongoing argument that this is not about a single phone. The company does not want to comply with the Department of Justice order to help circumvent the iPhone's passcode. Representative Sensenbrenner asked Sewell if Apple had drafted legislation since it was not happy with the court's motion, Sewell replied that it had not. The attorney later said that it was open to working on a bill once the current debate was finished.
Dr. Susan Landau testified on the security implications of Apple unlocking the phone and noted that other government agencies could already have the capability of unlocking the iPhone that the FBI doesn't have. Landau said that the FBI should update its technical prowess instead of asking private companies to defeat their security.
And now for some highlights:
- FBI director James Comey wasn't familiar with yesterday's New York ruling, in which a judge said that the government can't force Apple to unlock an iPhone using the All Writs Act (which the FBI is relying on for this case as well).
- When asked if the San Bernardino iPhone case would set precedent for future encryption cases, Comey said, "Sure, potentially."
- The FBI was called out for a major screwup: By changing the San Bernardino iPhone's password, it effectively stopped its iCloud backup. Apple has already provided Feds with data stored on iCloud -- it's not fully encrypted like data sitting on the phone.
"As I understand there was a mistake made in the 24 hours after the attack," Comey said. "[That] made it impossible for the phone later to back up to the iCloud, but we'd still be in litigation either way because we wouldn't have gotten everything off the phone."
- A few members of the House Judiciary Committee also proved they had a decent understanding of technical topics. Congressman Darrel Issa (R-CA) took Comey and the FBI to task for not trying hard enough to crack the iPhone's encryption on their own. When he asked if the FBI had asked Apple for its source code, or enlisted an expert to help, Comey didn't have much to say.
"How can you come before this committee before a federal judge and demand that someone else invent something if you can't answer the questions that your people have tried this," Issa asked.
"I did not ask the questions you're asking me here today," Comey said. "I'm not sure I even fully understand the questions. I have reasonable confidence, in fact I have high confidence that all elements of the US government focused on this problem, and I've had great conversations with Apple."
- Congresswoman Zoe Lofgren (D-CA) said she worried about a world where nothing is private. She brought up Juniper Networks, who believed it had decent encryption capabilities, but who ended up being hacked due to a vulnerability. Lofgren also pointed out to Coney that Apple's iCloud service was hacked, even though he also claimed it was pretty secure.
"I'll close by saying I have all kinds of messaging apps that are encrypted, some designed in the US and some in other countries," Lofgren said. "I wouldn't do anything wrong on my phone, but I could use any of those apps to communicate security and there wouldn't be anything the government could do to prevent that from occurring."
- Apple General Counsel Bruce Sewell said Apple is being driven to make iPhones more secure after seeing security issues outside of the country. "The people that we're competing with are on an equally aggressive path to defeat everything we put into the phone," he said.
- Sewell also reiterated that Apple's problem with following the FBI's request isn't time or money, instead "the burden is compromising the security of our customers."
When asked why that would be a burden, he responded: "The answer is simple. This isn't a one phone issue, and I don't believe it can be contained to one phone." That's something Comey has already confirmed.