Apple is once again under fire from U.S. lawmakers, this time for designing the iPhone with such strong encryption to protect the data on the iPhone that it hampers the efforts of law enforcement.
In a recent hearing on Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety held by the Senate Judiciary Committee, senators questioned experts from both Apple and Facebook on the issue of gaining legal access to data on encrypted devices and in messaging conversations. Apple’s Manager of User Privacy Erik Neuenschwander was present to respond on behalf of the company, along with New York District Attorney Cyrus Vance, who has long held that Apple’s security makes the iPhone “the terrorists’ communication device of choice” and cyber-security expert, former GCHQ analyst and University of Texas Professor Matt Tait.
As reported by ArsTechnica, committee chairman Sen. Lindsey Graham (R-S.C.) pulled no punches on insisting that Apple must incorporate a way for law enforcement to access any and all information stored on any iPhone that becomes part of an investigation, suggesting that Apple’s security makes the iPhone a “safe haven for criminals where they can plan their misdeeds” and drew out the obvious bogeyman of “encrypted apps that child molesters use” as an example.
You’re gonna find a way to do this or we’re going to do it for you.Senator Lindsey Graham (R-S.C.)
However, like many of the lawmakers and law enforcement officials who are pushing for companies like Apple to create weaken their encryption, Sen. Graham didn’t seem to appreciate the fine line between protecting his own privacy and bringing criminals to justice.
[I appreciate] the fact that people cannot hack into my phone, listen to my phone calls, follow the messages, the texts that I receive. I think all of us want devices that protect our privacy. [However] no American should want a device that is a safe haven for criminality.Senator Lindsey Graham (R-S.C.)
Apple has long taken the stance that any weakening of encryption technology or backdoor created for law enforcement would weaken security for all users, and would in fact be the equivalent of software cancer. In short, the company maintains that it would be opening a Pandora’s Box that could never be closed, since no matter how many promises are made by lawmakers, such tools are all but guaranteed to eventually fall into the wrong hands, and even before they do, the security weaknesses that enable these tools can be exploited by other hackers. Even tools created by the U.S. National Security Agency have leaked out, wreaking havoc, and the NSA is signifcantly more secure than a local county forensics lab.
Senator Diane Feinstein (D-Calif.), the ranking Democrat on the committee, agreed with Sen. Graham, pointing repeatedly to Apple’s confrontation with the FBI over the 2015 San Bernardino mass shooting.
Everyone agrees that having the ability to safeguard our personal data is important. At the same time, we’ve seen criminals increasingly use technology, including encryption, in an effort to evade prosecution. We cannot let that happen. It is important that all criminals, whether foreign or domestic, be brought to justice.Sen. Diane Feinstein (D-Calif.)
A ‘Gift from God’ for Criminals?
New York District Attorney Cyrus Vance also naturally came down on the side of the two Senators, with even harsher words raised against Apple’s iPhone encryption. Vance cited a human trafficking case that he was unable to get any evidence for, adding that a suspecting jail referred to Apple’s encryption as a “gift from God.”
Vance told the committee that his office’s lab sees about 1,600 devices a year that are received as part of case evidence, of which 82 percent are now locked, and about half of which are Apple devices. Vance says that they are able to bypass the security on about half of these, but there are about 300 to 400 iPhones per year that they cannot get access to, resulting in many serious cases that cannot be prosecuted.
After Vance’s made his comments, Sen. Feinstein asked Apple for its response on what it was going to do about it, saying that this would “determine the degree to which we do something about it.”
Apple and Law Enforcement
Apple’s Manager of User Privacy Erik Neuenschwander pointed to the fact that Apple has worked with law enforcement and will continue to do so, noting that it received 127,000 requests from law enforcement over the past seven years, plus thousands of emergency requests that it has been able to respond to within 20 minutes. Most notably, Apple holds all of the keys for accessing iPhone backups that are stored in iCloud, and can and does provide that information to law enforcement in response to a valid court order.
We’re going to continue to work with law enforcement as we have to find ways through this. We have a team of dedicated professionals that is working on a daily basis with law enforcement.Erik Neuenschwander, Apple Manager of User Privacy
Sen. Feinstein countered Neuenschwander’s comments, however, suggesting that Apple would blatantly refuse to “open” a device even in the face of a court order, to which Neuenschwander pointed out that it wasn’t a matter of “convincing” Apple to open an iPhone, but rather the fact that the company simply does not have the ability to do so.
Neuenschwander added that there have been discussions about changes that could be made to fix that, but stuck to Apple’s stance that “ultimately we believe that strong encryption makes us all safer” and that the company hasn’t found a way that it could provide access to users’ devices that wouldn’t risk weakened security for everyone involved.
Vance was less convinced, insisting that Apple should be required to re-engineer its phones to allow access to law enforcement. “What they created, they can fix,” he added.
Education is the Key
Neuenschwander made another interesting point that many of the problems that law enforcement have been running into with data access are more about education than encryption. He notes that Apple publishes a comprehensive law enforcement guide that explains all of this information and has actually trained law enforcement officers in the United States and elsewhere in the world on these processes.
In fact, the very case that started this all offers up a good example of this: Had law enforcement followed the proper technical procedures in the 2015 case of the San Bernardino shooter, they probably would never have needed to worry about decrypting the data on the shooter’s iPhone itself. However, the decision by the San Bernardino County Department of Public Health, who had issued the iPhone, to reset the iCloud password in an attempt to gain access actually prevented them from getting access to the data, since the iPhone could no longer automatically back itself up to iCloud where the data could have easily been retrieved.
Of course, lawmakers and law enforcement officials also appear to be failing to understand that the problem goes well beyond the encryption found on the iPhone. While there are certainly less educated criminals who are unknowingly protected by the iPhone’s encryption by default, there are a great many other options for anybody who wants to seriously protect their communications and other information.
Jay Sullivan, product management director for privacy and integrity in Facebook’s Messenger, pointed out to the committee that end-to-end encryption is already used in many foreign countries around the world, and passing laws around it in the U.S. will simply push the actual criminals to use foreign application providers who will be entirely out of reach of the U.S. legal system.
Ultimately, however, the committee appears to have remained unconvinced, with Sen. Graham insisting that if Apple and other big tech companies don’t come up with a solution that provides law enforcement with the full level of access they need, lawmakers will step it and make it a legal requirement.
My recommendation to you is that you all get on with it… By this time next year, if you haven’t come up with a solution that we can all live with, we will impose our will on you.Senator Lindsey Graham (R-S.C.)