Senate Judiciary committee interrogates Apple, Facebook about crypto
In a hearing of the Senate Judiciary Committee yesterday, while their counterparts in the House were busy with articles of impeachment, senators questioned New York District Attorney Cyrus Vance, University of Texas Professor Matt Tait, and experts from Apple and Facebook over the issue of gaining legal access to data in encrypted devices and messages. And committee chairman Sen. Lindsay Graham (R-S.C.) warned the representatives of the tech companies, “You’re gonna find a way to do this or we’re going to do it for you.”
The hearing, entitled “Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety and Privacy,” was very heavy on the public safety with a few passing words about privacy. Graham said that he appreciated “the fact that people cannot hack into my phone, listen to my phone calls, follow the messages, the texts that I receive. I think all of us want devices that protect our privacy.” However, he said, “no American should want a device that is a safe haven for criminality,” citing “encrypted apps that child molesters use” as an example.
“When they get a warrant or court order, I want the government to be able to look and find all relevant information,” Graham declared. “In American law there is no place that’s immune from inquiry if criminality is involved… I’m not about to create a safe haven for criminals where they can plan their misdeeds and store information in a place that law enforcement can never access it.”
Graham and ranking member Sen. Diane Feinstein (D-Calif.)—who referenced throughout the hearing the 2015 San Bernardino mass shooting and the confrontation between Apple and the Federal Bureau of Investigation that resulted from mishandling of the shooter’s county-owned iCloud account by administrators directed by the FBI—closed ranks on the issue.
“Everyone agrees that having the ability to safeguard our personal data is important,” Feinstein said. “At the same time, we’ve seen criminals increasingly use technology, including encryption, in an effort to evade prosecution. We cannot let that happen. It is important that all criminals, whether foreign or domestic, be brought to justice.”
Vance, for his part, called Apple’s and Google’s introduction of device encryption “the single most important challenge to law enforcement over the last 10 years… Apple and Google upended centuries of American jurisprudence.” He cited a human trafficking case he could not get evidence for because of encryption, recounting how the suspect in jail told a cellmate that Apple’s encryption was “a gift from God” to him.
That isn’t how any of this works
Vance has been a frequent and long advocate for federal legislation to ensure legal, extraordinary access to data. “I’m not sure state and local law enforcement are going to be able to bridge the gap with technology without congressional intervention,” Vance told the committee in a response to a question from Sen. Feinstein. Explaining that his office’s lab gets about 1,600 devices a year as part of case evidence, Vance said, “About 82 percent are locked—it was 60 percent four years ago,” he said. “About half of those are Apple devices. Using technology, we’re able to unlock about half of the devices—so there are about 300 to 400 phones [a year] that we can’t access with the technology we have. There are many, many serious cases where we can’t access the device in the time period where it is most important.”
Feinstein then told the other witnesses, “You heard a very prominent district attorney from New York explain what the situation is… I’d like to have your response on what you’re going to do about it. That will determine the degree to which we do something about it.”
Apple Manager of User Privacy Erik Neuenschwander responded that Apple will continue to work with law enforcement, citing the 127,000 requests from law enforcement for assistance Apple’s team—which includes former law enforcement officials—has responded to over the past seven years, in addition to thousands of emergency requests that Apple has responded to usually within 20 minutes. “We’re going to continue to work with law enforcement as we have to find ways through this,” Neuenschwander said. “We have a team of dedicated professionals that is working on a daily basis with law enforcement.”
Feinstein interrupted Neuenschwander: “My understanding is that even a court order won’t convince you to open the device.”
Neuenschwander replied, “I don’t think it’s a matter of convincing or a court order. It’s the fact that we don’t have the capability today to give the data off the device to law enforcement.” There had been conversations about making changes to fix that, Neuenschwander said, “But ultimately we believe strong encryption makes us all safer, and we haven’t found a way to provide access to users’ devices that wouldn’t weaken security for everyone.”
Vance said in response that Apple should re-engineer its phones to allow access. “What they created, they can fix,” he said.
https://arstechnica.com/?p=1631711