Representatives from Apple and the FBI testified Tuesday at a House Energy and Commerce Committee hearing on the ongoing encryption debate. Both vowed to work cooperatively to move past the current encryption impasse and find common ground. They also used the hearing to clarify stances on encryption and set the record straight on the FBI’s use of “grey hat” hackers and Apple’s ties to China.
During the hearing, Apple general counsel Bruce Sewell made it clear Apple refused a request by China to to hand over its source code for its iPhone. Sewell was responding to allegations earlier in the hearings suggesting that Apple was more interested a cozy business relationship with China versus cooperating with the U.S. law enforcement in criminal investigations.
“I want to be very clear on this. We have not provided source code to the Chinese government,” Sewell said. “Those allegations have no merit.”
Amy Hess, executive assistant director for science and technology at the FBI, defended its use of hiring a third-party hacker to break into an iPhone owned by Syed Farook, one of the San Bernardino terrorists. She said that working with for-profit hackers wasn’t an ideal situation, but the FBI lacked the capability to crack open the iPhone itself.
The Apple and FBI meeting comes after a standoff where a federal judge ordered Apple to provide “reasonable technical assistance” to help the FBI access Farook’s iPhone by bypassing a program that erases the phone’s data if too many incorrect passwords are entered. That case was put on ice when the FBI hired an undisclosed third-party to unlock the phone.
During the hearing Hess said the FBI “required services and specialized skills we can only get through third parties.” Hess was grilled by the panel which was critical of the FBI’s inability to open the phone itself.
“I don’t think relying on a third party is a good model,” said representative Diana DeGette, a Democrat from Colorado. Hess conceded that the FBI needs more resources to develop more sophisticated computer forensics tools and hire more expert personnel.
Apple’s Sewell also addressed allegations by law enforcement that came up earlier in the hearing suggesting the phone maker would be encrypting its next-generation iCloud with the same strong encryption as the iPhone. “We have not announced that we are going to apply passcode encryption to the next generation iCloud,” he said.
Sewell and other panelists that represented the tech sector reinforced their position on encryption saying backdoors or intentionally weak encryption would have a devastating impact on U.S. businesses and do nothing to protect against criminals who would look outside the U.S. for encryption solutions.
Lawmakers acknowledged that encryption was not black and white issue. But, by the end of the hearing it was apparent the House Energy and Commerce Committee wasn’t any closer to answering the question of whether the government should have the ability to lawfully access encrypted technology and communications.
“It’s been five-and-half years and I’ve been hearing everyone talk about encryption and not getting anything done. I don’t know what we are waiting for. There has got to be a solution,” said the committee’s chairman Tim Murphy, a Republican from Pennsylvania.
Sewell pointed out over the past five years the private sector and law enforcement have made big strides in working together to help investigators on criminal cases involving encryption. “If we can get out of the lawsuit world, let’s start cooperating more,” Sewell said.
Apple, Sewell said, both strong encryption and law enforcement can work together. He said Apple is already working daily with law enforcement in helping find abducted children and child predators. Tools such as IP logs, which can help pinpoint missing people, and a program called PhotoDNA, used to track child pornography online, are examples where catching the criminal has less to do with what the encrypted data is and more to do with leveraging technology to solve a crime.