Comey: Making Apple Disable iPhone Security Is A One-Off Solution
FBI Director James Comey testified before Congress for the first time Thursday since a court in California ordered Apple to help law enforcement access an iPhone belonging to one of the San Bernardino shooters, a solution Comey said would only work once.
“What the experts have told me is the combination — and here’s where I’m going to get well out of my depth — of a 5c and this particular operating system is sufficiently unusual that it’s unlikely to be a trailblazer because of technology being the limiting principal,” Comey said.
Last week a federal judge in California cited the All Writs Act — an 18th-century law meant to act as a gap-filling statute when no existing law applies — in ordering Apple to assist the FBI in unlocking an iPhone 5c that belonged to Syed Farook, accused, with his wife Tashfeen Malik, of killing 14 people in San Bernardino in December.
Under the latest order, the iPhone maker must write code to disable the password attempt limit, which deletes the phone’s contents after 10 incorrect attempts, disable the period of latency between attempts (which would otherwise make brute-hacking the phone through random password guesses a five year-plus process) and facilitate the FBI’s ability to submit attempts electronically.
Apple CEO Tim Cook refused the order on the grounds Apple does not currently have the ability to comply with the FBI’s request, and that forcing the company to build the capacity would create a dangerous tool and precedent likely to be abused by the government and authoritarian regimes.
Cook said Wednesday the code the government requests is “the software equivalent of cancer,” and added Apple would fight the case all the way to the Supreme Court, if necessary.
The FBI director said he has experience using the All Writs Act as a prosecutor, and conceded the outcome of the case against Apple in California has the potential to influence similar cases the FBI is pursuing and may pursue against the iPhone maker.
Cook and Comey both agreed Apple had been very cooperative in the case initially, handing over all the data the company had on Farook’s phone.
“There are no demons in this dispute or the larger dispute,” Comey explained. “Apple’s been very cooperative, we just got to a place where they were not willing to offer the relief that the government was asking for.”
The director also dismissed claims in recent media reports the FBI is capable of breaking into the iPhone with its own technical prowess, but is pursuing the Apple case to set precedent.
“That’s the product of people watching too many TV shows,” Comey laughed. “I don’t mind TV shows about FBI, but sometimes we’re not as attractive or as technologically talented as we appear on TV.”
The larger question of how to deal with terrorists and criminals going dark online shouldn’t be answered in the courts, he said, but by a broader national discussion about the balance between privacy and national security Americans are comfortable with.
“The San Bernardino litigation is not about us trying to send a message or establish some precedent,” Comey said. “It’s about trying to be competent in investigating something that is an active investigation, and so I don’t know how lawyers and judges will think about what is the limiting principle on the legal side.”
Connecticut Democratic Rep. Jim Hines said the issue isn’t just about privacy versus security but also “security versus security.”
“If you prevail, and if this code is written,” Hines said, “it will be the subject of other requests for law enforcement, this code will exist presumably on a server at Apple” and become the target of state, terrorist and criminal hackers.
“You don’t need to think too hard to spin some pretty ugly scenarios if that code gets out into the wild,” Hines said.
Comey repeated the code’s potential to be used on another phone is “not a real thing,” and added Apple “has done a pretty darn good job of protecting its code,” pointing out the company complied with law enforcement requests before adopting end-to-end encryption in 2014.
“It is this body that should be determining the answer to the questions that you ask and that will be resolved in the judiciary,” Hines said.
A number of his colleagues including House Homeland Security Chairman Mike McCaul and Virginia Democratic Sen. Mark Warner agree. The two announced Wednesday their timeline to roll out legislation establishing a 9/11-style congressional commission to discuss digital security issues, including encryption, with stakeholders including Silicon Valley, the FBI, intelligence community and privacy advocates.