Looking for common ground in Apple vs. the FBI

In today's congressional subcommittee hearing, Apple and the FBI highlighted the ways they do work together already, but couldn't agree on a path forward.

A top Apple lawyer and the FBI’s top tech official agreed Tuesday that cooperation between law enforcement agencies and the tech giant could avoid stand-offs over how to access encrypted data as well as the need for law enforcement to hire its own hackers to decrypt information of criminals and terrorists.

But they disagreed on what the cooperation would look like.

Bruce Sewell, Apple’s general counsel, told a House commerce oversight subcommittee that the company already works with law enforcement regularly and would help develop the FBI’s capability to decrypt technology itself, but won’t open “back doors” to its iPhones due to the security risk that would pose to all users. The FBI had demanded that Apple write a new version of its iOS operating system to give access to the iPhone of San Bernardino shooter Syed Farook.

The FBI eventually paid third-party “gray hat” hackers in February to decrypt Farook’s iPhone. Sewell criticized the move as increasing vulnerabilities of innocent users.

But Amy Hess, the FBI’s science and technology chief, said the agency currently does not have the technology capability to access devices on its own, and isn’t likely to have it in the future.

Hess said building the capability to crack encryption on its own would take “a lot of highly skilled, specialized resources not available to us” and that the federal government will need cooperation from the technology industry to develop those resources.

What the FBI wants, Hess said, is “that when we present an order, signed by an independent federal judge, that (tech companies) comply with that order and provide us with the information in readable form.” How they do that is up to them, she said, saying the FBI has moved away from asking for a government back door based on Apple’s insistence that it is unworkable. “I don’t think the FBI, or law enforcement in general, should be in the business of dictating to companies what those solutions should be,” Hess told the subcommittee.

Working together

Both Hess and Sewell said the relationship between tech companies and law enforcement is, and should be, less adversarial than it looks like from the outside.

Sewell said the perception is “Apple vs. the FBI,” but in fact both want to balance protecting privacy while catching criminals who would use encryption to hide.

The difference, he said, is “the fundamental disconnect” in how they see the growth of technology in society. Law enforcement sees things “going dark,” or losing information, he said, while technologists “see a data-rich world that seems to be full of information. Information that law enforcement can use to solve—and prevent—crimes.”

As an example, he referenced photo DNA, where information embedded in photo files helps track those files across the Internet. Sewell said Apple has used this to help the FBI solve abductions, terrorism, and child pornography distribution, concerns raised by members of the law enforcement panel.

Sewell also addressed a rumor mentioned by another witness, Indiana State Police technology expert Charles Cohen, who noted Chinese news agency reports have suggested that Apple had given source code for the iOS to the Chinese government while refusing to work with the FBI.

“We have not provided source code to the Chinese government,” Sewell told the committee. When Rep. Tim Murphy, R-Pa., the subcommittee chairman, pressed the issue, Sewell told him, “We have been asked by the Chinese government, and we refused.”

Join the CSO newsletter!

Error: Please check your email address.

Tags Apple

More about AppleFBI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Musal

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts