I watched most of the hearing (can be viewed here http://www.youtube.com/watch?v=g1GgnbN9oNw), this article seems like a pretty accurate characterization. Comey's parsing of words in his response to the question of whether any gov't agency can access the phone reminded me of Clapper's "least untruthful" answer (ie his lie about NSA data collection).
I also watched most of the hearing[1], and Comey was very practiced at sticking to his story. However, one bit in particular stood out as something I haven't heard before: he seemed to criticize Apple for trying to protect people. He went off on a brief tangent at one point where he said things like[2]:
"It's not Apple's job to protect the American people."
"They sell phones, they don't sell public safety. That's our business to worry about."
He spent a minute or two saying things like that. This almost sounds like Comey sees this as some sort of turf war, with Apple infringing on his responsibilities. I'm not sure how to interpret that - isn't it the job of any manufacturer to make sure their product is safe? Wouldn't any kind of courier have a duty to protect what that which they carry?
[1] side note: I'm actually very impressed by most of Representatives understanding of the issue and the fairness of their questions.
[2] These may not be exact quotes! This is what I remember, I'll see if I can find the spot in the video later.
I'm delighted to see Congress taking a stand for's right here, and I hope politicians finally realised they do have a personal stake in the matter.
They do have secrets, like most of us and effects of revealing these secrets would have far worse consequences for them and their careers than for most "ordinary citizens", which makes them high-profile targets. Easy targets, too, if (or when) FBI/NSA/CIA allies with some party in domestic political struggle.
Given surveillance powers these guys want, it won't be too long before they decide that next order of business is to find more effective ways to steer political discourse in the favourable direction.
I can see how "ordinary people" would think they "aren't important enough" when it comes to surveillance, but it amazes me that ambitious politicians wouldn't see themselves as "important enough".
Given surveillance powers these guys want, it won't be too long before they decide that next order of business is to find more effective ways to steer political discourse in the favourable direction.
This has likely happened already with NSA. FBI are jealous because NSA don't share. Congress already know what a pain it is to deal with NSA; they're not eager to create another effectively ungovernable agency.
If you want to go all the way down that rabbit hole, the NSA could be leveraging its power over politicians to prevent the FBI from gaining power, since power of this sort is relative, not absolute (the FBI's gain would be the NSA's loss).
To be clear, I don't really subscribe to that narrative.
It's very well known historically that these agencies have been fighting with each other since their originations. They fight each other over intel, budgets, turf, governance, talent, technology, etc.
I don't think there's anything to subscribe to or not. It's established fact, widely written about for decades.
I was more referring to the NSA leveraging power over our congressmen and senators due to their knowledge of secrets those politicians may not want exposed. That's a very dangerous game to play, and all it takes is one person not willing to play for it to all come tumbling down for the NSA. So, I don't really subscribe to that narrative.
I'm skeptical that the NSA would do that so explicitly (although given that Snowden's entire set of revelations consisted of "they wouldn't do that ..... oh they did" perhaps I should have less confidence).
I think a far more plausible and subtle form of mental pressure is simply manipulating secrecy and technical bullshit. You don't have to know a Congressman's porn preference to manipulate him if you can instead say, "we are tracking dangerous terrorists and if you don't do exactly what we want, they will win and it'd be an awful shame if an angry analyst leaked to the press the fact that YOU, CONGRESSMAN JONES, prevented us from doing our jobs".
Whether the terrorists really exist or not doesn't matter when you are effectively unauditable, and can easily imply that anyone who gets in your way is directly responsible for the deaths of innocents.
That's exactly it, but it's even simpler than that; when you control the reports that the political leaders are relying on for information, you control the set of options they can select from. Some things never get reported, others get reported such that there is an "obvious correct" choice. Coercive measures are possible, but they shouldn't be necessary in most cases.
Jacob Appelbaum describes this process very well in an interview[1] where talks about the time the CSE[2] tried to recruit him. It's hilarious... and scary for several reasons, including the suggestion that the CSE has to get NSA approval for the people they hire.
Easy targets, too, if (or when) FBI/NSA/CIA allies with some party in domestic political struggle.
I think part of this might be that members of Congress remember the news breaking that the NSA and CIA were spying even on American allies like Chancellor Angela Merkel and got a taste of "is nothing safe?" in their mouths.
Yes, I think you're right and I think the FTC would also disagree with Comey on that one. Companies have a duty of care to take reasonable and appropriate measures to maintain the privacy of customer data in their care, commensurate with the scale and sensitivity of the data, and the cost and availability of the tools and technology to protect it.
By that definition it's precisely the Apples and Googles of the world who have the greatest responsibility to design their products to be secure.
In what strange world would we expect the FBI to design TouchID or TrueCrypt or ChaCha20? If anything history has shown us we can't trust NIST or IETF to get it right, or even not to be secretly subverted to get it wrong!
It is a turf war because times are changing. This is actually a central theme in the newest James Bond movies, and one that Marshall Mcluhan wrote about back in the 70's:
>Man Hunter and Sleuth: Posture and Imposture
>In one of Sherlock Holmes's adventures his quarry demurs when Holmes declares that he had seen him at a particular spot. The quarry retorts that "I saw nobody follow me there." And Holmes comments, "That is what you may expect to see when I follow you."
>Half the world today is engaged in keeping the other half "under surveillance." This, in fact, is the hang-up of the age of "software" and information. In the preceding "hardware" age the "haves" of the world had kept the "have-nots" under "surveillance." This old beat for flatfoots has now been relegated to the world of popular entertainment. The police state is now a work of art, a bureaucratic ballet of undulating sirens. That is a way of saying that the espionage activities of our multitudinous man hunters and "crediting" agencies are not only archaic, but redundant and irrelevant.
-Marshall McLuhan, Take Today: The Executive as Dropout
> "They sell phones, they don't sell public safety. That's our business to worry about."
He is absolutely right! But its also true that FBI and Gov et al failed miserably at keeping us safe. Heck, they even failed multiple times at keeping our information safe behind their supposedly unbreakable walls. So no wonder things took this turn!
Any given day, I would rather go with Apple's security attempts, even if "not their business", than accepting FBI's crack on it.
Actually I'm not sure he's right. (Completely at least.) It's definitely the FBI's job to worry about public safety. But I don't think it isn't Apple's job to sell public safety. As I see it, they sell whatever they choose to sell, as any business does, in the interest of making a profit. These days privacy has becoming a much bigger issue, and something that consumers will pay for. And from the way Apple pitches their products, it seems that they do sell safety.
> This almost sounds like Comey sees this as some sort of turf war, with Apple infringing on his responsibilities. I'm not sure how to interpret that
On the contrary, he showed a good deal of respect for Apple and praised them as a company on numerous occassions. The article characterises it as a "conciliatory tone" which is the correct interpration. I believe this is the best way forward for the FBI and the government.
It's not a turf war. It's just a characterization of the two. Apple employees come into work and think about usability, product design, security and similar problems. FBI employees come into work thinking about counter-terrorism, public safety and intelligence.
Painting Apple as unpatriotic will result in a consumer backlash and make this an Apple vs FBI debate and pit them head-to-head against the most powerful brands in the world. The debate is shifting to "public security vs privacy" instead of Apple vs FBI, which is how a lot of the consumers and Apple fans see this right now.
I rather enjoyed hearing Comey's responses and found Bruce Sewell to lack the same maturity and preparedness. However, I do not empathize with any of Comey's views (interpretation of All Writs Act, privacy vs public security) and neither should anyone else.
> The debate is shifting to "public security vs privacy" instead of Apple vs FBI, which is how a lot of the consumers and Apple fans see this right now
Actually Apple is painting it as a "security vs. security" debate [1] [2]. They point out that every iPhone user's security is put at risk if they are forced to sign software that weakens the iPhone's security.
> I rather enjoyed hearing Comey's responses and found Bruce Sewell to lack the same maturity and preparedness
I thought Sewell performed well. He was given some tough questions he could not have anticipated. Sewell was the one on the hot seat here. Comey did not face as much pressure.
To this day, I find to hard to call Clapper's response anything but a direct and intentional lie. I do hope in a post-Snowden world, officials will be more careful not to lie under oath to Congress.
Clapper came to my school to talk and I asked him "to speak about the allegations of perjury". He was not amused, and repeated the line about having forgotten about the PATRIOT Act.
All the CIA does lying, day in day out. That's literally their job, besides extra juridical killings. And they usually don't care about Congress or White House. So it's not unexpected that he got caught. He certainly does not care, as he is more powerful than Obama or Congress.
I'll open the champagne when Congress actually votes on some legislation to prevent the FBI's request from happening. The congressional committee does not represent all of congress, and I don't know how many congressmen would still rally behind the "No privacy ever because TERRORISM" cry if it came to a vote. This is, unfortunately, not a clear-cut partisan issue, and it's difficult to predict how a vote would go.
This will probably be decided, like most constitutional issues, by a Judge that will be forced to interpret the 4th/5th amendment, in the ever changing light of 'reasonableness', as it applies to the case at hand.
It will then become precedent, adding to the long list of very important judicial decisions that must decide how to apply a law with very loosely defined vocabulary. How a normal citizen is expected to remain apprised of every single law, every interpretation of the law, and every precedent set by a judge ruling on the law, is beyond me.
If the original laws (in this case, the Bill of Rights) were defined as well as many judicial rulings are, we likely wouldn't be arguing if what is being asked of Apple is 'reasonable' -- as what constitutes 'reasonable' would be defined by the law itself.
This doesn't need to become a constitutional argument. Congress can pass a law forbidding the government from forcing a manufacturer to build a back door. Simple as that.
Remember - they went to judge - judge said no - they suggest congress - no congress is giving them no as well - going back to the judge(s) will definitely get them annoyed.
What's more interesting in the Apple case is that protecting citizens' 4th amendment rights is contingent on protecting corporation's 1st amendment rights. Apple claimed that since code is speech, being forced to create and digitally sign the backdoor code is forced speech.
The Citizens United decision from 2010 guarantees a corporation's 1st amendment rights, but I wonder if Apple could still use this defense if that decision was overturned.
Citizens United depends on the concept that corporations have 1st Amendment rights. But it did not create that concept.
That has actually been settled law for a long time; it is how newspapers (which are corporations) are able to enjoy freedom of the press--not just the reporters individually.
So Citizens United could be overturned and it would not hurt Apple's case at all.
The only reason they align is because Apple wants to maintain or grow it's market share. It's intelligently recognizes that consumers want privacy, so they are fighting for it.
You say "only" as though that's a bad thing. You don't need more than one reason.
You say they want to grow or maintain their market share. As opposed to wanting to go bankrupt and fire 100,000 people. You mean, Apple wants to continue to exist? That's exactly correct. Rational self-interest is a wonderful thing, including Apple responding to their customer demands.
> “You have had apparently 70 prior instances where you have not taken the steps available to you,” Judge Orenstein said to Apple’s lawyers during a hearing.
I noticed that too. Before Hillary final testimony I had utmost respect for this man. I took time off and microwave some popcorn for the hearing and then such huge disappointment -- he didn't have nothing against Hillary. Came totally unprepared! If anything he really sounded like this people are wasting tax payers money. And true -- arm wrestling Apple lawyer into "lets skip all this and lets save money lets do this and that" -- truly lost my respect.
Both of these characters basically bullied and badgered Apple's legal counsel, Mr. Sewell, to write and lobby for legislation with which Apple would agree. Neither would consider that perhaps no additional legislation is necessary to protect Apple's rights.
Gowdy also mentioned names of a few of his friends at the end of his questioning who probably think along the same lines he does.
What does Sensenbrenner even mean by "you aren't going to like what we come up with". It sounds like he was pissed off that Apple didn't come with a bill to hand him to do his job for him. And his last part sounds quite like a threat.
It does sound like a threat at the end. He's basically saying, "you don't want to give us a new bill? Okay, we'll write a one-sided one, and you're going to hate it, but too bad because all you wanted to do was debate and discuss the issue".
He sounds like he has already made up his mind, is in a rush, and does not want to engage in debate. He already agrees with the DOJ and nothing is going to change his mind.
It is unreasonable for him to expect Apple to propose legislation before even one congressional hearing on the issue is complete.
Even after one hearing we can't expect the public and Congress expect to be so informed on the implications of curtailing encryption that they should be prepared to legislate on the issue.
Sensenbrenner claims Apple is saying "No no no" but in reality he is the one doing the censure. Apple has repeatedly said they're willing to discuss the issue in public.
FTA: "For example, why hasn’t the FBI attempted to get the NSA’s help to get into the phone, since hacking is their job?"
Is it in fact their job? I'd assume there are some ground rules for operations among the executive branch of government but apparently congress thinks this is their charge?
It is in fact the other way around. The US Government completely and entirely dominates the private sector economy, controlling nearly every aspect top to bottom. The US is one of the most regulated economies in the G20, with economic regulations continuing to expand rapidly, the government adds thousands of new regulations annually.
That blatant government control is why the NSA (US military, executive branch) was able to force Google, Yahoo, Microsoft, Apple, et al. to comply against their will, and often against their attempts to defend themselves. It's also why this is even an issue at all. If Congress were owned by corporations, none of this would be happening, Apple would have dismissed them with a swipe of its hand, given it's the world's richest private corporation.
If corporations owned Congress, the US wouldn't have one of the highest effective corporate tax rates on earth.
"If Congress were owned by corporations, none of this would be happening"--it's almost as if there can be multiple interests influencing / lobbying for power somehow, and not a single corporation owns all of congress...
Why? Has the FBI found a fast way
to factor any product of two large
prime numbers? Until they do,
what the FBI wants is not always
what the FBI can get, Congress or not.
You need to break the encryption or find the key. In this case the key has 4^9 bits of entropy (262144) which can be cracked in a matter of minutes if they get a copy of iOS that doesn't have a timeout.
No. I'm not really talking about,
thinking about the current
FBI/Apple issue and, instead,
am trying to be more fundamental
and look ahead one step, say, the
next step after the FBI/Apple,
uh, maybe call it a pissing match.
So, IMHO, here's where we are, whatever
FBI/Apple do: People, and Apple, will
want encryption no one knows how to break.
Indeed, IIRC, Apple has already announced that they
intend to make an iPhone Apple can
claim they can't break.
And I suspect
that quite broadly and commonly people will
just roll back to basic RSA, etc. encryption,
say, from little command line programs
they can run on an old, not hacked, computer
never connected to a network.
Then the issue in practice will be the
same one that is fundamental in theory:
To break the encryption, need to
a fast way to factor
a product of two, large prime numbers.
Pass code, 4-digit PINs, etc. -- I
just passed over those as by now
trivial and irrelevant.
> And I suspect that quite broadly and commonly people will just roll back to basic RSA, etc. encryption, say, from little command line programs they can run on an old, not hacked, computer never connected to a network.
Some people, maybe a lot of people
want to take encryption seriously.
So, get some little open source,
command line programs that run
and just squirt out dirt simple
flat ASCII files in base 64 encoding.
Run the software on some old
computer where are fairly sure
there are no back doors.
Never connect to computer to
a network.
Move the data from that computer
on, say, just old diskettes.
Then somehow have an iPhone
read the base 64 and send it.
If the FBI gets the base 64 code,
lots of luck making any sense out of
it.
Some people will be impressed by that
scenario and possibility.
Should be everyone with first level
programming skills and very
interested in solid data security.
That's a lot of people, millions.
Maybe they just need to be reminded
that they can do it themselves,
easily,
with no dependence on Apple, Microsoft,
the Internet standards and no risk
of backdoors, etc.
Seriously. just hack the timeout out of the OS. I bet I could do it in a single day. The FBI is playing at something bigger here - they want to set a dangerous precedent. The battle is not about access to that particular phone (unless they are truly incompetent - which can't be ruled out, unfortunately.)
How would you do this, exactly? As far as I know, you'd have to find an unpatched exploit you can use over USB. That seems like something that would take longer than a day, unless you're amazingly good at this stuff.
As in another post in this thread,
I'm not really directly considering
the current FBI/Apple situation but
jumping ahead to the future
where, now, due heavily to
the current FBI/Apple situation,
I anticipate very broad, greatly
increased interest in encryption
people will want really strong
encryption, totally independent of
any big companies, totally free of any
chances of back doors, etc. So, they
will return to simple, open source,
command line software, run on an old
computer, never connected to a network,
that puts out just dirt simple
base 64 that move to, say, an iPhone
via some, whatever, diskette reader (?)
connected via USB. People are going
to quit just fooling around, roll back
to RSA, and trust a product of two
totally obscure prime numbers, oops,
really long prime numbers.
Here the FBI has gone a long way
to make their job impossible soon and
to have Apple make a new iPhone
that they solidly claim they just
cannot break
to replace all the ones they have
sold so far.
