Lawful Hacking: Should, Or Can, The FBI Learn To Overcome Encryption Itself?
U.S. lawmakers Tuesday once again brought Apple, the FBI, security experts and law enforcement officials to testify on the ongoing debate over encryption and the ability of investigators to access data on electronic devices.
A major theme that emerged from this latest hearing (though it's been discussed by some cybersecurity experts before) was the ability or the need of the FBI to improve its own technical prowess to crack encryption — something that wouldn't require the help of the tech companies or other third parties, like the high-profile case of the San Bernardino iPhone did.
"The fact that the FBI had to go to a third party indicates that the FBI either had or devoted insufficient resources to finding a solution," Matthew Blaze, a University of Pennsylvania computer scientist, told the House Energy and Commerce oversight panel.
As Apple, WhatsApp and others are rolling out a new kind of encryption that secures data in a way that not even the companies themselves can read what people say to each other, investigators argue, they're creating warrant-proof spaces for criminals.
"As far as I know, the FBI is not exaggerating or trying to mislead anyone when they say that there is currently no way to recover data from newer iPhones," testified Indiana State Police Capt. Charles Cohen, echoing what FBI Director James Comey has said about the mysterious third-party tool used to unlock the San Bernardino shooter's iPhone 5C.
And that led up to perhaps the most interesting exchange, between FBI Executive Assistant Director for Science and Technology Amy Hess and Rep. Diana DeGette, D-Colo.:
DeGette: "If third-party individuals can develop these techniques to get into these encrypted devices, why can't we bring more capabilities in-house to the government to be able to do that?"
Hess: "These types of solutions that we do employ and can employ, they require a lot of highly skilled, specialized resources that we may not have immediately available to us."
DeGette: "Can we develop those with the right resources?"
Hess: "No ma'am, I don't see that possible — I think that we really need the cooperation of the industry, we need the cooperation of the academia, we need the cooperation of the private sector in order to come up with solutions."
Apple's top lawyer, Bruce Sewell, said the company didn't yet have a formal position on this idea, of sort of a lawful hacking: "I think this is a very nascent area for us, but part the question is what happens to the result, does it get disclosed."
DeGette also asked him whether he agreed that the FBI needed to focus more attention on building up its own technical prowess.
Sewell: "I'd agree that we ought to spend more money, time, resources on the FBI and on local law enforcement, training ..."
DeGette: "And would Apple be willing to help them develop those capabilities?"
Sewell: "We actively do participate in helping them."
DeGette: "So your answer would be yes."
Sewell: "That we would participate in training, we would--"
DeGette: "... and helping them develop those new capabilities ..."
Sewell: "What we can do is to help them understand our ecosystem; that's what we do on a daily basis."
Sewell also said before the San Bernardino legal dispute began, the FBI and Apple were, in fact, working on an arrangement that would bring their teams together to discuss how the two sides view the role and future of technology.
The FBI's Hess told the lawmakers that what the agency wanted from the tech companies was "that when we present an order signed by an independent neutral judge that they're able to comply with that order and provide us with the information we're seeking in readable form."
Copyright 2021 NPR. To see more, visit https://www.npr.org.