Professor to Congress: 'Lawful hacking' is solution to Apple, FBI encryption issue

The only solution to the iPhone encryption fight between Apple and the FBI, a professor will testify, is for the feebs to morph into a tech-based – not agent-based – agency and engage in 'lawful hacking.'

hacker hacked threat
Credit: Thinkstock

A snippet in time: If you are lucky, then you might have a horse or mule to help you work your homestead. There’s no microwaves, no instant-anything; if you don’t want to starve then you have to kill animals for meat, grow a garden and make bread from scratch. That implies needing firewood by cutting down trees and chopping the wood yourself. Some people have slaves do the hard labor. Your life expectancy is a mere 36 years and you take fighting for freedom and liberty very seriously.

Naturally there are no such things as text messages or phone calls; to send a message over a long distance, you might use a lantern to signal a message such as “one if by land, two if by sea.” George Washington is President and John Adams is Vice President; there’s the first U.S. Congress ever and the U.S. Constitution is brand-spanking new. The year is 1789, when the All Writs Act was first conceived as a part of the Judiciary Act of 1789.

227 years later...

227 years later, the government wants to use the 1789 All Writs Act to force Apple to create a backdoor into iPhones; yesterday U.S. Magistrate Judge James Orenstein called the very notion “absurd.” He wrote, “The implications of the government's position are so far-reaching – both in terms of what it would allow today and what it implies about Congressional intent in 1789 – as to produce impermissibly absurd results.”

Judge Orenstein said that suggesting Apple must help the government because it reaps the benefits of being an American company “reflects poorly on a government that exists in part to safeguard the freedom of its citizens.”

The FBI demanding a backdoor dilemma could be addressed by Congress, “rather than through a warrant request based on a 220-year-old-statute,” pointed out (pdf) Apple General Counsel Bruce Sewell. He is one of the people testifying today at the congressional hearing, “The Encryption Tightrope: Balancing Americans’ Security and Privacy;” FBI Director James Comey, New York District Attorney Cyrus Vance and Professor Susan Landau will also testify before the House Judiciary Committee.

Despite earlier claims, the government doesn’t want the backdoor for just the one iPhone that sparked the case. Sewell’s prepared testimony (pdf) said FBI’s Comey admitted the feds would use the precedent in other cases and DA Vance currently wants to use it for 175 phones.

According to Manhattan District Attorney Cyrus Vance’s prepared testimony (pdf), out of 670 Apple devices in its Cyber Lab, his office is locked out of 175 iPhones running iOS 8 or higher. He mentioned a Texas DA was locked out of 100 encrypted Apple devices last year. In just two months of 2016, Chicago’s State Attorney cannot access 30 encrypted Apple devices and Connecticut is locked out of 46. Vance claimed that so far into 2016, investigators can’t crack eight to 10 Apple devices every month.

Vance argues that iOS 7 was secure enough and law enforcement could get the data they wanted off the phones. He doesn’t understand why Apple moved to the encryption available via iOS 8 as “individuals’ phones were not being stolen and hacked into.” Although the encryption available since iOS 8 may have been in response to what Edward Snowden revealed about NSA data collection, Vance said “data collection has nothing to do with smartphone encryption. Smartphone encryption would not have prevented the NSA’s mass collection of phone-call data or the interception of telecommunications.”

There’s also prepared testimony (pdf) from Susan Landau, Professor of Cybersecurity Policy at Worcester Polytechnic Institute who previously worked as top privacy analyst at Google; she was inducted into the National Cyber Security Hall of Fame of in 2015. She maintains the Apple vs FBI backdoor encryption drama is not a security vs privacy one, but a security vs security problem.

She suggested we should both praise Apple for strengthening security as well as help law enforcement move toward a twenty-first century approach to investigations. The FBI needs to move away from being an agent-based intelligence agency and instead become a “technology-based investigation agency.” The solution to the dilemma, she said, is for the FBI to use lawful hacking for wiretapping.

If I understand correctly, then if, for example, the feds infected a person’s device with a remote access Trojan, aka Trojan horse warrants for remote searches, and the RAT captured and intercepted data going to and from the device, then that’s wiretapping. For a Trojan horse spying program, the feds only need a search warrant; if it also intercepts communications then it needs a wiretap warrant.

Landau testified:

A lawful hacking approach to wiretap investigations means that law enforcement must work a little harder. Wiretapping investigations must be individually designed for each target (sometimes the same solution may work against more than one target). This is expensive, but that is not necessarily a bad thing; it means that we are not encouraging widespread wiretapping. I know that this is a value the Judiciary Committee holds dear. The lawful hacking approach to wiretapping provides a roadmap for the locked smartphone situation.

She said this is the “only solution that protects our security and enables law enforcement to do its job in the face of advanced communications technologies.”

You can watch the congressional hearing live here.

Cybersecurity market research: Top 15 statistics for 2017