When Steve told me that they were going to broadcast live the House of Representatives Judiciary Committee Hearing on Apple vs the FBI, my first thought was that watching that would be like volunteering for jury duty. I couldn’t have been more wrong. Steve and I watched all five hours and I was positively glued to my screen.
Before we dig in, let’s make sure we all know what the Judiciary Committee is, what does it have to do with the House of Representatives and what are they doing chatting with the FBI and Apple? I’m not a legal scholar, so I looked it up on Wikipedia:
The U.S. House Committee on the Judiciary, also called the House Judiciary Committee, is a standing committee of the United States House of Representatives. It is charged with overseeing the administration of justice within the federal courts, administrative agencies and Federal law enforcement entities.
Sounds like they have the authority to figure out whether the FBI maybe took a wrong turn when they tried to use the courts to compel Apple to comply with their demands. The Judiciary Committee could question whether use of the All Writs Act was appropriate, or whether perhaps the FBI should have worked with Congress to pass new law.
This Committee Understands Technology
There were a couple of things that impressed me about the hearing. First of all you might think that 5 hours was excessive and that it was caused by people droning on and on with their opinions. That was absolutely not the case. Representatives got to question the panel members but got precisely 5 minutes to ask their questions and elicit the answers. In all cases but one, they came in at their designated time and in several instances they got done early and gave their time back to the committee. It was amazing and I found myself wishing I’d ever witnessed a meeting at work that was run so crisply! Not at all what I expected of a government meeting.
The second thing that impressed me, which is much more relevant to our conversations in tech podcasts, is that for the most part the representatives were extremely well informed on the topic at hand. They understood what encryption is and why it’s important, and to be honest that shocked me! It is a prevalent opinion in our tech tribe that our government representatives don’t understand our world and we have to wait for them to die out.
I want to set up the framework of how the hearings work first, and then I’ll give you the highlights that caught my eye. There isn’t a judge and jury and witnesses, rather there are panel members who are called and questioned by the State representatives.
The first panel had just one person on it: FBI Director James Comey. Most of the representatives seemed to be grilling him, pushing hard on him that he had stepped out of bounds when he sought to compel Apple to create a tool to break their own security model. They forced him to admit that Apple had repeatedly helped them and been very responsive in this specific case. He stood his ground that it was only this one phone he was asking to break into but did admit that there were others waiting in line before him, specifically New York District Attorney Cyrus Vance.
One of Mr. Comey’s responses was disturbing. In questioning whether Apple could do more to help, he said that some companies have business models that allow them to view user data in clear text, and so they’re super helpful to the FBI in comparison. Sure sounds like Google’s Gmail he’s describing, doesn’t it? Anyway, the next thing he said was that he’s never heard this business model described as insecure. Um, really?
Director Comey seemed sincere and answered the questions given him to the best of his ability but it was surprising that he was not as well briefed on this as the Representatives were. They clearly had a better technical understanding of the problem at hand than he did, sometimes leaving him to say that he simply didn’t know the answers to their questions. I wasn’t surprised that he didn’t understand the intricacies of the topic, rather I was surprised that the Representatives DID!
Another concern in the tech sector is that our government representatives are too old to understand tech. People seem to believe that when we’re old we can’t learn, which kind of gets under my skin. I personally think that as humans we either have the tech bit flipped on or its off, completely unrelated to age.
Case in point, House Minority Leader John Conyers is 86 years old and started the discussion by saying, “strong encryption keeps us safe, even as it protects our privacy.” He went on to quote former FBI Director Hayden when he said that America is more secure with unbreakable end-to-end encryption. Conyers totally gets it. He was reading a lot of his prepared statements but later his questions showed that he was speaking from a depth of understanding of the issues.
There were a couple of other sound bites in the questioning of Director Comey. In particular I liked it when Representative Jason Chaffetz was questioning the wisdom of giving the FBI even more latitude than they have right now and he said, referencing the Snowden revelations, “you won’t even show us what you are doing now, why should we let you do more?” Chaffetz didn’t expect an answer.
Representative Jeffries made an interesting point. It was in the context of whether we should have a public discussion of our need for privacy. He said that if a user chooses a passcode, chooses not to back up to iCloud, and chooses to enable the feature to wipe the phone after 10 wrong tries, then the US Citizen has CHOSEN privacy and security, which should be an indication of what the people want.
In our Google Plus community podfeet.com/googleplus, Mark Pouley said that it bothers him when people refer to this issue as privacy vs. security when in fact it’s really security vs. security. If we don’t have privacy, we also lose our security. I had to applaud then when Representative DelBene said this isn’t a debate between security and privacy, it’s a debate between security and security. I think Mark gave her a call before the hearing and told her to say that.
Director Comey was eventually dismissed after a couple of hours (after profuse thanks for “donating” his time) and they brought in the second panel. This one was made up of three people: Bruce Sewell, lead counsel for Apple, Manhattan District Attorney Cyrus Vance, and my favorite person at the hearing, Dr. Susan Landau, who has a PhD from MIT in Cryptography and is Professor of Cybersecurity Policy at Worcester Polytechnic Institute.
Dr. Landau was was pretty much the star of the panelists as far as I’m concerned. I think her strongest point was that our phones are a way for us to store login credentials and that theft of login credentials have the most to do with our national security. She explained that in December, the Ukrainian power grid was hacked through the use of stolen credentials. This point held significant weight in the context of a phone from a terrorist.
Dr. Landau feels that the FBI hasn’t pursued every avenue possible, and that their excuse is that other branches won’t talk to them. She specifically cited the CIA as not sharing. She questioned whether the FBI had adequately used their funding to create tools to pursue these technologies without trying to compel a private company to help them. When questioned by Representative Conyers about whether encryption existed before Apple came along, she said that she was amazed that it took Apple so long to provide strong encryption.
My second favorite person in this five hour mini-series was Representative Zoe Lofgren. I loved her because she actually read Dr. Landau’s paper on cryptography! Ms. Lofgren did say that it was pretty dense and some sections took two or three reads, but she asked that the paper be submitted into the record. Maybe she was showing off, but dang, that was cool. Ms. Lofgren, after hearing about the option to turn on a 10-try password lockout, told the panel that she had just enabled it!
At one point New York DA Cyrus Vance said that a conversation of an inmate had been recorded in which he said that encryption is a “Gift from God”. Representative Jeffries pointed out the irony of this as a plea for more ways to track the bad guys, since they were able to record that conversation.
The only representative who didn’t seem to be helpful in discovery throughout the hearings was Representative Gowdy. He kept asking Apple Council Sewell what legislation he has brought forward to propose to solve this problem. He was very frustrated that Apple wasn’t providing legislation. I get the frustration – you know when you ask someone where they want to eat and they say no to everything but when you ask them to suggest something they say they don’t know or don’t care? I get that with food and other things but I’m pretty darn sure that it’s not Apple’s job to suggest legislation during a hearing of the Judiciary Committee. But then again, I’m not a legal scholar!
Representative Jerrold Nadler asked Dr. Landau whether allowing this back door to Apple products would keep bad actors from using any other end-to-end encryption tools. She answered, “No.” He then aked, “So we’re debating something undoable?” To which she simply said, “Yes.” Representative Lofgren also said, “This is a fool’s errand, we’ll never be able to practically do what the FBI is asking us to do”. These two statements were the most definitive statement in the entire five hours.
My understanding is that no particular decision will come of these hearings. This was an opportunity for the Representatives to learn and to use that knowledge in the development of future legislation. They could file a brief in the case against Apple by the FBI in California but there’s no guarantee of that.
I’m so glad that I had the ability to watch the hearings and I’m encouraged that our representatives have such a deep understanding of a topic so dear to our hearts. I hope this synopsis of the proceedings gives you hope as well.