Under oath during a Congressional hearing on Thursday to answer questions about the FBI’s battle with Apple over encryption, FBI Director James Comey was forced to admit that the outcome of the court challenge will “guide how other courts handle similar requests” from law enforcement, conceding that the agency’s demands would have on impact beyond the current investigation — walking back previous comments that the agency wasn’t trying to set a precedent or “set a ‘master key’ loose upon the land.”
The change in tone — which saw Comey also say that “there are no demons here” in the fight between it and Apple over how to investigate a passcode-protected work iPhone issued to San Bernardino gunman Syed Farook — may be due to being sworn in during the hearing, which was held by the House Intelligence committee.
It is also possible that the softer language may have come as a result of increasing revelations about how the FBI and San Bernardino County Health Department officials may have self-sabotaged their attempt to break into the iPhone 5c before alerting Apple to what they were doing — leaving the iPhone maker to tell them that there weren’t any further lawful options it could offer to help the agency obtain the contents of the encrypted iPhone. Comey previously suggested that Apple’s tough stance on user privacy was “a marketing gimmick,” hinting that the agency considered Apple’s refusal to be motivated by “brand protection.”
Unlike in other appearances and interviews Comey has given since the fight began 10 days ago, the director mostly deferred technical questions and inquiries from committee members about the implications of a positive outcome for the agency in the current court hearing. Comey relied heavily on phrases like “I’m not an expert” when challenged on the ramifications, but did claim that technical and legal experts had told him that “technology [is] the limiting principle” preventing access to the work-issued iPhone — which Apple has denied.
Under questioning, Comey acknowledged having said that the agency was requesting Apple’s help for a “one-time” use, but also agreed that other agencies, such as the Department of Justice, police departments, state attorneys general, and others were also seeking access to iPhone contents through court actions for various cases mostly revolving around drug dealers and similar mundane criminal activity — and that a win for the FBI would “guide how other courts handle similar requests.”
The outcome of the San Bernardino case would be “instructive for other courts,” Comey said, admitting that the agency was hoping to reshape public policy on forcing smartphone and other tech companies to weaken or alter their security standards for all manner of law-enforcement requests. Apple, as part of its informal and formal responses to the court challenging the order, said that the passcode-defeating tool the FBI was asking the company to make could not be limited to a single iPhone, but would instead have to work on all models of iPhone.
Technologist Jonathan Zdziarsky, who has been following the case closely, agreed with Cook’s claim that such a tool would have to work on multiple iPhones just to ensure that it worked at all, and that the underlying code would allow the FBI or other companies forced to work with the FBI to develop similar software for all other models of smartphone and mobile devices. Cook described the theoretical compromised iOS version the FBI wanted as “the software equivalent of cancer,” and said it would fall into hands that would misuse and abuse it.
During the hearing, Comey — who had been saying he was “not an expert” when it came to technical questions — contradicted software engineers by insisting that the possibility of such a tool falling into the “wrong hands” was “not a real thing,” and pointed to Apple’s nearly-flawless security record as proof that Apple has “done a pretty darn good job of protecting its code.”
Representative Jim Hines (D-Connecticut), noted during the hearing that if Apple was forced to write the kind of program the FBI wants, the company would “become a target” of various nefarious groups, including “our sovereign adversaries, of criminal enterprises, of terrorists” attempting to obtain the tool or the code that would let them reverse-engineer their own from any source possible — from Apple’s servers to underpaid government employees, to simply hacking into government computers as has happened on a number of occasions.
Hines said the FBI was essentially asking for a mandate to force Apple to create a security vulnerability in its products that jeopardized customers’ private data for the convenience of limited law-enforcement advantage. “There’s a legitimate worry … that a decision in favor of the FBI could be the narrow end of a very wide wedge,” he said. Republicans on the panel tended to indicate that they are supporting the FBI’s case, often claiming that the court order was “just like” FISA warrants or other sorts of court-ordered writs.