tv The Communicators CSPAN February 29, 2016 8:02am-8:31am EST
one that bill come back to bite apple users around the world. >> host: mr. seive, same question. >> guest: we see it fundamentally a proper balance the tool was intentionally designed to be impenetrable. as a result. we believe it threatens the way that our search and seizure laws were designed to operate where reasonable searches under lawful warrant can obtain access to evidence. we view it as a real threat to the full trump crumb balance of privacy and security sits on. >> host: tim cook in his open letter writes about this issue. the government suggests this tool could only be used once on one phone. that is simply not tool. once created the technique could be used over and over again on any number of devices. in the physical world it would be equivalent of a master key
capable of opening hundreds of millions of locks. >> guest: i think there is a lot of hyperbole in mr. cook's letter. the existence, we like the analogy. the truth is when you look at physical world, all sorts of private information exists in the physical world, medical records, business records. where those records are stored law enforcement with a warrant can access that evidence. it is available. there are keys to physical doors. there are keys to safe deposit boxes and also, private companies are required to comply with warrants in order to access even locked physical devices n this instance they're, the fbi is asking for, asking for with a magistrate's order apple to simply unlock their own device. this is technology, these are technical means they have admitted that they have at their disposal already.
>> guest: if i could push back on that though. that is different. we're not asking them to unlock a device. they do not have right now a key in their position. what is being asked of them they build code to break their device. in other words that they actively create a way that they can access their device and make it less secure. that's different. a warrant entitles you to search a place. it doesn't entitle someone, doesn't entitle you to get something. it entitles you to access if access is possible. that's different than saying, oh, i'm going to actually make you build a vulnerability that can be reproduced or asked for by china or illicitly asked or, illicitly accessed by hacker. >> guest: on that point, chris, one of the things doj is saying, this is not a broader attempt to break encryption. this is really sort of reviving this encryption debate but they said we want to disable non-encryption barriers, auto
deletes on the pass code. this is more narrowly tailored request. how do you push back when they say this is one time thing for one phone, we're not undermining encryption. this is access and apple keep custody of the code they write? >> guest: it is true we're not breaking encryption by doing this, but we're breaking security features of the phone. i think policy debate got broader than just encryption versus not encryption. that's the first point. i think reality there is already 12 cases outstanding where the fbi is asking them to do this in other cases. the reality if we set this precedent now we are going to be setting a precedent where i can get your help whether you want to give it to me or not, to turn your device into either something that can be accessed by the government or a listening device. i think that we don't want to precedent where the government is able to force people to turn
devices we rely on into spies on us. >> guest: i think that is a significant overstatement of what the risk is here. what we're describing here is the normal operation of the fourth amendment for hundreds of years which is that even the moss private areas, the most private locations, can be accessed with a warrant, with, we're not talking about mass surveillance. we're not talking about government turning devices into listening devices. we're talking about court supervised warrants and ability to access evidence. the question people need to have what is the alternative? these devices have been intentionally designed to be impenetrable by normal legal process. that is not the way our system is designed to operate. that is a choice that apple and these companies have made for largely business reasons. and there is no question, he is correct, there is both an individual instance that we're dealing with with the phone that was used by the san bernanadino
terrorists. there is a larger question whether these companies should be able to mass market technology intentionally designed to frustrate the legal pros es. >> guest: to be clear, it is knot intentionally designed to frustrate the law enforcement. it is designed to be safe and secure for personal users. whether it is your bank access, whether pin numbers, personal information about you, all your emails, they're designing it to be safe, to be impenetrable not from law enforcement but everyone to say secure in our digital word. >> host: is this different than looking from somebody's emails going to jordan, per se? >> guest: that is book a different set of laws. there is different angle on policy debate. what is one that is valuable policy debate but i think it is
important to note that these companies were and able to and did work with law enforcement for years in responding to legal process. to say that this was not intentionally designed to frustrate law enforcement i believe is misleading. in the announcement of this, part of the announcement and rollout of this technology was a declaration they would no longer work with law enforcement on these. this is the experience that our agents have had in the field where even outreach to these entities to participate in discussions on these topics have been met with the claim, that, from apple was met with silence and from google was met with a claim they would only respond to legal process. so we're, we are at this location because we were forced to be here by these companies business decisions. >> guest: talk about legal process though. is there any concern that the statute, the law is government is relying on in this case goes back to our founding, centuries old, that is the legal rationale
they're currently using in this debate? >> guest: i don't think so, the all writs act, talks to procedures available to the court to enforce a warrant and been applied to modernize technology many times over the years. this is not the first time it has been used with a technology that didn't exist with the time the all writs act was enacted. it has been applied to security video, applied to credit card records. none of those existed in the 18th century. >> guest: it is pretty wide-ranging change now. while i agreed we clearly applied the all writs act in the past, this is make no mistake, this is policy dispute. we're deciding if we decide to allow access of this type, a magistrate court would essentially be saying there is little or no argument to keep china from doing this exact same thing. there is little or no discussion of who else might be able to access this or, will the security implications of
creating a book door that might be misused by hacker. so this goes far beyond what a magistrate can honestly grapple with in the course of interpreting the all writs act to a sea change around privacy and security of our device. >> host: what exactly is the all writs act? >> guest: the all writs act is 1789 statute that essentially says you must give assistance to lewd enforcement when they come to you with a warrant and essentially producing information on that warrant but that's a little bit different. what we have here is not just assistance, not the landlord uses his key. it's the landlord drills a hole in the safe, or worse yet, the safe company is required to put a backdoor lock on their safe that law enforcement can use to open. so we're taking a substantial
set beyond assisting in pursuit of a warrant to essentially rebuilding security and access control. >> guest: but we do have to ask the question what the alternative is? we can debate, there are a variety of mechanisms that exist to address this issue. there are split key options. there are backdoor master key, whatever you choose to characterize. there are a range of options. however right now none of those options have been used and what is true is that these devices are locked to law enforcement. apple is refusing to comply with this and other warrants. as a result, those phones act as active safe havens for people who want to conduct criminal activity. >> how valuable is this phone? this was county owned work phone owned by syed farook one of the shooters in the attack. he and his wife devoid them. they dropped other electronics in a lake. they went to great lengths to
cover their tracks elsewhere. this is county-owned phone. do you believe this is that important to investigators? >> guest: i believe we have a fourth amendment process we don't force people to answer the question before you have seen the evidence. if you have probable cause and obtain a lawful warrant, that you look for the evidence then. the whole point we don't know what's on that phone. so pointing to that lack of knowledge as evidence that we shouldn't see what's on that phone turns warrant system on its head. >> guest: i do think it is worth acknowledging here while it is fine to say we should have this debate the reality there is vastly more information available to the fbi now than there was 20 years ago, vastly more. we are communicating in texts. we are sending, hundreds or thousands of emails a day. all of this information is out there, much of it is accessible not on the phone but in the cloud and other devices. so when we say, we need information to build a criminal case, location information is available routinely, the reality
is that we have a ton of information. what we're saying is that in a very narrow case when other security interests are at stake we may not have universal access to all information because we're potentially recall haing the security of every phone, everyone who hold as phone. >> host: critical la brees, do you have a problem with mr.-- critical la brees, to you have a problem with mr. farook's cloud being addressed? >> there is question of legal standard. right now the legal standard for accessing information in the cloud is not a warrant. the law that deals with that is very out of date. there is a bill before congress that would update that. it is being held up by civil agencies and law enforcement interests. we can actually have a question about what the right standard is. accessible with a warrant? we don't have a problem.
>> guest: glad you brought up that law. fbi executes wants for all that, even though it is not required under the electronic communications privacy act. the fbi uses warrant for all content. we have serious questions about other aspects of that law. the discussion of electronic privacy law like the law chris mentions provide a very useful tool to have that this discussion. if you don't think all writs act is the proper tool, if people have concerns the fact, yes, there are broader ways to access this information, so creating this tool for even cyber criminals, which is, one impenetrable tool in a tool of accessible information, we think that debate should be, should be joined by congress and that legislation would provide ample opportunity of that discussion. >> based on what you know of the case and your expertise, do you
believe investigators made a mistake telling san bernardino county to reset the apple i.d. password on a phone in a way that precluded another attempt at backing up that data on the cloud that would have been available? did they make a mistake? >> guest: i'm far removed from every detail how apple conducts backups. i still can't get rid of that u2 album off my itunes. there is fact all dispute between fbi and apple how that exactly played out. it is a separate question from the one presented here. should apple comply with that magistrates order or not. >> guest: i think there is no question they made a mistake. to be fair every investigation will not be conduct the perfectly. putting that aside i think reality is, if we have a device that is likely not going to con an taken useful information, that could have been accesses
without this mistake, access that information, this really the hill that we want to create a huge new precedental louing, to allow law enforcement to build weaknesses and backdoors into devices? i think it is not. i think this discussion should go to congress and continue on past this court proceeding. >> despite those issues that you raiseed, people came out on monday -- pew came out on monday, one poll, some polling may have different polling with different numbers, in this poll, 51% side with the fbi. 38% side with apple. is apple losing this -- this is very public fight. are they losing this in the public court of opinion? >> guest: i don't think they are, perhaps i'm a sunny optimist. the fact we're talking about a high-profile terrorism investigation and the fact that 40% of people on fairly esoteric
issue understand that like, their privacy is so at stake and their phones are so sensitive they're willing to say even in this most extreme of circumstances, high-profile shooting, we still don't want to see that phone accessed, i think that's big deal. >> guest: i would contrast that to i think that number speaks to something different, which is if you take into account massive amount of resources that these very large companies have the put into public relations, and lobbying, and outside groups that are, serving as advocates on these issues, in the face of all of that, that 51% of the people, many of whom who are loyal apple customers, including myself, still have questions about these companies choices, marketing choice, i think that number is actually very persuasive. >> host: josh zive, has apple ever unlocked phones for a criminal case? >> guest: sure, although i think we both would agree the newer
operating system presents a different technological issue than the past ones. they certainly cooperated with law enforcement scores of times in the past with their technology. >> guest: to my mine that only underscores the seriousness how they view this incursion into their device. i mean, listen, josh said it, well, there are billions people buying iphones. they're in the business of selling phones to lots and lots of people. if they thought there was a risk of alienating their customers i think the smart corporate money in a lot of places, would have said, you know what? i will not pick this fight but i think they recognize this is a sea change. this is us turning the device, this is companies being forced to turn devices on their users. if we go down that road, no one is going to trust these devices. that will have bigger impact on apple than anything. >> guest: i continuathathathatf
protecting rights of human rights advocates in china, protecting my information against a hacker. that may have a greater benefit than the marginal effect on law enforcement. that is a legitimate position to be in. i think that we shouldn't for close that discussion in any way >> guest: we agree, but this discussion, this discussion should have occurred before these companies put millions and millions of these devices on the market because implications of this for law enforcement are already being felt. our local and state law enforcement brethren report multiple investigations on things ranging from low level crime, child pornography, abduction being frustrated by this. it will only increase. we can have this discussion but we can't have, there needs to be action and there should have been responsibility from these companies on the front end, certainly law enforcement warned about these implications at the beginning and i think somehow convincing people their information is secure as a result of this device is frankly
misleading. >> are lawmakers acting in bad faith when, a lot of lawmakers support apple and strong encryption, they come out and saying we node to deal with it. they haven't dealt with it because -- >> guest: it has been a difficult issue. a lot of lawmakers are hesitant to get involved in complicated technological investigations. sometimes take as moment to clarify a topic. there is no question, being faced with looking at cell phone used by terrorists knowing that there is information in there we don't know what it is and we can't get it because of choices made by these companies, i think that certainly has clarified issue for a lot of people. >> congress doesn't act, this wind up in the supreme court? what does that look like? >> guest: those may be separate questions. this litigation will unquestionably proceed regardless of the outcome at district court level. also should be a policy discussion that occurs. >> guest: i think we're at the beginning of exploring legal
issues. i mean we haven't even talked about the free speech implication of requiring apple to essentially certify that a device is secure when they know it's not. essentially forcing the company to the say something to its user, i.e., this device is secure, this update i am sending the device is update you can trust when they know that is not the case. we haven't even talked about that. i think idea of the government preapproving technological changes is terrifying. i think we should worry about that. we should worry about saying, well, i can't roll out, strong, powerful safe devices until i have gotten signoff from the fbi. nobody wants that. >> guest: i think that is interesting concept. it was not one that barred apple from running their security protocols by the chinese government when they wanted to get access to that market. they're concerned about human rights seemed not as strong when it came to actually building those phones in those markets. i think idea these companies are acting purely out of civil libertarian desires, i am
literally the fan of civil liberties you'll fine. i don't think it is true. >> host: back to tim cook's letter, mr. zieve, we find no precedent american company being forced to expose its customers to risk of attack. for years technology experts have been warning of weakening encryption. >> guest: i don't think that is accurate there. is range of precedent requiring private companies to access private information that was private. such as credit card companies. credit card companies under all writs act there was no precedent until the precedent was set requiring those companies to turn over sensitive financial information. if you read what the motion to compel actually requires, the software that is being asked to be used to essentially turn off the booby-trap built into this phone that would destroy it upon
10 password uses, that will be held by the company the same way that the expertise to create that software is already held by the company. so, i don't think you have a marked difference. >> dig into the technology for a second here, right? at least as an initial matter, yes, i'm going to send, probably end up happening i would send the device itself to apple, right? apple then would essentially create software which would trick this device into changing its operating system, say you can trust this download. we're going to certify that to your device. that is fine it is held in apple's hands today. the reality if that precedent is set, i will have a precedent that updates me be falsified. if you put five security experts around this room i think they would tell you one of the single greatest innovations and most important changes in cybersecurity last 10 or 15 years is the universal update.
we're auto updating devices so we know when there are security vulnerabilities they get patched. if we break that process if we say, don't update your devices because you don't know what's in there, you can't trust the company to tell you that this is actually a secure update. it may be something else or worse, that this update process could be subverted in some way by a hacker, we have broken huge, huge improvements to cybersecurity and rolled us back a substantial amount. that is something we should worry about independently. why this is something congress should be considering, not a magistrate judge in california. >> seems like every week we have a new story how silicon valley and washington are not getting along. this seems to a lot of us borne out of the edward snowden revelations of 2013 that really affected relationship. is this sort of the new normal? are we having this debate now because of those revelations? this is why apple and other companies decided to go this far
on the side of digital privacy? >> i can't speak to their motivation in terms of snowden. it certainly hurt them. no question they suffered really unfair reputational loss based on legal harms they couldn't do anything about. i mean right now, not to get too far afield, but right now there is something called the privacy shield which is the framework that allows information to be flow from the e.u., from europe, to the united states. that agreement was essentially wiped away by european courts because of their concerns about, about domestic surveillance and requiring companies to comply with that surveillance. so that threw thousands much companies into disarray and their practice. they clearly felt harm. there is nothing they can do. they're complying with legal orders. hard to look at them and turn around and say, you must continue to comply with these legal orders even though it is likely to cause you even more financial harm.
i mean at minimum the fbi and other law enforcement need to recognize what they're doing is causing financial hardship to companies, as well as harming devices. >> guest: i mean, i'm sure we feel bad that they, marketing choice that these companies, which are very successful companies have made, that we are proposing a solution that in order to solve very dangerous crimes, may not be fully consistent with their investor goals but the truth is nobody is more sensitive to cybercrime than the 13,000 agents who are member of the fbi agents association. not only are these crimes that our members are dedicated to trying to solve every single day, because as director comey often says, cybercrime now is crime, right? it perpetrates all types of crime. and our members were also, almost everyone of them, was a victim of the recent, very large, hack into the office of personnel management. our people are very sensitive to
these issues but they also know that in the midst of this, it means that our constitutional system should set the rules for how you access information. not marketing teams. >> i am glad you mentioned omb hack. for folks that aren't familiar with it, 24 million people, federal employees, most personal information held by the federal government hacked this was their personal background checks, right? literally mental health history, they have a drinking problem, everything in their background check. i can't think of anything more secure than that. if we can't keep that secure, is anybody really believe we'll be able to keep whatever technique we develop as part of this process secure? >> guest: that is kind of the point. that information is all hackable. all these companies have done, the one thing that hasn't been a big source of threat is the physician cool phone. >> guest: but they could have kept it secure because they built the security.
>> guest: until the recent operating system we didn't have problems before, you're creating a tool for very hackers, our agents make their jobs substantially more difficult to investigate and prosecute those kind of people. you're handing that tool, for profit to criminals around the world. >> host: chris, how does the center for democracy and technology want to see this play out? >> guest: i think we want to make sure we protect people's privacy. at the end of the day, we don't want to see apple forced to build malware. i don't want to see apple doing a cyber criminal's job for them, forcing them to build a product that is going to hack their device. to me that's a terrible outcome likely to make all of us less safe. >> host: josh zive? >> guest: we would like to see apple stop selling malware for initial phones being used by the very people and being marketed
based on the false promise of security. because their information is already vulnerable. but what is really a tool that frustrates and inconsistent with our constitutional system of search and seizure. >> host: josh is special counsel for the fbi agents association. chris calabrese is vice president of technology and democracy. spent several years at aclu. dustin volz. thank you. gentlemen. >> guest: thank you. >> fbi director james comey talked about the bureau's attempt to have apple help in the san bernanadino investigation at a house appropriations subcommittee