tv Discussion on Encryption Technology CSPAN March 4, 2016 8:38am-10:01am EST
>> next a panel on smartphone encryption and the debate over the fbi's request for apple to unlock the phone of one of the san bernanadino attackers. california congressman ted lieu took part in this event from the wilson center from washington, d.c. this is an hour and 20 minutes. >> okay. >> okay. >> good afternoon, everyone, who is physically here or watching. i'm june harman, the president and ceo of the wilson center,
recovering politician. my role in congress for most of my nine terms overlapped a subject we are dealing with today and it is great pleasure to welcome good friends on this panel. shoutout to my congressman and good friend, ted li e.u. for joining us. ted is literally my congressman. i'm a resident of venice beach california, which i represented all those years and ted represents california and all those parts and ted, thanks for looking out what was my young son dan, while you were a member of i guess the state assembly or torrance city council. we go way back. encryption is timely and it is important. ted is on of the only members who understand the bits and bytes thanks to bachelor degree in computer science in stanford.
no one here missed showdown between apple and fbi. jim comey says he need as apple help breaking into san bernardino gunman's home. apple says complying complying e endanger its products and data everywhere. we should all care how this end. we're in uncharted territory. the fbi want tim cook's engineers to build a brand new custom operating system. critics call it gov-os or fbi-os. an operating system would be easier for the bureau to open and search. some call it a golden key or backdoor. director comey says it's a front door. a law full search for leads from a dead homegrown terrorist. either way it is a battle over much more than one phone. manhattan's district attorney cy vance says he has 175 apple devices in sitting in new york evidence lockers he can't
unlock. the los angeles pd has several hundred more. apple has already flagged more than a dozen cases across the united states where the fbi wants it to crack down, to crack its own security systems. if apple unlocks one device where will the line be drawn? the endgame, what every it is, will impact your phone, my phone and millions of others. it could have huge consequences for american tech firms. american cops and spies and every american and probably every world citizen's cybersecurity. as i mentioned this is an area i know something about, i was a senior member of the house intelligence committee on 9/11. i was briefed as part of the so-called "gang of eight," what was then called stellar wind, which was precursor to the bulk telephone metadata program. i insisted then and believe now that security and liberty are not zero-sum game. you get more of both or you get
neither. two former congressional colleagues of mine, ted's colleagues, zoe lofgren of california and darrell issa a republican, wrote an op-ed yesterday for "the los angeles times," my hometown paper. they say the debate is too big for one courtroom. a conversation belongs to congress. and so here at the wilson center today we want to kick-start that dialogue. we have a rock star program starting with congressman ted lew, a leader on these issues. one of congress's few genuine techies. we are pleased to welcome another good friend, kate martin, senior fellow at center for american progress and former long time director of national security studies and someone i consulted regularly trying to wrap my old brain around these very tough issues. we also have susan hennessey, is she here?
there she is. managing editor of law fair and national security agency lawyer and dave perera, cybersecurity reporter for powe lit call pro and expertly moderate the panel while congressman lie. that will be a thought south. ted directs digital futures program. everyone would agree she has brought incredible tech expertise to the wilson center. i don't know how she learned all this stuff since i remember her as a staffer on team harman on capitol hill, i don't think she did anything like this. again the world wasn't like this. that is the point. the world is evolving minute by minute. we're going to stay on top or ahead of this at the wilson center. it is really good news a few people in congress are paying attention.
please welcome our panel and our moderator. [applause] the. >> thank you so much for coming. we already had introductions. we'll be taking questions from the audience after i had a chance to exercise my ego a little bit and ask panel some questions. so -- >> sure. thank you, such an honor to be here and let me thank jane harm man and the -- jane harman, and the wilson center. it was honor growing up watching jane harman. i learned so much from her. she worked on bipartisan basis to get things done in congress. i saw her amazing leadership on national security. back then as i say now, i went to sleep at night perfectly fine because she was my congresswoman. thank you, jane, for all that you did for our country, i really appreciate it.
i'm honored to be here on this terrific panel, as congressman harman said i'm recovering computer science major so i know a little bit about cs issues. i served active duty in the air force. i'm still in reserves. when it comes to terrorists i believe we should hunt them down and kill them. government first priority is public safety. that is why i support apple's position, strong encryption is u.s. national security priority. i will make three brief points. i believe the fbi intentionally is trying to frame this issue as one of privacy versus national security. that is the wrong frame. the actual frame should be making some law enforcement investigations easier versus national security. and if you look at our national security leaders, none of them are saying, yes, let's weaken encryption, let's put in backdoors. in fact they're saying the
opposite. it is quite extraordinary. you have a secretary of defense strong encryption is u.s. priority and against backdoors and shouldn't do thing made on moments of anger and grief. he is directly undercutting fbi message. director michael hayden, says strong encryption is a national security priority. that should be the right frame. do we want to make law enforcement's jobs somewhat easier then weaken national security? that is the debate. second point you layer on top of that all enormously important issues, privacy and our relationship between our government and you, right? how much do you want our government to be able to compel you to take extraordinary actions to assist law enforcement? let the apple team that developed this smartphone left, went to google. could the fbi then compel google to do extraordinary actions to help break into an apple
iphone? what limit do we have? what end do we want? do we want our government to be able to compel people to take these actions to help law enforcement? on top of that we have effects on u.s. businesses abroad and this is now going to affect smartphones here and businesses here but countries around the world. then the final point is, because of how important these issues are, we really shouldn't let precedent be set and these issues decided by unelected judges interpreting an 18th century statute. that is what the department of justice and fbi are trying to do, using all risks acts something passed in 1789, nearly 90 years before alexander graham bell invent telephone. they're trying to use that as precedent. that is wrong and this is something congress should decide. i look forward to answering questions and listening to my panel members. >> thank you so much. that sets the stage a fair
amount. in order to tackle this issue it's pretty complex, there is a lot of moving parts. we decided we're going to divvy it up into a tale of three iphones. so we have the first iphone is setting off at least in context of apple and the government trying to get special access to an apple device and that is an iphone that is at the center of or periphery, rather, of a methaphetamine distribution case in new york city. susan, can you just quickly tell us what's going on there. >> right. this is the case -- so this is the case that you might have heard of over the past couple days of a new york judge says fbi can't force apple to unlock an iphone. you might be sort of confused there are multiple cases going on. this is a case in new york in
eastern district. sorry. new york and eastern district. what is really important to understand about that case it is ios 7. the difference between an ios 7, there are number of detailed technical differences how device is created. important thing to understand apple has the capacity not to unlock the phone but bypass the lock mechanism to extract data. they maintain that capability voluntarily. they provide the service to the fbi approximately 70 times in the past pursuant to all risks act order. they have declined to do so in this case. so they're challenging the use of the all risks act to compel the kind of assistance at question. so it is important to sort of understand where we are, sort of the questions about compelling them to write new codes, those arise in california some months later. so magistrate judge in new york has said this is an improper application of all risks act.
department of justice has already appealed that decision. it will certainly go up to the district court if not circuit court level next couple weeks. >> kate, should the, should apple, it has done it 70 times before at very least, unlock that iphone? doesn't require it to code a custom operating system which is what the fbi is asking for in the case of the san bernanadino shooters county-issued. wasn't his own iphone. county-issued iphone. should they do it in brooklyn? >> rather than answer your very difficult question, i will lay out what i think are the issues are. this case and san bernardino case where government, law enforcement has a warrant to get the information it is seeking on the phone and when you step back and we talk more broadly about
the encryption debate one of the things that we have to keep in mind, when law enforcement says, well, we only want to get access to information for which we have a warrant, that in fact that is not completely true. that there are many instances in which they want access to information in which they don't have a warrant. and so this, that is an important backdrop. so here they have a warrant, which means that there is no fundamental forth amendment problem in getting access to the information on the phone. and the case really does resolve, revolve around the application of the statute, the all risks act. the way the all writs act comes up, the congress required
telephone companies for example, to provide technical assistance to law enforcement when they want to conduct a lawful wiretap with a warrant. >> through colea? >> no. just through, there are sometimes through colea, but colea does something slightly different. the wiretap act itself. the several provisions of the wiretap act directly require telephone companies to give assistance carrying out wiretaps. we have colea which was a statute that said they have to build the telephone systems in a way that they will be wiretap accessible but we leave the details of that up to the telephone companies. none of those statutes which specifically require companies to help the government in carrying out warrants apply to apple. in this situation or to the
iphone. and so the government is relying on the all writs act as a quote, gap filler statute to say you have an obligation to help law enforcement facilitate this lawful search. >> can you voice an opinion, are they doing, is apple doing the direct thing by resisting fbi request specifically in brooklyn which susan noted which is different than the one in san bernanadino? >> i think apple is correct requiring a court to rule on these legal issues rather than simply turning over information in response to a court order. i think it is more, i'm now going to state an unpopular opinion. i think it is more questionable whether or not it's such a slam-dunk one way or the other.
i think in some ways i'm not sure that i agree that we want congress to take this particular issue right away. one of the things, this particular issue, one of the things the court can do which congress is not so great at, look at specific operating system, the specific ways in which apple would have to take steps to unlock that operating system, the specific reasons why the government needs the information, and what the warrant is for the information. and the all writs act in some ways says to the court, look at all those factors, balance them, and come to a conclusion about whether or not the court is going to compel apple to give assistance in this particular case. so i'm not going to express a view about that particular case. i do think that there might be
some utility in, for those of us who care about privacy, to recognize that the all writs acts could have a useful roll to play because it requires the involvement of a judge and requires a particular showing by the government before can invoke that assistance. >> ted? >> i actually don't disagree with you that congress shouldn't take this up right away, which is why i'm a coauthor of legislation chairman mccaul and senator warner introduced puts expert panel of very important people that could look at issue. something congress can do that courts can't, look at much broader issues, how it affects society as a whole. have lots of hearings and intelligent experts, people from
the wilson center weigh in and we can craft policy. i do need take time on this. this is very complicated. on your case, i give you my answer, i support apple's position as does the judge in this case, judge ornstein, who wrote an opinion i thought was a pretty good opinion. he writes in there that he doesn't believe that the folks that passed all writs act in 1789 intended to solve that debate then and we're in a whole new world in 21st century. applying a 18th century statute to 21st century problem won't give us confidence in the results. i would note that the fbi director wrote an open letter recently. how many times has the fbi director done that? he could have done that earlier in this case, the san bernardino case. they realized having, making prosecution of a drug dealer
versus privacy, that was not a very good frame for them. so i do think that there is some intentionality behind the fbi picking this specific case. to me that does seem inappropriate. >> so i will give you an answer. i do think apple, so i think the first thing to note, there is nothing unpatriotic about apple challenging a court order. that is right of an american company. if a company believes there is defective process it's their right and their obligation to insure that a federal judge take up the issue and tell them yes or no. so with that at the outset, that said, judge ornstein's opinion, which will certainly go up on appeal and get the ultimate answer on that, regarding the applicability of the all writs act, look, yes, the all writs act is 1789 statute. the bill of rights was ratified in 1791, two years later. we still think that is pretty good law. the notion that laws die of old age just doesn't hold.
that is sort of not, i think another way to refer to those laws would be bedrock principles, right? foundational to the united states jurisprudence. i think it is important to understand there are a lot of ways to look at these things. the important thing about the apple says there are no security concerns there, right? apple has the software in question. they voluntary engineered it. they protect it. there has been no, no intimation ever been compromise in that case. there is a warrant. now, i think it is important to sort of understand what is happening in terms of the argument, in terms of whether or not it, congress has a role to speak here. essentially what apple is asserting in eastern district of new york is not its security concerns. its asserting a question of reputational harm. there are rules under court precedent in 197supreme court case that says a court can compel this type of third party assistance under a number of limited sort conditions. can't be undue burden.
have to be closely related. has to be necessity. you have to consider all these prongs. it is for a federal judge to decide if the facts in a particular case. i think it is appropriate for a federal judge to make those determinations. they are better situated often. that said, what apple is really asserting in the eastern district that all writs is not an appropriate application because all writs is supposed to be this gap-filling statute. really this is matter for congress to decide. congress should be speaking out. . .
the judge in the eastern district of new york otherwise known as brooklyn, suggested in his ruling that congress has spoken. congress spoke through two ways. it rolled out the kind of technical -- it rolled out the kind of technical think the government is asking apple to do. it rejected it because it says you do not have to decrypt communications on the government demand. it also classified apple as an information service instead specifically where apple is an information service, excluded from the scope, there's a number of reasons why it does not apply.
judge ornstein also said in this is maybe the week of his arguments that congress was already spoken when it debated and rejected expansion of calea. >> i think to put ornstein position in its proper context this is sort of the next decision in what has been termed the revolt of the magistrates. it's very unusual for a magistrate judge to issue an opinion at all. just issued a 50 page opinion in this case. ultimately, a district judge will decide whether i'm not be somewhat novel legal arguments -- arguments are valid. the more traditional understanding of calea again a federal judge might eventually decide otherwise is that elliott applies to data in transit but it's an interception statute and what's at issue here is not implicated. sort of the larger issue of what congress has in congress has
nothing is a difficult one to reconcile. even within his opinion he cites the case president which says when congress doesn't say anything you can draw but equally tenable explanations for that. either congress affirmatively like endorses the status quo or congress really wants to change things in an aggressive way and -- >> had, say nothing if you agree with susan. >> i don't want to -- >> just finishing can't draw conclusions whenever congress has not spoken. those are sort of the two separate arguments that you are asserting. >> understand the context of what's happening. i believe congress did speak. the fbi try to get this proposal through last year and they couldn't get a single member of congress to carry a bill that would do that. so my but it is congress spoke
by not accepting what the fbi and doj wanted to happen. there's another element here to consider which is courts interpret laws. courts don't have independent authority to make people do stuff. they can't compel you to take action. they need a source of authority which is a law. in this case the citing what the judge is saying is i don't think a lot of it to apply in the situation. so if congress is just silent, the courts can't come up with its own authority to make you do something. they need some sort of a statutory basis to compel action. if congress decided i think that speaks volumes. >> let's move on to the second iphone eric hale of three iphones and that is the one in san bernardino. turn one, do you want to do the press speak with secure. probably most of you know so
i'll try to be short, specific. the fbi has the iphone that was used by one of the dead terrorists in san bernardino. that iphone belong to his employer. so what has a warrant to access the information on the iphone but it can't do so because the information on the iphone is protected by a pastor. it has taken steps to get whatever information that was on the iphone and was also in the icloud, they gotten. so this is information that doesn't exist anyplace else but potentially on the iphone of the dead killer. in order for that information to be accessed, with the fbi has
proposed to the court and is the following, that there are three mechanisms that apple has put in the operating system of that phone so that someone can't use what's called brute force, which is running every conceivable combination to find the passcode to break into the phone. and those features are that they are quite clever actually i think. one is that if someone makes 10 wrong tries, the phone just blows itself up. no, it debases all the information on the phone. the second one is that -- it erases. -- if you want to try multiple times to get into the phone, you
have to wait between each time soviet guy says that if the teacher wasn't disabled, it would take them 26 years to try all of the different possible passcodes. but if, the third feature was disabled, which requires the passcode to be typed in manually by some finger, and instead the phone was convicted so that the fbi could use an automated way of typing in the passcodes, it would be able, the fbi would be able, using brute force, to get access to information on the phone in 26 minutes. so what the fbi has done his past record to use the all writs act to order apple to write the software that would disable
those three particular features on this particular phone. and there's a lot of back and forth about how that would be done. would they give the phone to apple, which we can talk about which kind of goes to some of apple's objections being ordered to do that. >> so susan, in this case apple is being asked not to just break into one of its products but to actually affirmatively do something no tech company has ever done, and that is write custom software for the federal government that breaks its own profit. all writs act really applies? >> right. we are not getting into the heart territory at least to my mind. yet, this would be a novel application of it all rates. they are being compelled to do something or i think of the book is sort of understand the choice that is being made and why. the government possessing they'll have the capacity to write the code.
it might be harder for them. they might have some unintended consequences. certainly apple is going to be better but the problem is the way apple has created other devices they only run software that has been signed by apple's special signing key. there's been in this larger debate about encryption a lot of discussions about notions of key escrow and the techie community as assorted strongly and reasonably that these are the key pieces to the kingdom. the u.s. government cannot be trusted to keep this deficit. >> we are talking about the concept where companies would store their keys with third party retrieval by the government in circumstances such as this? >> exactly. a company would be required to put its signing keys somewhere else. essential what's happened is the government said okay we believe you. we don't trust ourselves with this key. we buy that we should not be messing with sort of encryption into genuine sense of where.
we believe this is important equity to protect. the problem is that if we don't give us the key, you have to write the software because we can't sign the software in question. i think in that context while certainly a judge is going to have to decide, is this the appropriate application of the law, it's important to understand what the trade-offs, what the government thinks that it might be reasonable to ask this kind of heightened assistance because of course as with all laws, as technologies change, we reinterpret the laws and we see whether they can be stretched. i think this is starting to raise questions of was this intention, was this the intention of sort of the all writs gap, is there really a gap? we are starting to get into the row over the substantive law where we would expect to see statutes on the matter. there are certainly difficult
legal questions in california. that said, no matter what happens in california we are all collectively going to have to decide what we want the future to look like. to my mind which really at stake in california is whether or not we want the scope of government access, of lawful government access to be dictated our laws, by the fourth amendment, by courts, by warrants, by a neutral magistrate or if we want to discover that access to be taken up by technology. reasonable minds can differ and there are all sorts of really obelix equities on either side but whenever you get down to the core values choice, i think that's when using two sides they're having difficulty reconciling what our deeply held notions. >> ted, are there constitutional issues at play? >> absolutely. i think it is unprecedented for a court to compel a private
sector company to take extraordinary actions which is a great software that they do not have to weaken their own product. that is simply the issue -- >> but not just under the all writs act. author perhaps fifth amendment our first amendment -- >> so alvarez's first and fifth amendment issues. they do say writing computer code is equivalent to freedom of speech and that they shouldn't be compelled to do this speech. not sure what i think of that. i think they're stronger act as the all writs act does not apply in this case, particularly when the government, the fbi tried to get this through congress and congress rejected it. i think it's helpful to take a step back and think about not just apple. it's not just about this company. it is have not been a microsoft product, the same thing would happen. microsoft is about to write a legal brief in support of apple. you have the american library association supporting apple.
they are involved because they don't see any limits to this. if the court interprets all writs act to compel this action, want to keep a court from telling amazon you create software to identify for us people we think are suspicious based on the books the order and you send it to the fbi. you can imagine all sorts of actions the government can't compel you to do to assist law enforcement. in my ear as a private individual, private sector companies are not an arm of law enforcement. i think this case raises issues about relationship of our government to you. >> so i would just add susan and the congressman raise that kind of larger policy questions is that i think there's a risk in connection with the approach that apple is taking, which is that if you step back for a moment and ask the question,
well, who's going to decide, or who's going to have access to information that's been encrypted, and we is the government, if ever, going to have accessed information that's been encrypted and how are we going to decide that? that's a very large question that has many subparts, depending on what kind of devices you're talking about, what kind of information you're talking about, which part of the government, what kind of process which i'm going to have a warrant or something else? if you step back and go, well, this particular case where the government has a warrant, there is no privacy interest at stake in connection with the data on the phone, do we have a real problem in compiling company to help decrypt this information on
this vote in these circumstances? so the problem as i see it is that whether or not congress has, in fact, already given the judge the power to order that kind of compulsion, as you said, in the all writs at. but if you step back and say, well, as a society do we want a judge to have that kind of power? i think the answer might well be yes, in this particular situation. and what i am very concerned about is that apple and some of the other industries position okay, are we going to fight this in court? if they lose in court, it will give the fbi much greater ability to come to congress to ask for the kind of law that the all writs act is not?
but in asking for the changes in the law, law enforcement and intelligence communities are likely to ask for much broader powers and are likely to ask for the power to access information when they don't have a warrant. but they just have a national security letter or they just have a fisa 702 order or many of the other kinds of authorities against government access. that's the danger that we run, with all due respect, at the moment, doesn't seem to me that we have the political context in which we will end up with, the wisest decision making process. >> just to push back on that a little bit.
i think one way to sort of describe it is to say you don't think you'll get the law that you think is ideal. traditionally we understand we express those values i voted for electric represents. congress is not obligated to pass a law that says apple at all companies shall compel. they could reveal to you. the scope of what congress is about to do on our behalf is essentially limitless. it's only the constitution is the limiting factor there. i think it's important realize whenever we see these polls at a 49% or 41 -- 51%, roughly divided country on these issues at this point. the way we traditionally resolve these really difficult value decisions is what the left members to congress and the vote and to vote on behalf of their
constituents in a way they think are a noble discharge of that service. i'm always a little bit suspicious of the notion of we want a lot and we don't want to use that gap that is because we are afraid they will pass a bad law. i agree there should be a careful consideration here that they're going in principle should be first, do no harm. that said, i think that i'm always suspicious of stall tactics honestly. i think the fundamental democratic process is we have opinions and you guys vote. >> i've got a really cool law to tell you about. i learned from jane harman to work on a bipartisan basis, a couple of weeks ago i introduced the encrypt act with republican
mike bishop and others. what this law does is states cannot mandate encryption backdoors in consumer products. you had california and new york with state legislators introducing bills that were going to require companies like google and apple and so on to the backdoors into their products. that made no sense because you can't have google make a smart phone just for california and not for kansas. so that's going to work its way through. i think that's a good law. so your notion, yes, there is a risk that we could get a crazy lawyer for president there's all sorts of risks but i think into specific san bernardino case, when you talk about apple fighting the court, they didn't pick this fight but if you read what happened, according to apple they read about the court filing in a newspaper. they were working with the fbi. they provided a huge amount of
the system. they provided the engineers, all sorts of advice. i think the fbi sought opportunity to try to frame this issue in a very particular way to try to get the wreck in public on their side. and begin when is the last time you saw the fbi write an open letter. it wasn't addressed to the judge. he wrote an open letter to the american public which is fine. is what a debate should be. installation happen. >> just to correct because he didn't publish that letter on pashtun he did write a piece back in july, so the putting of encryption challenge talking about what law enforcement, asking for ideas and support for partnership, for engagement. i think one competition sort of specifically open letter in the past. i do think law enforcement has at least attempted to be sort of opened with the equities.
>> i want to ask the question about the all writs act just to take us back to the but because it's the law that this sort of at the crux of all this. the supreme court as i understood it established three basic tests. there is proximity to the issue at hand. there is would be an undue burden, it is there any necessity. let's talk about necessity. in does the iphone, anybody actually think, have any evidence on it that the fbi truly has a compelling urgent need to get at, especially given the wealth of metadata that the fbi award has been able to extract? ♪ who he's called, who syed farook called. they know the content of this sms message. they know what apps he is downloaded. it even has a backup copy of the iphone, albeit one dated back to october 19 but we are
not talking about huge gap. isn't it really just an opportunity for the fbi to make a point rather than to gather evidence because i have two reactions. certainly there's been raised quite a bit. one is we don't want certain laws for when law enforcement really, really, really wants evidence and whenever they just like that kind of want evidence. the road is supposed to say whether not the judge has a can get and that's the role. a little bit i think while certainly the facts might be more friendly in one case or another, my people are less useful in front of the public conversation. i think it's important to understand we are attempting to develop neutral principles spent by the all writs access necessity. >> necessity ghost whether not a government can do it itself. it's the assistance in question is necessary.
so kind of the necessity you are talking about is whether or not law enforcement needs access. that goes to kind of how we all balance. it's totally reasonable and the american people decide this technology is really important to our lives. the cybersecurity threat is massive and we think that we are willing to accept the fbi not having access to some amount of information. my personal sense and i will put on my former iec hat for this. this is a word ashman a weird terrorist event. it's kind of a workplace shooting, kind of a terrorist event. it's really important that the fbi understand what happened, why it happened. there was allegedly sort of a fight at a party. was explaining this terrorist event for a series of time? was is always the intended target? these are important things to which the phone would have at least some value. i think the right question to be
asking is, is not could expect to find a sleeper cell on his work phone? no, probably not. but this is a meaningful investigative lead. it's as important lead as any, at least conceptually. this is the kind of investigative work we would expect from law enforcement. we would expect them to be investigating these crimes. that includes looking at the phone. i'm always suspicious of this question of how valuable is it. the question is if it's of any value, then the larger discussion becomes one of whether or not the law applies or not. >> kate you look like you have something to say. >> i'm more skeptical about the fbi was doing. if you go back a couple months it was an internal process inside the administration about whether or not the administration and the white house would go to congress and
ask for new laws to deal with many of encryption capabilities. the administration decided not to. i think we have to remember why, in one of the reasons is because as the second of defense and everyone up and below him to the president, et cetera, has acknowledged strong encryption is essential to maintain the security, or to create more security in the internet. of the internet is an essential component of our security. it's made insecure and the companies who are working on encryption are making it more secure. so they decided not to go to congress, at the trade-offs did not require a new law. then we had san bernardino. now we have an investigation which is an important investigation, but we don't have
simply one little part of the investigation. we all of the sudden have an enormous public controversy created by the fbi on you can we believe that encryption should prevent us from getting access to the phone of this dead terrorist. so i think that's the question of whether or not there's anything really useful or necessary on that phone does go to what is the fbi trying to do. it's quite legitimate for them to try to influence the public debate on encryption. but let's be clear that that's what they are doing more than drawing to get the information on this particular phone. >> i agree the san bernardino case has sort of a particular emotional resonance. that's not the case that james
comey has been yelling about on the hill. he testified two weeks ago and yes imagine the san bernardino case but he mentioned another case. and ios nine, a woman eight months pregnant opens the door and she's murdered no leads in the case. no idea who did it. fm has given consent to open the phone. just a detailed fire on the phone. the fbi certain there's some evidence about what she planned to do that day in that phone and they can't unlock it. i don't think this is a case of the fbi just trying to use kind of the most dramatic setbacks. whenever i personally think about how do i come down on these issues and where do my values -- >> that's the second most dramatic setbacks, the dead woman, right? >> right, but these are all real things. it's reasonable to decide another value is more important but as a result to begin as a people don't care about investigating terrorist attacks. it's not reasonable to begin
people are not really murdered in this country. the biggest issue with encrypted data is child pornography. a lot of people say that's fear mongering the that's reality. we might decide that as a nation our online security values, when we think the future is going, the way we want our relationship to our government to look like, that that all means that we don't expect companies to provide this kind of assistance. we have to do that eyes open and understanding what the trade-offs could potentially be. >> let's talk about the third iphone. this is a hypothetical iphone. this is an iphone that apple could make that would actually make this argument about the san bernardino mood. they could put security features in a next generation of iphones that would make it impossible for anybody to get in. there are some technical details about how to produce a big would
make secure enclave, make one of the chips on the inside of the iphone much more hard to update. we don't have to get into the technical details. is there anything, is anybody going to say that apple shouldn't do that, that there actually should be a law defending apple from making the iphone so secure that not even it can get into it? >> if they did that maybe we should ask apple to protect our national secure secrets, right? i was oversight committee last year having hearing after hearing of massive breaches in our federal government. for example, -- >> have a warehouse of iphones. >> security clearance had a 20 some million records affected me personally, foreign government that has most sensitive information as well as my spouses. it was because of a lack of encryption, other strong security fences but we need to
upgrade encryption in cybersecurity of both the private and public sector. keep in mind that virtually every federal employee has a smartphone of some sort, whether it's government issued a personal one. they keep huge amounts of information on that phone. do you really want to make it easier for foreign adversaries to hack those phones? you don't. that's what our national security establishment has largely come out saying strong encryption is a national security party. we don't want to create vulnerabilities. i would be completely fine with future iphone that you describe. >> i might surprise you on this. i'm sure there are some people that will say apple shouldn't be able to great that phone. i think apple should be able to great that phone. i think would be a real mistake to try to dictate laws telling companies how to build their product. apple has obligation to make the safest most secure phones they possibly can.
weighing all other business equities along the way. i think that with all, even though the congressman is what i think for people who have a computer science degree, sometimes congress waves into technical issues, some of your colleagues have less of a gentle touch. i think that kind of law probably in so doing more harm than good. what i would think would be useful and to find law, useful in clarifying sort of no matter where it comes down is a law that explains to companies exactly what the scope of the obligation looks like. coming from my background i'm very skeptical of the notion that there is such a thing as a phone you can't get into. and so i think that while certainly we are all going to have to accept the fact that there's certain information law enforcement is going to be a boost in the future, the other places where the mighty methods to fill in those gaps. those will create a whole other set of problems. who can spy on you for your
refrigerator while the bigger. they are already thinking about this. the vulnerabilities are going to continue to exist. so really what's at issue in your, in california is not an issue of encryption. it's an issue of lawful hacking, a device hacking. this is were it to be difficult to frame. while i 100% agree with every statement both legitimate on encryption, i also think it would be a terrible mistake to put in genuine outdoors or force people to alter cryptologic standards. at all seems problematic to me. this limited scope, the limited ability to access device hacking, requesting that companies are so to the law provide some level of assistance, and i think that level should be dictated by congress and not all writs. that's probably the right solution. i think there is a way to sort of find our way through this. i don't think it has to be kind
of, it's 2016 and we'll decide what the future looks like an awfully good. i think we can take one step at a time. we can lower the tone of the rhetoric. i think things like federal preemption laws, that sort of stick out their territory so these issues are a good idea, i'm skeptical of commissions but hopeful. i think that is the way to be collaborative, to be creative and to come take one step at a time. >> want to make sure with time for audience questions. [inaudible] spent i have no personal involvement in any of this, and no knowledge. i'm just the average american citizen. first of all i think you made a very good point and i may have missed this in the media but i don't member anywhere people talking about all these other
cases. it sounded to me like it was one case and maybe apple could just at one time and that was the end of it. but clearly it's nowhere near that. again, i didn't know that they may be the rest of the public is smarter than i am at a new debt, but i missed it. but my question is, i'm not sure i understood what you all say because i'm not an expert in district if there were 60 cases in new york where apple or someone agreed to let them have the information, what are they deny it on the 61st? if they have a great 60 times before, what about that case is different or do they just change the mind or is there a different legal issue? i'm not clear about that. >> the san bernardino case but i was referring to the first case, the brooklyn case. >> are to sort of questions in the easter eastern district cas. the first is whether or not this is an appropriate use of the all writs act.
so judge has determined it's not, that will go up on appeal. this is something that apple basically have not thought of the notion before. the us and the all writs apply. at the request of a judge they took a hard look at the law and set on second thought maybe we can't be compelled to do this. so that's within the rights of that will go through the courts. to have an alternative argument, they are saying on the record in the eastern district of new york is that under the burden analysis, so this is that no one can be compelled to do that which is overlooked burdensome i think is the language. they are saying it would be a reputational harm, that if apple were to comply with a court order in that case they would suffer economic damage to their reputation in the long-term. that implicates some sort of core understandings about civic duty, multinational, you know, american corporations that have
multinational markets. it's a very complex issue but there's no security concern. they are saying it's a financial and reputational issue. >> essentially apple changed its mind at this point and opposed -- >> i think it's fair to say they changed in my potato think it should be characterized message of as apple is bad. i think that they'l they have cd their understanding of the operation of the law. but not based on the technology changes. >> jane harman again. i thought this panel was great, i think this panel is great. one of the reasons i think it is great is that it's a discussion in public about a set of complex issues. so my question is this. after 9/11 when all of us thought we might be attacked again, the bush administration,
bush 43, term one, took most of its actions to thwart the threat by executive order. it turned out that memos were written in the justice department at the office of legal counsel justifying a lot of this, and congress was cut out. my question, and congress caught up in the second term of bush. the a lot of actions in congress. my question is this. how important is the public debate? at this point we are such complex issues, should the public he brought in and help determine the set of answers that our country will give to technology into the need i think everyone would agree with this, they need if possible consistent with our constitution to find out what bad guys are plotting before they hurt us? >> i think public debate is critical, and thank you again, congresswoman harman, for having
this event. i've really enjoyed it and i learned a lot myself. because the issues are so monumental, they do with privacy, national security, law enforcement or we all want crimes to be solved in people not to be injured or harmed. so these overly large issues that the public needs to weigh in because it's going to affect the public for years and years to come. how congress acts, if congress acts, or if the courts act and how they act. i think the public needs to weigh in. to know what the public is going to say. i think look at the polls depend on a ask the question you get a different answer. i think the public itself is somewhat conflicted because it's a very complicated issues and they often raise complex that are not easy to solve. >> i would just add that whatever you're having a public debate that's highly technical,
that's always hard to have in a sophisticated sort of informed way. i hope that the technology community can also sort take solution in making sure people understand the technical issues at play. i also think though it's important to not dismiss people who disagree with sort of the technical mindset. i think there is a little bit of, i don't know, sort of a temptation to say if you have sort of a different value for you come down differently because you don't get it. if you knew math like we did, you just don't understand. it's just important not that it's indicative of the right or wrong answer but it's important to understand that it's possible for people to have sort of different values here at the picture we are being kind of respectful of all those values in the conversation. >> i just want to second all that but also point out that without the public debate, where we end up with is the national
security bureaucracy makes a decision. they do it in secret and it turns out, and i think the snowden disclosures and where we are today illustrate that that's not only that for human rights, civil liberties and democratic government, it's bad for the intelligence community. because apple's resistance and the technology companies resistance to government access and insistence on the importance of encryption is, i believe, in large part a measure of the american public come to understand that the intelligence agencies are accessing so much more of americans to communications and we had any idea. we are still seeing the results of that. so what i would say is that in this debate when the law
enforcement says we want access when we have a warrant, that's one question. but we need to end the debate what about when you don't have a warrant but just some other authority that's going to allow you at the moment to get access in secret, are used to asking bid for encryption to be broken? and that we have complete and candid answers to those questions from the national security side. >> go ahead. >> i'm with the voice of america. can you address the international application issues? if governments like china ask apple to do the same thing, would apple do it? >> so this is actually a really complea verycomplex question. i think there's a lot of attended the sake apple can create the technical conditions
and that would allow them to say no to other countries. nobody except apple and the chinese government know what apple's relationship with china is like. what the apple general counsel test of the estate is that apple has complied with chinese localization laws. so that means all data stored within chinese service. it's common understood that the chinese government maintains access to all data within china. google, for example, rather than comply with david localization laws elected to withdraw from that market. so while it's difficult to know, it's not, it's apples and oranges because the relationship to the date in question is very different. that said, certainly china is looking to what the united states is saying. certainly is operates, this offers you his company's abilities to negotiate with chinese government as sort of,
they tend to promulgate regulations but the a lot of discretion. is very important and at the same time not quite as this positive i think is sometimes believe it can be spent i went to china basher on a congressional delegation and one of the issues we raised was allowing more access for american businesses to the chinese market. because they banned facebook. they banned much of google because these u.s. companies would not agree to some of the very intrusive demands of the chinese government. our embassy continues to make arguments in please allow access to u.s. businesses. it does somewhat undercut our ability to do that if you're in the u.s. we didn't have our own government going in, taking back doors or backdoor ways to try to access smart phones. i think this does have an effect how this is decided not just iny is but also how our businesses compete worldwide.
>> the other international aspect of course is that encryption is extremely, it's critically important for the center of human rights activists around the world who live in repressive regimes. sometimes it's a matter of life and death that they have access to encrypted communications. >> my name is david. i'm working at the wilson center. i'm an introvert this is a tangential issue to the san bernardino case. how does this discussion change when you're talking about open-source encryption? apple rights for encryption and they have a certain ability to break into going to want to or when they demanded by the government. but with open-source encryption
which i understand there's been some hostility towards attention by some people in the intelligence community. can you speak about? >> if i understand your question correctly, right now two people can go to the internet, encrypted communications and the fbi cannot access. that sort of leads to a broader point where if you look at what the fbi and the department of justice is they say look, there's all of these dark spaces now that we can't access. my view of that is when america, it's intentional we have dark spaces but your bedroom is a dark space. we don't want the fbi to listen in. or home is a dark space. in the san bernardino case it's likely those two terrorist plans a lot of us just by talking to each other in their home. dark spaces. and with encryption right now you don't need a smartphone or you can just encrypt with another person the fbi can't access it. that does at some level, maybe
it's going to make it easier for some criminals and terrorists to take certain actions. but also it does a lot to protect not just people's privacy is but companies privacies and strong encryption again is good for you this is coming as consumers of u.s. national security. spent let's make sure we get somebody from the back. >> thank you. to questions. one that has only been addressed is if you look at san bernardino and the attack, is about an existential threat? i would argue that it's not. we afford to get people which is horrible but it's not an existential threat to the existence of the country. so discussing this big an issue in the context of that one case might be the fbi taking things far out of proportion.
and secondly, we've only touched on apple but let's say apple were compelled to do this. run off to blackcomb .ch and you're going to get something that's a lot harder to crack than the iphone. we are just moving the goalposts. there's no end in sight. spent i think two things. wants or what is not an existential threat and we should be making decisions out of places of fear or care. that said would also that collective understanding about what our expectations of law enforcement are like. their inability to investigate, prosecute and prevent crimes. we are allowed to change our minds. that's the beauty of this isn't. we could get through all of these things to fall. insurance of the notion of moving the goalpost, there's always going to be a more secure phone. there's always going to be third party apps. there's always going to be the ability for two smart committed bad guys to speaking with the government can't access. the question here is how big
that space should be and sort of how manageable sort of the problem is. i think that it's important to understand that there's no such thing as absolute on either side but we're never going to get absolute cybersecurity. we're never going to get absolute physical security. it's a balance of how we want this all to fall. >> i largely agree but i think something to consider is it easy to point out hey, i bad thing happened. but i think it's important to understand that lots of bad things happen when you don't have strong encryption. so we have been repeatedly harmed, the united states, from weak encryption and we cybersecurity defenses. billions of security clearance records stolen. we have businesses, and from our blue cross, target, home depot act. we have suffered huge amount of economic damages, national
schedule risk american lives are not at risk because of that hack at opm of lester i think it's more to put on the scale the week encryption from weak infidel believes pashtun vulnerabilities will continue to cause harm and thus is something people need to think about as they think about these issues. >> thanks so much for doing this. before my question, shameless plug for the wilson center's sadr city leopard one of the reasons we do that for he'll step is to make sure the edwin access to the technological information, how technology works, how smart phones were, what do networks mean, who are the bad actors so members of the congressional offices can have the best information possible. my question is really about unintended consequences. let's say a decision goes forward and one of these cases like the san bernardino case and some of apple agrees to or is
compelled to write new software this happened in some other case. we've seen incidents where second the situation, it's out anoutin the open and somebody wl find it. there's a mistake summer because humans are still writing code. out we need to think about that from a legal perspective, a privacy perspective and how is u.s. congress thinking about that issue? >> i think it's an important to be honest about that there's risks on all sides. because but would be very foolish to dismiss apples very sincere and genuine concerns. one of the concerns is that apple will not be able to maintain the software securely, that it will get stolen or they'll have to use it so many times is going to cover but their ability to secure their kids. it's important to sort of take those head on and decide what the actual risk is. whenever i sort of think, i think it's important to take the
facts as they come. it's easy to spin out into this back doors into encryption, like wonderfully complex technical issues. i think is important to take the technology as it is before the court as it is before the case at issue. look, i'm sure there are great many of our technologies that will disagree, maybe even the congressman himself. whenever i think about the risk scenario i think sure, if the software is stolen, apple has an impressive history of being able to secure things up until this point. they have essentially identical software, technological different the software is software. they were able to secure it for many, many years. maybe this is different than other software will be stolen. okay, who has the capacity to steal it? who has the capacity to use it or repurposed if they were to steal it? so that's not just a nation-state actors but it's like probably more than your ordinary thugs we don't need to
worry about people grabbed iphone out of one another's hands. that's what that group looks like. so that whenever have this code you need the device in question. from an intelligence perspective i think while it's always better to get him find an intelligence -- keep producing intelligence, ceiling some of the iphone is low on the list. i think so who would want to do it, how hard would it be, how would you secure the phone? i come down to like a sloppy intelligence officer that would be a real problem. corporate espionage would be a problem. potentially some border issues, things like that. i think those are all real threats. we have to think about the we also need to push the technologists and companies past the initial representation of this is not safe because they are right, and and a theoreticl sense if you break this code, something existed before, something exists now that didn't
exist but for. i think it's important for those of us who were not technologists could not be afraid of looking stupid to say what does that mean? what would happen next? so we can make a decision based off of the facts on the ground instead of just being afraid of ever sort of messing with anything or taking sort of the first representations of the corporation that, of course, has corporate obligations that are about maximizing value to to shareholders and the assertive about protecting our civil liberties. >> in addition to being a recovering computer science major i'm also a recovering lawyer. i want to talk with some of the legal risks. because i think they should be settled by connecting people with stakeholders in congress i do think the fbi should withdraw the case against apple. i don't think they're going to do that and if they don't overlap in his this case will keep on being appealed. want the legal issues will be can the government can tell a
private individual company to write software they do not have? to create something they don't. let's say that gets to the ninth circuit court of appeals, a huge reason and they decided say yes government into the. and you have the principle here that you wonder how will they be applied in future. what else can government force you to do in terms of creating new things you don't have. so the article risks to what's going on. i think it's something which is the to think about as these cases move through the courts. >> just some notes. the president here is important anyone who says it's just this one phone. it is kind of just this one phone but there's precedent here. i always caution against the slippery slope which is the logical fallacy from the early days of law school. that's sort of this notion of courts apply the law as it is. they are supposed to define it from on high but is supposed be an objective standard solo bit the fear is the law is currently
applied in this case it would also be directly applied in another case andover it is not directly applied in this case. i think that speaks to a need to change the law, to have real publication about what sort of the scoping is. maybe not necessarily a need to misapplied the law to the extent a court believes it's a proper application. >> does the panel have time for one last question? we are a little over. spin thank you. i appreciate it. whenever i read jim comey's piece in lawfare, it's impossible to get anyone to pay attention to anything today. i think on a personal level i think just this case, the debate gets created is valuable for our society. so one thing i'm thinking about this room more of an international circuit perspective and i'm trying to come for the sake of public
debate and norms and laws, to try to conceptualize and think about the difference between, because in the computer science sense, data flowing through networks, all the same but there's data that can become information for purposes of situational awareness, courtney buck activity and basically for human consumption but then there's data that has kinetic effects that destroys critical infrastructure. so what role does encryption play in protecting the system's? that's one of the biggest concerns, our electric grid, all these things, it's not the information we care about because it's more machine to machine communication. is this a useful way to think about it and what role does encryption play on that? >> you know that the president just announced a major cybersecurity initiative that's aimed at making the grade much more secure, at increasing the number of technologists in the
country, et cetera, et cetera. but as part of that they recognized that encryption is a key part of securing the grid speed i think it's important to note, yes, everybody, i probably kids everybody but i think most responsible voices believe that strong encryption standards are critical to securing all kinds of critical infrastructure. i think it's important to note the california smart grid is not defended by the mechanisms at issue in the appliques. it's important to understand the difference between the kinds of encryption they are talking, and its connection and in some cases lack of connection to what's being requested. spent i'm going to scare you. when i talk about driverless parser i believe it's going to happen sooner rather than later. the full vision of car push carts issue got all bunch of
these cars on the highway that are driverless. last year a car got hacked remotely. they took control of a cheap and control. imagine if you don't have strong encryption and strong cybersecurity a hacker takes control of a car on the highway and then slamming on the brakes when you're going 50 miles an hour. not good. or if a hacker to control of the car and ran it into a school. or what if a hacker because of weak encryption installed a virus that said on january 1 to 2025 all cars, they had this virus that would select one of miles per hour. these are very scary things i want you to think about and that has to do if you have strong cybersecurity, strong encryption. these are important issues to consider. >> so on that note, i often say that politicians are analog and the problems are digital. i think that is true. one politician is digital and maybe you can educate us, others. the wilson center is educating congressional staff including
andrew who works for congressman lieu is now going to be as far as ted lu, we hope. but the point is that without a public discussion of these issues, i think we are all lost. wouldn't it be nice to have a public discussion take place in a congressional hearing room, or think bigger, or maybe smaller integer, would it be nice to have that discussion take place in a presidential debate? made in the fall, general election presidential debate. >> cybersecurity is going to be huge. it's huge. >> certainly politico is now better informed about the. i want to thank a very educated audience for tuning in but i also want to make one last shameless self-promotion plug, and that is that places like the wilson center are going to have this conversation and we are hopeful that that conversation will ripple out and will be held
in more important for a in the white house, in the congress, in the debates so that the public can see who is better qualified to be president. we have to have those debates now because as ted said, something that can happen anytime. something bad can happen to more and if we don't have that debate come if we really believed, and i do, that security and liberty are not a zero-sum game, if we don't have that debate we can repeat some of the mistakes. ..