Senate Judiciary encryption hearing (with @ManhattanDA, @pwnallthethings, @Apple, and @Facebook) is starting now: judiciary.senate.gov/meetings/encry…
We previewed witnesses' statements in @MorningCybersec, along with the encryption response that FB sent to US/UK/Aus: politico.com/newsletters/mo…
We previewed witnesses' statements in @MorningCybersec, along with the encryption response that FB sent to US/UK/Aus: politico.com/newsletters/mo…
Right off the bat, Chairman Graham says he's for encryption backdoors.
"No American should want a device that becomes a safe haven for criminality," Graham says.
If LE has evidence of a crime, "I want the government to be able to look and find out all relevant information."
"No American should want a device that becomes a safe haven for criminality," Graham says.
If LE has evidence of a crime, "I want the government to be able to look and find out all relevant information."
Graham: "I’m not about to create a safe haven for criminals where they can plan their misdeeds and have information stored in a fashion that law enforcement [cannot access] it. That is a bridge too far for me."
Asks expert to figure out solution. “If y’all don’t, we will.”
Asks expert to figure out solution. “If y’all don’t, we will.”
Ranking Member Feinstein asks the audience to remember the 2015 San Bernardino shooting in her home state. That shooting sparked the Apple/FBI legal battle.
Feinstein on the FBI eventually buying a technical solution to unlock the shooter's iPhone: “I know what it cost to unlock it. I’ve been asked not to say it. I’ll respect that. But it should not have happened.”
Manhattan DA Cy Vance begins his opening statement.
“The single most important law enforcement challenge in the last ten years, in my personal opinion, is the expanded use of mobile devices by bad actors to plan, to execute, and to communicate about crimes.”
“The single most important law enforcement challenge in the last ten years, in my personal opinion, is the expanded use of mobile devices by bad actors to plan, to execute, and to communicate about crimes.”
Vance: By implementing end-to-end encryption that even they cannot break, Apple and Facebook “effectively upended centuries of American jurisprudence … holding that nobody’s property is beyond reach of a court-ordered search warrant.”
Vance points out that most state and local law-enforcement agencies can't afford to buy technical workarounds like the FBI did.
Vance says that while he's "not a technologist," he believes tech companies can solve this problem. He quotes Kennedy as saying that problems created by men can be solved by men.
Vance concludes by calling for a federal law mandating that encrypted data at rest be backdoored, as we reported in MC this morning.
.@pwnallthethings begins by saying that while "encryption makes us undoubtedly safer," it does produce collateral consequences for law enforcement. He reviews what he understands to be three categories: device searches, wiretaps, and tip-offs of child abuse material.
Tait: Zero-day vulnerabilities have enabled law enforcement to bypass device encryption, and they can facilitate wiretaps without additional mandates.
Apple's Erik Neuenschwander says tech companies don't know a way to backdoor encryption in a way that only allows access for "the good guys."
Facebook's Jay Sullivan: “We think it is critical that American companies lead in the area of secure, encrypted messaging. If the United States rolls back its support for privacy and encryption, foreign application providers will fill the vacuum.”
Sullivan says Facebook will continue to provide the data that it can access in response to legal requests. "Law enforcement's ability to retrieve data stored on devices continues."
Sullivan: Encryption backdoors "would undermine the privacy and security of people everywhere and leave them vulnerable to hackers, criminals, and repressive regimes."
In response to Graham's questioning, Vance says that “Apple has never really explained what the vulnerability was” that Apple was trying to fix when it implemented end-to-end encryption in late 2014.
Neuenschwander says Vance's description isn't correct. "We never had that key."
Graham: Are you willing to try to fix this problem?
Neuenschwander: Yes.
Graham: How do we do that?
Neuenschwander: Don't know off the top of my head.
Graham: Are you willing to try to fix this problem?
Neuenschwander: Yes.
Graham: How do we do that?
Neuenschwander: Don't know off the top of my head.
This situation in microcosm:
Sullivan: “I think this is a very complicated, technical—”
Graham: “Well it ain’t complicated for me.”
Sullivan: “I think this is a very complicated, technical—”
Graham: “Well it ain’t complicated for me.”
Wow. Graham: “My advice to you [in Silicon Valley] is to get on with it, because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.”
Feinstein asks Vance, who she calls a "very respected district attorney," for examples of encryption hindering prosecutions, and whether the problem is getting worse.
Vance: Our lab gets 16,000 devices per year. About half are Apple devices. 82% of them are locked when we get them. It was 60% 4-5 years ago.
Vance: We can get into about half of those locked Apple devices with our technology, but that still leaves many inaccessible.
Feinstein: It's my understanding that "even a court order won’t convince you to open a device.”
Neuenschwander: It's not about convincing us. We technically can't do it right now.
Neuenschwander: It's not about convincing us. We technically can't do it right now.
Feinstein asks Vance if he wants to respond, and he does.
"That’s because [Apple] engineered its phones to no longer have that capacity.”
"That’s because [Apple] engineered its phones to no longer have that capacity.”
Vance: "What they created, I think they can fix."
Grassley asks Vance if LE access to electronic evidence has improved since San Bernardino.
Vance says LE agencies with $$$$ have improved lawful hacking capabilities, but even then it's only partially successful.
Vance says LE agencies with $$$$ have improved lawful hacking capabilities, but even then it's only partially successful.
Grassley: Could there be a better way to coordinate this cooperative effort to find a solution?
Vance: “Without moving toward legislation, we’re not going to solve this problem. And we need legislation.”
He reiterates that the focus should be on data at rest.
Vance: “Without moving toward legislation, we’re not going to solve this problem. And we need legislation.”
He reiterates that the focus should be on data at rest.
Tait: We need to stop linking data at rest and data in motion. There are “good potential options” with data at rest. This is an example of “market failure.” There’s no “external incentive” (e.g. regulation) to incorporate warrant-compatible encryption.
Durbin does not sound persuaded by the tech argument.
He says: Silicon Valley says encryption protects us from hackers and repressive regimes. But we’re not talking about any of those adversaries right now. “We’re talking about our government protecting our citizens” from crime.
He says: Silicon Valley says encryption protects us from hackers and repressive regimes. But we’re not talking about any of those adversaries right now. “We’re talking about our government protecting our citizens” from crime.
Sullivan tells Durbin that, yes, foreign-made apps will fill a void left by a U.S. backdoor mandate.
Vance responds: Fine, but I primarily want access to the devices. Apps are another matter.
Vance responds: Fine, but I primarily want access to the devices. Apps are another matter.
Cornyn: "I don’t believe any company ought to be able to unilaterally decide whether to cooperate with law enforcement or not. That’s not a decision that is theirs to make. ... Everybody needs to follow lawful court orders.”
Cornyn: It sounds like even if you could get access to all the phones you wanted, people would just use foreign apps. How do we solve that dynamic?
Vance: “I believe that technology companies can be asked to help answer that question in ways that a simple DA … cannot answer.”
Vance: “I believe that technology companies can be asked to help answer that question in ways that a simple DA … cannot answer.”
Tait: When companies talk about security, “they’re often talking about security in a very narrow domain,” excluding things that are “external” to their products like the crimes we're talking about here.
Tait: I don’t think these companies “thought hard enough” about how to solve this problem.
Cornyn: What can Congress do?
Tait: Regulation that encourages companies to “compete” on warrant-compatible encryption.
Tait: Regulation that encourages companies to “compete” on warrant-compatible encryption.
Whitehouse: Aren’t the stakes also very high with kidnapping and terrorism, in which there is a threat of lingering harm?
Vance: “Absolutely.”
Vance is clearly every senator's favorite witness today.
Vance: “Absolutely.”
Vance is clearly every senator's favorite witness today.
Whitehouse: Do you concede that encryption causes some harms?
Neuenschwander talks around it and ends with, “My heart goes out to the victims—”
Whitehouse: “I’m not so interested in your heart, actually.”
Neuenschwander talks around it and ends with, “My heart goes out to the victims—”
Whitehouse: “I’m not so interested in your heart, actually.”
Whitehouse asks: Are you willing to accept liability for deaths caused by an inability to access encrypted data?
Neuenschwander won't answer.
Neuenschwander won't answer.
Lee is up now, and he's focusing on the risks of encryption backdoors. He asks Neuenschwander if Apple could design a secure backdoor that doesn't create a risk of malicious access, and Neuenschwander says no.
Lee, recognizing that child exploitation is the topic du jour, is pointing out that backdoors could create privacy and security risks for children, since they use technology too.
Vance: “The question is, what’s the risk?” You can’t measure the trade-offs until you know exactly what the harm of a backdoor would be.
Lee's five minutes are over. So far, he is the only senator to raise the issue of a backdoor's security risks.
Coons: You disagree that a solution exists. Why?
Neuenschwander: We’ve never said that it’s impossible. “What we think is that the weakness that it would cause for everyone’s devices is a bad trade-off.” But “we welcome continued conversation and investigation" on this.
Neuenschwander: We’ve never said that it’s impossible. “What we think is that the weakness that it would cause for everyone’s devices is a bad trade-off.” But “we welcome continued conversation and investigation" on this.
Ernst is asking general questions (how child pornography was distributed before the internet, how distribution used to be prosecuted, how it’s distributed now, and how E2E encryption has affected investigations) that have been answered in the record.
Ernst: "Can you promise to proactively change the way you do business without an act of Congress?"
Sullivan dodges, talking about the work Facebook already does to assist LE.
Sullivan dodges, talking about the work Facebook already does to assist LE.
Ernst: We need companies to do this without legislation. “If it doesn’t happen by you, it will happen by Congress.” I think you’d rather not have that.
Blumenthal has been pressing the Facebook and Apple witnesses on what they do to prevent child exploitation. Not specifically addressing the encryption issues at the heart of the hearing.
Blumenthal: Under Section 230 of the CDA, Facebook enjoys almost complete immunity from liability for how it handles issues like child exploitation. “That will end … because the American people are losing patience.”
cc: @RonWyden
cc: @RonWyden
Blackburn is up. She's not happy.
"It is troubling to me to hear you [in Silicon Valley] say that giving the key to law enforcement would cause a weakness in the device that would be a bad trade-off. Catching criminals is never a bad trade-off."
"It is troubling to me to hear you [in Silicon Valley] say that giving the key to law enforcement would cause a weakness in the device that would be a bad trade-off. Catching criminals is never a bad trade-off."
Blackburn: "What you’re doing … is you’re shielding criminals. And basically what you’re doing is creating a sanctuary cloud where these criminals say, 'This is our safe harbor. This is our sanctuary.'"
Blackburn: You’re hearing bipartisan frustration today. You need to “get your act together, or we will gladly get your act together for you.”
She adds: You need to share data. “If you all can’t do that, we will do that. But there will be a cop on the beat.”
She adds: You need to share data. “If you all can’t do that, we will do that. But there will be a cop on the beat.”
Facebook's Sullivan is not providing satisfying answers when senators ask how Facebook will continue to identify child sexual exploitation after implementing E2E (as Hirono just did).
He keeps going back to the company's general three-part framework. But senators want more info.
He keeps going back to the company's general three-part framework. But senators want more info.
Sullivan gives an answer that makes it sound like Facebook won't implement E2E in Messenger "until we get to a point where we feel like we have mechanisms that are going to help keep people safe." Says the company will work on this "over the next couple of years."
Tillis: How has Apple complied with Australia’s encryption law?
Neuenschwander: I’m not aware of any software engineering steps that we’ve had to take.
Tillis: If we implemented an Australia-style law, would it be problematic?
Neuenschwander: Yes.
Neuenschwander: I’m not aware of any software engineering steps that we’ve had to take.
Tillis: If we implemented an Australia-style law, would it be problematic?
Neuenschwander: Yes.
Tait: "There really isn’t incentives for technology companies to be proactive on” device encryption. Need more competitive pressure. “When it comes to end-to-end encryption, I think that regulated solutions are much less useful.” App makers are smaller and often overseas.
Hawley is getting mad at Sullivan for not saying that Facebook shares user data with outside entities. “Did they send you to school to evade our questioning?”
Hawley is asking Sullivan to promise that Facebook won't try to read encrypted communications for ad-targeting purposes. Sullivan says that (a) FB doesn't do that right now even though it can, and (b) with E2E it won't be able to.
Kennedy is up now. He says companies like Facebook aren't scared of Congress passing regulations.
“When it comes to social media and privacy, we [in Congress] couldn’t pass gas.”
“When it comes to social media and privacy, we [in Congress] couldn’t pass gas.”
Kennedy: Isn’t the reason that Facebook decided to embrace encryption because of your competition with Apple?
Sullivan: No.
Kennedy: So you just did it “out of the goodness of your heart”?
Sullivan: “It’s driven by our customers.”
Sullivan: No.
Kennedy: So you just did it “out of the goodness of your heart”?
Sullivan: “It’s driven by our customers.”
Second round of questioning beginning now. Seems like Lee is the only one who requested it.
Lee lets Neuenschwander clarify what Apple did in 2014 (he said Vance mischaracterized it).
Neuenschwander says the change was in response to the rising tide of data breaches and user concern about it.
Neuenschwander says the change was in response to the rising tide of data breaches and user concern about it.
Lee: Couldn’t users get around backdooring of device encryption schemes and use foreign ones?
Tait: Technically yes. There are very few of them though.
Tait: Technically yes. There are very few of them though.
Lee: Couldn’t sophisticated adversaries break into backdoored devices? Would you be okay with a major drug cartel breaking into your iPhone?
Vance: “Well, of course I wouldn’t.” But I haven’t heard specifics about how often it happened back when Apple helped us like this.
Vance: “Well, of course I wouldn’t.” But I haven’t heard specifics about how often it happened back when Apple helped us like this.
Lee: What would happen if you added a backdoor?
Neuenschwander: We could either roll back to the 2014 state, or try to hold a decryption key, which is something we’ve never done. “As a technologist, I am extremely fearful of the security properties of such a system.”
Neuenschwander: We could either roll back to the 2014 state, or try to hold a decryption key, which is something we’ve never done. “As a technologist, I am extremely fearful of the security properties of such a system.”
Lee: I hate to see this conversation “descend into a contest over who loves children and who acts with reckless disregard for them.” You can always tell that a conversation is “descending into a bad area” when people invoke extremes.
And with that, the hearing is over.
