Read Apple's statement to Congress on the FBI warrant fight

The Verge ^ | February 29, 2016 | By Russell Brandom

[Swordmaker]

Tomorrow, Apple will make its case before Congress, as General Counsel Bruce Sewell gives testimony to the House Judiciary Committee at 1PM ET. It's Apple's first appearance before Congress since the company received an order to break security measures on a phone linked to the San Bernardino attacks, and Sewell may be facing a skeptical crowd. He'll be joined by Manhattan District Attorney Cyrus Vance, who has been an outspoken critic of the company's encryption policies, as well as a number of House representatives who have been vocal supporters of the FBI's position in the past. FBI Director James Comey will also appear before the committee, although he will appear on a separate panel.

Sewell submitted his prepared opening statement to the panel earlier today, and it is reproduced in full below:

---

Thank you, Mr. Chairman. It's my pleasure to appear before you and the Committee today on behalf of Apple. We appreciate your invitation and the opportunity to be part of the discussion on this important issue which centers on the civil liberties at the foundation of our country.

I want to repeat something we have said since the beginning — that the victims and families of the San Bernardino attacks have our deepest sympathies and we strongly agree that justice should be served. Apple has no sympathy for terrorists.

We have the utmost respect for law enforcement and share their goal of creating a safer world. We have a team of dedicated professionals that are on call 24 hours a day, seven days a week, 365 days a year to assist law enforcement. When the FBI came to us in the immediate aftermath of the San Bernardino attacks, we gave all the information we had related to their investigation. And we went beyond that by making Apple engineers available to advise them on a number of additional investigative options.

But we now find ourselves at the center of an extraordinary circumstance. The FBI has asked a Court to order us to give them something we don’t have. To create an operating system that does not exist — because it would be too dangerous. They are asking for a backdoor into the iPhone — specifically to build a software tool that can break the encryption system which protects personal information on every iPhone.

As we have told them — and as we have told the American public — building that software tool would not affect just one iPhone. It would weaken the security for all of them. In fact, just last week Director Comey agreed that the FBI would likely use this precedent in other cases involving other phones. District Attorney Vance has also said he would absolutely plan to use this on over 175 phones. We can all agree this is not about access to just one iPhone.

The FBI is asking Apple to weaken the security of our products. Hackers and cyber criminals could use this to wreak havoc on our privacy and personal safety. It would set a dangerous precedent for government intrusion on the privacy and safety of its citizens.

Hundreds of millions of law-abiding people trust Apple’s products with the most intimate details of their daily lives – photos, private conversations, health data, financial accounts, and information about the user's location as well as the location of their friends and families. Some of you might have an iPhone in your pocket right now, and if you think about it, there's probably more information stored on that iPhone than a thief could steal by breaking into your house. The only way we know to protect that data is through strong encryption.

Every day, over a trillion transactions occur safely over the Internet as a result of encrypted communications. These range from online banking and credit card transactions to the exchange of healthcare records, ideas that will change the world for the better, and communications between loved ones. The US government has spent tens of millions of dollars through the Open Technology Fund and other US government programs to fund strong encryption. The Review Group on Intelligence and Communications Technology, convened by President Obama, urged the US government to fully support and not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software.

Encryption is a good thing, a necessary thing. We have been using it in our products for over a decade. As attacks on our customers’ data become increasingly sophisticated, the tools we use to defend against them must get stronger too. Weakening encryption will only hurt consumers and other well-meaning users who rely on companies like Apple to protect their personal information.

Today’s hearing is titled Balancing Americans’ Security and Privacy. We believe we can, and we must, have both. Protecting our data with encryption and other methods preserves our privacy and it keeps people safe.

The American people deserve an honest conversation around the important questions stemming from the FBI’s current demand:

Do we want to put a limit on the technology that protects our data, and therefore our privacy and our safety, in the face of increasingly sophisticated cyber attacks? Should the FBI be allowed to stop Apple, or any company, from offering the American people the safest and most secure product it can make?

Should the FBI have the right to compel a company to produce a product it doesn't already make, to the FBI’s exact specifications and for the FBI’s use?

We believe that each of these questions deserves a healthy discussion, and any decision should be made after a thoughtful and honest consideration of the facts.

Most importantly, the decisions should be made by you and your colleagues as representatives of the people, rather than through a warrant request based on a 220 year- old-statute.

At Apple, we are ready to have this conversation. The feedback and support we're hearing indicate to us that the American people are ready, too.

We feel strongly that our customers, their families, their friends and their neighbors will be better protected from thieves and terrorists if we can offer the very best protections for their data. And at the same time, the freedoms and liberties we all cherish will be more secure.

Thank you for your time. I look forward to answering your questions.

[DiogenesLamp]

Oh Wow! The effing law doesn’t matter!

Not so much as you might think. Look at Justice Kennedy and "gay marriage."

Let’s judge shop until we find some Commie in a black robe who will ignore the law.

Or enforce it, depending on your point of view.

My friend, the law on this matter is crystal clear, just like the Second Amendment.

No, not nearly so. Even that was administered in a completely f***ed up way for decades before we got a decent set of Judges on the Federal courts. It is only comparatively recently that the Second Amendment has been acknowledged to be what it clearly is; an individual right. And you should be ashamed to think that our personal security should be “trumped” by some a$$holes at the FBI who think that they ought to have the “inalienable right” to invade everyone’s personal privacy in the name of “safety!” I have no patience with this viewpoint.

I don't either, and I wish you would stop attributing this viewpoint to me, because that is not my viewpoint.

Everyone's personal privacy is not at stake here. Only those people who have been arrested or are being investigate by law enforcement will have their privacy invaded, but it will be in accordance with the standards this nation has used since 1788.

When it starts to look like it is heading towards "everyone", then it will be time to make a stand. I actually expect Apple and other companies will have already built such strong protection into their stuff by then, that it really won't matter at that point.

More objectionable to me than snooping on criminal's phones is the fact that every piece of Data we send on the internet goes to Google, Microsoft, the NSA, and God knows who else.

I see a far bigger danger coming from the suppression of dissent by companies and governments (isn't that real fascims?) than I do from data tucked away on people's phones.

Phones now spy on people. They tell those with the proper equipment, where they are at any given moment. They can be used to track an individual, and the digitization of currency is going to make it possible for them to control your money or take it away from you, and you won't be able to do anything about it.

It is a frightening new world coming, and we should worry about more serious problems than the phone of a dead terrorists and damage to Apple's marketing strategy.

[Swordmaker]

That's 1 of 4 or 5 demands. They want the built-in delay removed. Hashes are designed to take time, proof-of-work is the proof of security. They want the alternative interface to enter passcodes. They want to bypass flash and run in RAM. The main problem is the new interface. Another problem is that the code in RAM is susceptible to reverse engineering.

You also forgot that even in the A6 processor, the passcode hash is kept in a non-readable area of the processor which cannot be read from the RAM. it's kept in Encryption Engine area of the processor, and can only be read by that area. The FBI is requiring Apple to find someway for the OS to skip all of the protections in hardware to reads something that is currently not possible to be read, even on the A6.

Theses two serial liars we have posting on here are certainly misrepresenting the lease of changing the iOS and hardware on these iPhones and iPads. Without ever working on any of them they arrogate to themselves knowledge they simply do not possess to criticize what Apple has stated as fact.

[Swordmaker]

Apple says it will take a team of engineers weeks to make these modifications. Bullsh*t. Probably several people who are intimately familiar with their code can make the change in a few minutes and recompile it.

What part of the security passcode hash is built into the Encryption Engine, which is unreadable except from within the A6 processor of the iPhone 5c in question, do you fail to grasp, which you have been told numerous times in these threads? Oh, that's right you have decided you aren't going to read any of our posts to you and are just going to shout "LALALALALAL I can't hear you, because you are all Apple fanboy liars!"

You declare that "The "number of tries" algorithm is likely a single subroutine." Then you run with your unfounded opinion as a PROVEN beyond reasonable doubt FACT. It isn't. It's a "facturd" you've pulled out of your rear end, because you have ZEROl evidence to back your up your "facturd!" Just because DiogenesLamp declares it does not make it true. In fact, given your track record, it most likely makes it a lie.

[Swordmaker]

The problem is that Apple products use ARM chips and how ARM is programmed. If a developer cannot get into a locked ARM chip (not something that exists anyway) they would go through massive amounts of chips in developing products.

There isn’t an ARM chip that is lockable.

Shows you don't know everything. Apple uses their own processors based on ARM architecture.

[Swordmaker]

The FBI request said they could do it any way they wanted to do it. It is the Judge that said to do it a specific way, and even then left it open to Apple to use a different method so long as it could achieve the objective.

It is not a "request" it is an ORDER, DiogenesLamp. And it requires that the FBI/government approve of the way Apple decides to do it, which would mean they would have to show the FBI/government how they will do it. Don't put words in the order that are not there. Don't mischaracterize the ORDER as a "request." Some of you are trying to characterize it as a "request" to Apple to "offer to help." PUKE!

[DiogenesLamp]

You also forgot that even in the A6 processor, the passcode hash is kept in a non-readable area of the processor which cannot be read from the RAM. it's kept in Encryption Engine area of the processor, and can only be read by that area. The FBI is requiring Apple to find someway for the OS to skip all of the protections in hardware to reads something that is currently not possible to be read, even on the A6.

I think you are either mistaken, or you are misstating it badly. The method they are attempting to employ is to feed it an unending string of passcodes until one of them unlocks it. This method doesn't require reading the passcode hash, it only requires the OS to send a passcode into the comparison system until it comes back with an ACK of some sort.

[palmer]

it only requires the OS to send a passcode into the comparison system until it comes back with an ACK of some sort.

But presuming the comparison is done in firmware on the SoC, that firmware would also contain the attempt counting. At the very least that SoC would have to be reflashed.

[DiogenesLamp]

What part of the security passcode hash is built into the Encryption Engine, which is unreadable except from within the A6 processor of the iPhone 5c in question, do you fail to grasp, which you have been told numerous times in these threads? Oh, that's right you have decided you aren't going to read any of our posts to you and are just going to shout "LALALALALAL I can't hear you, because you are all Apple fanboy liars!"

As apparently so have you. :) I have already addressed your point. Nobody is trying to "read" the passcode. Where did you even get that from?

Then you run with your unfounded opinion as a PROVEN beyond reasonable doubt FACT.

Sure. It's the only thing that makes sense. As a matter of fact, I just got off the phone with a buddy of mine who used to be the lead programmer in that startup I mentioned earlier. He currently works for a pretty good sized corporation writing operating system software for their massive armada of special purpose networked machines, and that's all i'm going to tell you about that.

Suffice it to say, he has a Masters degree in Engineering, and a Masters degree in Computer Science, and he is a D@mn fine programmer. He has held several jobs where he worked with teams of programmers, and has worked contracts with all sorts of businesses on all sorts of applications, including the Military. (He is also a former Air force fighter pilot.) (I myself am not quite so impressive.)

He said he thought it would take members of Apple's team of programmers very little time to find the necessary section of code and then change it to eliminate the number of tries and the delay.

He said he wasn't keeping up with this story very much, but he had a vague sense that Apple was misleading people. He said he didn't understand why Apple was being so stubborn about this, because it didn't really make any sense to him.

Oh, and he said he was voting for Ted Cruz. I said "Me Too!"

[DiogenesLamp]

It is not a "request" it is an ORDER, DiogenesLamp. And it requires that the FBI/government approve of the way Apple decides to do it, which would mean they would have to show the FBI/government how they will do it.

No it doesn't.

[mrsmith]

http://www.tenorshare.com/guide/how-to-unlock-iphone-with-iphone-care-pro.html

Does everything the FBI wants as far as I can tell (not a mac guy) - and it’s a free trial!
Good up to IOS9.2, seems legit.

[Swordmaker]

A WW1 draft case said you can be forced to be a soldier ( at great risk to your life).

There is no draft law in place for this.

[palmer]

Swordmaker: And it requires that the FBI/government approve of the way Apple decides to do it, which would mean they would have to show the FBI/government how they will do it.

DiogenesLamp: No it doesn't.

Court Order: ...and the government concurs...

The government wants to know how it will be done. Perhaps proprietary details can be excluded from that description. Anyway this whole discussion is almost moot now, the government got slapped down on the same sort of case (using a writ rather than a law to compel Apple).

[palmer]

LoL. Free is good.

[DiogenesLamp]

But presuming the comparison is done in firmware on the SoC, that firmware would also contain the attempt counting. At the very least that SoC would have to be reflashed.

I believe SwordMaker said it is kept in a special section of the A6 processor. Probably some section where you can write into it, but you can't read it, you can only send a string of data to it, and if it matches, it sends you a piece of data.

If the number of counts is stored in this.... let's call it a "co-processor", then perhaps it starts to get seriously difficult. I'm not sure such a system would be breakable unless you could rewrite it's on chip firmware too.

As a matter of fact, this is an idea I had a long time ago but never bothered to try. I used to buy these mini decoder modules for RF work, and I was amused to see they were using a 6807 processor to do the signal decoding.

They had disabled the ability to read data out of the chip, so you could program them, but you couldn't read them. If it accepted your program, it would send an ACK on one of the output pins.

I thought to myself, "I could crack this thing if I wanted to." I have written lots of 6800 based processor code, and consider myself somewhat of a wizard at it. My thinking was I would have to buy two of them, write a short piece of code to simply read the flash memory stored on the chip, and output it as a serial data string on one of the output pins.

I would write over one set of addresses on the one chip, and a different set of addresses on the other chip, and that way I could get the entire contents of all the data in the flash memory.

Because it is accessible to the processor, and because I can tell the processor what to do, I could get the processor to send me the data by writing a short piece of code to do it.

But I didn't break their module. I simply wrote my own code on a different processor to do the same thing. Mine works great, and it costs me less than a buck! :)

Alas, nobody much uses those things anymore.

[DiogenesLamp]

Does everything the FBI wants as far as I can tell (not a mac guy) - and it’s a free trial! Good up to IOS9.2, seems legit.

:)

They probably wouldn't want to risk this approach on an evidence phone. If it didn't work, someone's head might roll.

But that is interesting. They could try it on a throwaway phone and see what happens, but I would not expect it to work.

[DiogenesLamp]

The government wants to know how it will be done. Perhaps proprietary details can be excluded from that description. Anyway this whole discussion is almost moot now, the government got slapped down on the same sort of case (using a writ rather than a law to compel Apple).

In New York. To get the same thing to happen in California, you are going to have to have the Judge strike down their own ruling in which they already ruled that they could do this.

It puts egg on the Judge's face. I'm more inclined to think a Judge who has made a ruling, will try and find a "legal" basis for it to be upheld. Perhaps the appeals court will overturn, or perhaps they will insist the original Judge's ruling is correct.

Consistency has not been a hallmark of modern courts. Neither has rationality.

[Swordmaker]

The court order the FBI has obtained applies to a single phone, allows Apple to keep the phone in it's custody while the modified software is loaded on to it, and will not affect any production devices at all.

No, it does not. You are lying again, DiogenesLamp. Here is what the Court Order actually says. It says Apple will hand over the SOFTWARE:

“. . . providing the FBI with a signed iPhone Software file, recovery bundle or other Software image File (“SIF”) that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory (“RAM”) and will not modify the i/os on the actual phone, the user data partition or system partition on the devices’s flash memory. . . The SIF will be loaded via Device Firmware Upgrade (“DFU”) mode, recovery mode or other applicable mode available to the FBI.”

This demonstrates the FBI doesn't have a clue what they are demanding. They can't even name the operating system of the "SUBJECT DEVICE", calling it "i/os", yet they are giving specific instructions on HOW Apple is to do the job, such as ordering Apple to NOT "modify the system partition on the devices's flash memory". IDIOTIC.

[DiogenesLamp]

This is another one of your histrionic messages that I am going to ignore.

[SteveH]

lol

[IncPen]

This is another one of your histrionic messages that I am going to ignore...

... he said, as he viciously hit the 'post' button. "How does it feel to be ignored?!"