Congress mulls using third parties for tech break-ins

Apr 20, 2016, 3:11 PM EDT
J. Edgar Hoover FBI Building. (Source: Cliff/flickr)
J. Edgar Hoover FBI Building. (Source: Cliff/flickr)

The Apple/F.B.I. debacle has been about more than just encryption and gaining access to user communications; it has opened the floodgates of confusion and debate over the integration of public and private sector work in privacy. Questions now include: To what extent should the government use third parties to achieve their technological goals? The F.B.I. told Congress on Tuesday during a hearing that it has a massive challenge ahead of itself — even after using a third party to break into the San Bernardino shooter’s iPhone — in that it does not have the tools to access information and evidence from encrypted devices. The future of its reliance on the private sector remains unclear.

The New York Times reports that Amy Hess, the F.B.I.’s executive assistant director for science and technology did not provide details on how the agency ultimately gained access to the iPhone in question, but she told Congress that the agency has "come to rely on private sector partners to keep up with changes in technology”. She said that the F.B.I. encountered passwords in 30% of the phones is has seized during the last six months, and investigators have had "no capability" to access information in about 13% of the cases.

We are witnessing the tangible effect of technology advancing more quickly than the rate at which government can keep up — something Michael Kaiser, Executive Director of the National Cyber Security Alliance emphasized at the Blouin Creative Leadership Summit (BCLS) in 2015. He presented the analogy of the adoption of electricity: 40% of the U.S. adopted electricity in 40 years after its invention. When smartphones emerged, the U.S. saw 90% adoption in 8 years. That rate of adoption means that the technology is lightyears ahead of ideological grasp for policy makers, and it presents a huge grey area for legislative action and ethical issues.

From Hess’s testimony, it seems like it should be clear now that the U.S. needs to foster a better relationship between government agencies and the private tech sector — something most security experts have been calling for for years. Indeed, Jody Westby, CEO and founder of Global Cyberrisk, underscored the need for public/private cooperation at the same BCLS panel on cyber security with Kaiser last year. Her outlook on the global state of cyber security was dim, pointing out that the “bad guys” have already won with cyber criminals’ abilities having far surpassed those of law enforcement. But so long as the potential for state agencies to work with tech experts remains on the table, there is at least a sliver of a chance that the government won’t be entirely left in the dust when it comes to employing technologically advanced tools to perform criminal investigations. Yet, lawmakers remain opposed to introducing a blanket allowance for agencies such as the F.B.I. to work with third parties. Representative Diana DeGette, a Democrat from Colorado, said she doesn’t think relying on third parties is a good model because it could open up greater security risks should information pass to outside groups.

The jury will likely be out on these issues for some time. In the meantime, more investigations will stagnate.

See more expertise here on the Apple/F.B.I. controversy from Dr. Jean Camp for Blouin News.