tv Hearing on Encryption and Federal Investigations CSPAN March 1, 2016 1:00pm-4:01pm EST
we ask all the members of the media that are taking thousands of pictures here, i'm sure they got some excellent ones of the director, but we ask you to please clear aside so we can begin the hearing. the judiciary committee will come to order and without objection the chair is authorize recess of the committee at any time. we welcome everyone to this afternoon's hearing on the encryption tight rope, balancing american security and privacy. and i will begin by recognizing myself for an opening statement. we welcome everyone today to this timely and important hearing on encryption. encryption is a good thing. it prevents crime. it prevents terrorist attacks.
it keeps our most valuable information safe, yet it is not used as effectively today as is necessary to protect against the ever increasing sophistication of foreign governments, criminal enterprises and just plain hackers. we see this manifest almost every week in the reports of losses of massive amounts of our most valuable information from government agencies, retailers, financial institutions and average americans. from identity theft to the compromising of our infrastructure to our economic and military security, encryption must play an ever increasing role, and the companies that develop it must be encouraged to increase its effectiveness. encryption is a topic that may sound arcane or only the province of techies, but in fact it's a subject whose solutions will have far reaching and lasting consequences. the judiciary committee is a particularly appropriate forum for this congressional debate to
occur. as the committee of exclusive jurisdiction over the united states constitution, the bill of rights and the federal criminal laws and procedures, we are well versed in the perennial struggle between protecting americans' privacy and enabling robust public safety. this committee is accustom to addressing many of the significant legal questions arising from laws that govern surveillance and government access to communications, particularly the wiretap act, the electronic communications privacy act, the foreign intelligence surveillance act and the communications assistance to law enforcement act, otherwise known as calea. today's hearing is a continuation of the committee's work on encryption, work that congress is best suited to resolve. as the hearing title indicates, society has been walking a tight rope for generations in attempting to balance the security and privacy of americans' communications with the needs of our law enforcement
and intelligence agencies. in fact, the entire world now faces a similar predicament particularly as our commerce and communications bleed over international boundaries on a daily basis. encryption in securing data in motion and in storage is a valuable technological tool that enhances americans' privacy, protects our personal safety and national security, and ensures the free flow of our nation's commerce. nevertheless as encryption has increasingly become a ubiquitous technique to secure communications among consumers, industries and governments, a national debate has arisen concerning the positive and negative implications for public safety and national security. this growing use of encryption presents new challenges for law enforcement seeking to obtain information during the course of its investigations, and even more foundationally tests the basic framework that our nation has historically used to ensure
a fair and impartial evaluation of legal process used to obtain evidence of a crime. we must answer this question, how do we deploy ever stronger, more effective encryption without undually preventing lawful access to communications and terrorists doing us harm. this now seems like a perennial question that has challenged us for years. in fact, over 15 years ago i led congressional efforts to ensure strong encryption technologies and to ensure that the government could not automatically demand a back door key to encryption technologies. this enabled the u.s. encryption market to thrive and produce effective encryption technologies for legitimate actors rather than see the market head completely overseas to companies that do not have to comply with basic protections. it is true this technology has
been a devious tool of malefactors. here is where our concern lies, adoption of new communications technologies by those intending harm to the american people is outpacing law enforcement's technological capability to access those communications in legitimate criminal and national security investigations. following the december 15 terrorist attack in san bernardino, california, investigators recovered a cell phone owned by the county government but used by one of the terrorist responsible for the attack. after the fbi was unable to unlock the phone and contents a judge provided apple to provide assistance in obtaining access to the data on the device citing the all writs act as authority to compel. apple has challenged the court order arguing that its encryption technology is necessary to protect its customers' communications, security and privacy and raising both constitutional and
statutory objections to the magistrate's order. this particular case has some very unique factors involved and as such may not be an ideal case upon which to set precedent. and it is not the only case in which this issue is being litigated. just yesterday a magistrate judge in the eastern district of new york ruled that the government cannot compel apple to unlock an iphone pursuant to the all writs act. it is clear that these cases illustrate the competing interests that play in this dynamic policy question, a question that is too complex to be left to the courts and must be answered by congress. americans surely expect that their private communications are protected, similarly law enforcement's sworn duty is to ensure that public safety and national security are not jeopardized if possible solutions exist within their control. this body as well holds its own constitutional prerogatives and
duties. congress has a central role to ensure that technology advances so as to protect our privacy, help keep us safe and prevent crime and terrorist attacks. congress must also continue to find new ways to bring to justice criminals and terrorists. we must find a way for physical security not to be at odds with information security. law enforcement must be able to fight crime and keep us safe and this country's innovative companies must at the same time have the opportunity to offer secure services so keep their customers safe. the question for americans and lawmakers is not whether or not encryption is essential, it is. but instead whether law enforcement should be granted access to encrypted communications when enforcing the law and pursuing their objectives to keep our citizens safe. i look forward to hearing from our distinguished witnesses today as the committee continues its oversight of this real life dilemma facing real people all
over the globe. it's now my pleasure to recognize the ranking member of the committee, the gentleman from michigan, mr. conyers, for his opening statement. >> thank you, chairman goodlatte. members of the committee and our distinguished guests, i want to associate myself with your comments about our jurisdiction. it is not an accident that the house judiciary committee is the committee of primary jurisdiction with respect to the legal architecture of government surveillance. in times of heightened tension some of our colleagues will rush to do something, anything, to get out in front of an issue. we welcome their voices in the debate, but it is here in this
committee room that the house begins to make decisions about the tools and methods available to law enforcement. i believe that it is important to stay up front before we get into the details of the apple case that strong encryption keeps us safe. former national security director michael hayden said only last week that america is more secure with unbreakable end-to-end encryption. in this room just last thursday former secretary of homeland security michael chertoff testified that in his experience strong encryption laws help law
enforcement more than it hinders any agency in any given case. the national security council has concluded that the benefits to privacy, civil liberties and cyber security gained from encryption outweigh the broader risk created by weakening encryption. and director comey himself has put it very plainly, universal strong encryption will protect all of us, our innovation, our private thoughts and so many other things of value. from thieves of all kinds. we will all have lock boxes in our lives that only we can open and in which we can store all
that is valuable to us. there are lots of good things about this. now for years despite what we know about the benefits of encryption, the department of justice and the federal bureau of investigation have urged this committee to give them the authority to mandate that companies create back doors into their secure products. i've been reluctant to support this idea for a number of reasons. the technical experts have warned us that it is impossible to intentionally introduce flaws into secure products, often called back doors, that only law enforcement can exploit to the exclusion of terrorists and cyber criminals. the tech companies have warned
us that it would cost millions of dollars to implement and would place them at a competitive disadvantage around the world. the national security experts have warned us that terrorists and other criminals will simply resort to other tools entirely outside the reach of our law enforcement and intelligence agencies. and i accept that reasonable people can disagree with me on each of these points. but what concerns me, mr. chairman, is that in the middle of an ongoing congressional debate on this subject, the federal bureau of investigation would ask a federal magistrate to give them the special access to secure products that this
committee, this congress and the administration have so far refused to provide. why has the government taken this step and force this issue? i suspect that part of the answer lies in an e-mail obtained by "the washington post" and reported to the public last september. in it a senior person in the law enforcement community writes, although is hostile today, it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement. in turn keeping value open in such important situation.
i'm deeply concerned by this cynical mindset. and i would be deeply disappointed if it turns out that the government is found to be exploiting a national tragedy to pursue a change in the law. i also have doubts about the wisdom of applying the all writs act, enacted in 1879, codified in 1911 and last applied to a communications provider by the supreme court in 1977 to a profound question about privacy in modern 2016. i fear pursuing the serious and complex issue to the awkward use of an inept statute was not and is not the best course of
public safety in this country has depended in large measure on the ability of law enforcement agents going to courts and obtaining warrants to look in storage areas sometimes people's stuff can be looked at only with predication and oversight and approval by independent judiciary. fourth thing i believe is that these two things are intention in many contacts, increasingly in law enforcement work generally across the country, we see it obviously in isil's efforts to reach into this country and using mobile messaging apps that are end-to-end encrypted task people to kill innocent people in the united states. that is a huge feature of our national security work and a major impediment to our
counterterrorism work. because even with a court order what we get is unreadable. to use a technical term it's gobbledygunk. we see it in criminal work across the country. we saw tragically last year in baton rouge a woman eight months pregnant was killed by somebody she opened the door to and her mom says she kept a diary, but it's on her phone, which is locked. and so the case remains unsolved. and most recently and most prominently as both mr. conyers and chairman mentioned, we see it in san bernardino. a case where two terrorists in the name of isil killed 14 people and wounded 22 others at a office gathering and left behind three phones, two of which the cheaper models they smashed beyond use. and the third was left locked. in any investigation as done competently the fbi would try to get access to that phone. it's important that it's a live
ongoing terrorist investigation, but in any organization a competent investigator would use lawful tools to get access to that device. and that's what you see happening in san bernardino. now, the san bernardino case is about that case. it obviously highlights the broader issue. and of course it will be looked upon by other judges and other litigants, but it is about the case. and trying to do a competent job of understanding is there somebody else and are there clues to what else might have gone on here, that is our job. the fifth thing i believe is that democracies resolve these kind of really hard questions through robust debate. i think the fbi's job is very, very limited. we have two jobs. the first is to investigate cases like san bernardino and to use tools that are lawful and appropriate. the second thing it's our job to tell the american people the tools you are counting on us to use to keep you safe are becoming less and less effective. it is not our job to tell the american people how to resolve that problem. the fbi is not some alien force
imposed upon america from mars. we are owned by the american people. we only use the tools that are given to us under the law. and so our job is simply to tell people there is a problem. everybody should care about it. everybody should want to understand. if there are warrant proof spaces in their life, what does that mean, what are the costs of that and how do we think about that? i don't know what the answer is. it may be the american people through congress and the courts decide. it's too hard to solve. or law enforcement can do its job well enough with strong encryption covering our communications and our papers and effects or that it's something that we have to find a way to fix to achieve a better balance. i don't know. my job is to try to offer thoughtful explanations about the tools the fbi has and to bring them to the attention of the american people and then answer questions about that. so i'm very, very grateful for this forum and this conversation. there are no demons in this debate. the companies are not evil. the government's not evil. you have a whole lot of good
people who see the world through different lenses who care about things, all care about the same things in my view, the companies care about public safety, the fbi cares about innovation and privacy, we devote our lives to trying to stop people from stealing our innovation, our secrets and hacking into our devices. we care about the same things, which should make this in a way an easier conversation, which i very much look forward to. thank you. >> thank you, director comey. we'll now proceed under the five-minute rule with questions for the witness. and i'll begin by recognizing myself. director, there has been quite a bit of debate about the government's reliance on the all writs act, which most people had never heard of until the last week or so. that is being used in this case to try to compel apple to bypass the auto erase functions on the phone. it has been characterized as an antiquated statute dating back to 1789, that was never intended to empower the courts to require a third party to develop new technology.
how do you respond to that characterization? has the fbi relied on in the past to gain access to iphones or similar devices and is the act limited to the circumstances in which congress has already imposed a statutory duty on a third party to provide assistance? >> thank you, mr. chairman. i smile a little bit when i hear that because old doesn't mean bad, at least i hope it doesn't because i'm rapidly approaching that point. the constitution is as old or older than the all writs act and i think that's still a pretty useful document. it's a tool that i used. i think there are some members of the committee or former federal prosecutors, every assistant u.s. attorney knows it. it is an act that congress passed when the constitution was a baby so there was a vehicle for judges to get their orders complied with. and it's been used many, many, many times and interpreted by the courts many times, including by the supreme court. the cases at hand are simply about, as i understand it, what is the reach of the all writs act, it's still good law but how
far does it extend especially given how technology has changed. i think the courts are going to sort that out. it was a decision yesterday in new york, there will be decisions in california, there will probably be lots of others because this is a problem law enforcement is seeing all over the country. >> let me ask you about that decision in new york, because in its brief, in the california case apple argues that a provision of calea, another federal statute, actually prohibits the magistrate from ordering it to design a means to overi override the auto erase functions on the phone. just yesterday a magistrate in new york upheld that argument. can you comment on that? >> not in an intelligent way because i haven't read the decision out of new york. i understand the basic contours of the argument. i don't fully get it honestly because calea is about data in motion, but this is about data at rest. i also think this is the kind of thing judges do, take acts of congress and try and understand what does it mean especially given changing circumstances so i expect it will be bumpy. there will be lots of lawyers paid for lots of hours of work, but we'll get to a place where
we have the courts with an understanding of its reach. >> now, if the fbi is successful in requiring apple to unlock this phone, that won't really be a one-time request, correct? >> well, the issue of locked phones certainly not because it's become -- >> it will set a precedent for other requests from the federal bureau of investigation and any other law enforcement agency to seek the same assistance in many, many, many other cases. >> sure. potentially. because at any decision of a court about a matter is potentially useful to other courts, which is what a precedent is. i happen to think having talked to experts there are technical limitations to how useful this particular san bernardino technique will be given how the phones have changed. but sure, other courts, other prosecutors, other lawyers for companies will look to that for guidance or to try and distinguish it. >> so that technology once developed, which i presume they could destroy again but then would have to recreate hundreds of times, how confident are you,
whichever procedure apple decided to pursue, how confident are you that what you are requesting which is effectively the key of a code, how confident are you that will remain secure and allow all the other customers of apple and apply to other technologies as well, how confident are you that it will not fall into the wrong hands and make everyone's communication devices less secure, not more secure? >> first, i got to quibble a little with the premise of your question, there are issues about back doors, i don't see this that way. there's already a door on that iphone, we're asking apple to take the vicious guard dog away and let us try to pick the lock. later phones, as i understand the 6 and after, there aren't doors. so there isn't going to be, can you take the guard dog away and let us pick the lock. but look, i have a lot of faith maybe i don't know them well
enough in the companies' ability to secure their own information. the icloud is not encrypted, but i don't lie awake at night wondering whether they're able to protect the contents of the icloud. they're very good at protecting their information and innovation. no thing is for certain, but i think these folks are pros. >> thank you very much. chair recognizes the ranking member, mr. conyers, for his questions. >> thank you, chairman goodlatte. and welcome again to our forum here a very regular visitor to the judiciary committee. director comey, it's been suggested that apple has no interest in helping law enforcement in any criminal case and that the company cares more about marketing than about investigating a terrorist attack. in your view are companies like apple generally cooperative when
the fbi asks for assistance, accompanied by appropriate legal process? did apple assist with this particular investigation? >> i think in general all american companies, and i can't think of an exception sitting here who want to be helpful especially when it comes to public safety because they have families and children just as we do. that's the attitude we're met with. in this particular case as in many others apple was helpful to us. we had lots of good conversations about what we might be able to do to get this device open. and we got to a place where they said for reasons that i don't question their motive we're not willing to go further. and the government made a decision, we still have an avenue to pursue with the judge, we'll go to the judge. but i don't question their motives. >> all right. thank you. i sense you're still reluctant to speak about how your success in this case might set a precedent for future actions.
you indicated last week this litigation may guide how other courts handle similar requests. could you elaborate on that, please? >> sure. first of all, let me say this, i've been trying to explain to people. this case in san bernardino is about this case, and i worry very much about the pain frankly to the victims in this case when they see this matter that's so important to them becoming a vehicle for a broader conversation. so i want to make sure that everybody, especially the fbi remains grounded in the fact this is about that case. my wife has a great expression she uses to help me be a better person, which is, it's not about you, dear. this case in san bernardino is not about the fbi, it's not about apple, it's not about congress, it's not about anything other than trying to do a competent investigation in an ongoing active case. that said of course any decision by a judge in any form is going to be potentially precedence in some other form, not binding.
the government lost the case yesterday in brooklyn. we could lose the case in san bernardino and it would be used as precedent against the government. that's just the way the law works, which i happen to think is a good thing. >> thank you. if you succeed in this case, will the fbi return to the courts in future cases to demand apple and other private companies assist you in unlocking secure devices? >> potentially, yes. if the all writs act is available to us and if the relief as explained by the courts fits the powers of the statute, of course. >> and finally, i think we can acknowledge then that this case will set some precedent. and if you succeed, you will have won the authority to access encrypted devices, at least for now. given that you've asked us to
provide you with that authority since taking your position and given that congress has explicitly denied you that authority so far, can you appreciate our frustration that this case appears to be little more than an inrun around this committee? >> i really can't, mr. conyers. first of all, i don't recall a time when i've asked for a particular legislative fix -- in fact the administration's position has been not seeking legislation at this time, but also we're investigating a horrific terrorist attack in san bernardino. there's a phone that's unlocked that belonged to one of the killers. the all writs act that's been used since i was a boy we think is a reasonable argument to have the court to use the all writs act to direct the company to open that phone. that's what this is about. if i didn't do that, i ought to be fired, honestly. i can also understand your frustration at the broader conversation because it goes way beyond this case.
this case will be resolved by the courts, it does not solve the problem we're all here wrestling with. >> i thank the director. and i yield back any unused time. thank you, mr. chairman. >> thank you. and the chair recognizes the gentleman from ohio for five minutes. >> thank you, mr. chairman. i have a statement from the application developers alliance here that i'd like to have included in the record. >> without objection it will be made part of the record. >> thank you, mr. chairman. and director comey, like yourself i happen to be a graduate of the college william & mary. i'm going to start with a tough question. anything nice you'd like to say about the college of william & mary. >> i actually met my wife there. that's the best thing that happened to me, second best is i was there. >> excellent. great place to go. there's two members currently, ms. titus of nevada is also a graduate. now, this hearing is about electronic data security --
>> chair is happy to extend additional time to the gentleman for recognizing an important virginia educational achievement. >> i appreciate the chairman. and as already indicated this is about electronic data security or as you described it keeping our stuff online private. so i'd like to ask you this and it may seem a little off topic, but i don't think it is. a few weeks back the fbi's general counsel james baker acknowledged that the fbi is, quote, working on matters related to former secretary of state hillary clinton's use of a private e-mail server, unquote. and josh earnest stated, quote, some officials over there, referring to the fbi, had said that hillary clinton is not a target of this investigation and that it's not trending in that direction, unquote. and the president then weighed in. even though he apparently had never been briefed on the matter, commenting that he didn't see any national security
implications in hillary's e-mails. and obviously this is a matter of considerable import. is there anything that you can tell us as to when this matter might be wrapped up one way or the other? >> i can't, congressman. as you know, we don't talk about our investigations. what i can assure you is that i am very close personally to that investigation to ensure that we have the resources we need including people and technology and that it's done the way the fbi tries to do all of its work, independently, competently and promptly. that's our goal. and i'm confident it's being done that way. but i can't give you any more details beyond that. >> i certainly understand and i appreciate it. i thought you might say that, but you can't blame me for trying. let me move on. if apple chose to comply with the government's demand, maybe it does have the technical expertise and time and finances to create such a vulnerability so we can get in and get that
information, but let me ask you, what about a small business? i happen to be chairman of the house small business committee. wouldn't such a mandate to say a small company, a start-up say with four or five, six employees, wouldn't that be a huge burden on a small business to have to comply with this sort of thing? >> it might be. and that's one of the factors as i understand it courts consider in passing on an all writs act request, the burden to the private actor, how much would it cost them, how much time and effort. i think apple's argument in this case is it would take a ton of effort, time and money to do it and that's one of the reasons we shouldn't be compelled to do it. it's a consideration built into the judicial interpretations of the act. >> thank you. as chair of the committee we'd ask you certainly to consider how this could affect, you know, seven out of ten new jobs created in the economy are small business folks, half of the people employed in this country in the private sector are small businesses. and i think we should always consider them. let me move onto something else. in this testimony from our december 2015 hearing about
hr-699, the e-mail privacy act, the assistant special agent in charge of criminal investigation division of the tennessee bureau of investigations voiced a frustration with the increasing technological capabilities of both criminals and noncriminals. rather than trying to arguably infringe on the fourth amendment rights of all americans, would it be possible to better train our law enforcement officers and equip them to keep up with this changing world that we're discussing today? >> well, there's no doubt that we have to continue to invest in training so that all of our folks are digitally literate and able to investigate in that way. the problem here is all of our lives are on these devices, which is why it's so important they be private. that also means all of criminal and pedophile and terrorist lives are on these devices. if they're warrant proof, a
judge can't order access to a device, that is a big problem. i don't care how good the cop or agent, that is a big problem. so that we can't quite train our way around. >> thank you very much. i'm almost out of time, so let me conclude with, go tribe, thank you. >> chair thanks the gentleman, recognize the gentleman from new york. >> thank you. since we've gone a little far afield here, let me do so briefly point out among others thomas jefferson was the founder of the democratic party was also a graduate of william & mary. mr. comey -- director comey, the -- we're all certainly very condemning of the terrorist attack in san bernardino. and we all our hearts go out to the families of the victims and i commend the fbi you've done everything to investigate this matter. now, the two terrorists are dead and another co-conspirator, the neighbor, is in jail. you've used the usa freedom act to investigate their phone calls -- which this committee
wrote last year to track their phone calls and investigate everyone they ever spoke to on that phone. the fbi has done a great job already. now let me ask you a few questions. it's my understanding that we have found that the attack in san bernardino was not in any way planned or coordinated by isis, is that correct? it may have been inspired by but not directly planned -- >> so far as we know, correct. >> have you eliminated any connection between the two suspects and any overseas terrorist organization? >> eliminated in? >> have you seen any evidence of any, better way of putting it. >> we have not seen any evidence of that. >> okay. now, given those facts there's no evidence of coordination with anybody else, it's the two home grown self-motivated, perhaps inspired by isis, terrorists. now, the investigators seize the iphone in question on december 3rd. the fbi reached out to apple for assistance on december 5th.
apple started providing the fbi with information i gather the same day. but then the next day on december 6th at the instruction of the fbi san bernardino county changed the password to the icloud account associated with that device, they did so without consulting apple at the instruction or suggestion of the fbi. and changing that password foreclosed the possibility of a backup that would allow apple to bypass this information without bypassing its own security and thus in the first place the application to the court that you made and that we're discussing today. in other words, if the fbi hadn't instructed san bernardino county to change the password to the icloud account, all this wouldn't have been -- would have been unnecessary and you would have had that information. my question is why did the fbi do that? >> i have to -- first of all, i want to choose my words very, very carefully. i said there is no evidence of direction from overseas terrorist organizations. this is a live investigation,
and i can't say much more beyond that. this investigation is not over. and i worry that embedded in your question was that you understood me to be saying that. second, i do think as i understand from the experts there was a mistake made in the 24 hours after the attack where the county at the fbi's request took steps that made it hard -- impossible later to cause the phone to backup again to the icloud. the experts have told me i'd still be sitting here -- i was going to say unfortunately -- fortunately, i'm glad i'm here, but we would still be in litigation because the experts tell me there's no way we would have gotten everything off the phone from a backup. i have to take them at their word, but either that part or premise of your question is accurate. >> okay. so second part of my question -- excuse me. second part of my question is, it wasn't until almost 50 days later, on january 22nd, when you served the warrant. given the allegedly critical
nature of this information, why did it take the fbi 50 days to go to court? >> i think there were a whole lot of conversations going on in that interim with companies, with other parts of the government, with other resources to figure out if there was a way to do it short of having to go to court. >> okay. thank you. now, getting off this specific case because i do think we all understand it's not just a specific case it will have widespread implications in law, and however the courts resolve this, which is essentially a statutory interpretation case, the buck is going to stop here at some point. we're going to be asked to change the law. so encryption software's free open source and widely available, if congress were to pass the law forcing u.s. companies to provide law enforcement with access to encrypted systems, would that law stop bad actors from using their own encryption? >> it would not. >> it would not. so the bad actors would just get around it. >> sure. encryption's always been available to bad actors -- >> so if we were to pass a law saying that apple and whoever else had to put back doors or
whatever you want to call them into their systems, the bad actors -- and with all the appropriate -- with all the -- not appropriate, all the con commatent, the bad actors could easily get around that by making their own encryption systems? >> the reason i'm hesitating is i think we're mixing together two things, data in motion and data at rest. the bad guys couldn't make their own phones, but the bad guys could always try and find a device that was encrypted. the big change happened in the fall of 2014 when the companies flipped from available encryption to default. that's a shadow of going dark -- >> but couldn't foreign companies and bad actors do that, whatever we said? >> sure, potentially people could say i love this american device but because i worry about a judge ordering access to it i'm going to buy this phone from a nordic country -- it could
happen, i don't know if it would happen a lot, but it could happen. >> thank you. i yield. >> i would like to ask unanimous consent that patent number 02 0 024704302. >> without objection. >> additionally another patent 3573, copy of the patent usa today, additionally from science and technology an article that says department of homeland security awards $2.2 million to malibu, california company for mobile security research and in other words an encryption proof unbreakable phone. additionally and lastly, the article in politico today on the new york judge's ruling in favor
of apple. >> without objection they will all be made a part of the record. >> thank you, mr. chairman. justice scalia said said what i'm going to quote almost 30 years ago in arizona v. hicks. there is nothing new in the realization that the constitution sometimes insulates the criminality of a few in order to protect the privacy of all of us. i think that stands as a viewpoint that i want to balance when asking you questions. as i understand the case, and there's a lot of very brilliant lawyers and experienced people that know about it, but what i understand is that you in the case of apple in california are demanding through a court order
that apple invent something. fair to say, that they have to create something. if that's true, then my first question to you is the fbi is the premier law enforcement organization with laboratories that are second to none in the world. are you testifying today that you and/or contractors could not achieve this without demanding an unwilling partner do it? >> correct. >> and you do so because you have researched this extensively. >> yes, we have worked very, very hard on this. we're never going to give up. >> did you receive the source code from apple? did you demand the source code? >> not that i'm aware of. >> so you had a software person saying can you modify this to do what we want if you didn't have the source code.
who did you go to, if you can tell us, that you consider an expert on writing source code changes that you want apple to do for you? you want them to invent it, but who did you go to? >> i'm not sure i'm following the question. >> i'm going to assume that the burden of apple is x. but before you get to the burden of apple doing something it doesn't want to do because it's not in its economic best interest and they have said they have it real ethical believes that you're asking them to do something wrong, but you are asking them to do something and there's a burden. they have to invent it. have you fully viewed the burden to the government? we spent $4.2 trillion every year. you have a multibillion dollar budget. is the burden so high on you that you could not defeat this product either through getting the source code or some other
means? >> we wouldn't be litigating if we could. ef engaged all parts of the government to see if anyone has a way with a 5c running ios 9 and we do not. >> let's go through the 5c. does the 5c have a memory in which the data and switches for the phone settings are located in that data? >> i don't know. >> it does. take my word for it for now. that means that you can, in fact, remove from the phone all of its memory, all of its nonvolatile memory and set it over here and have a true copy of it that you could conduct infinite number of attacks on. let's assume that you can make an infinite number of copies, right? >> i have no idea. >> let's go through what you
asked. i'm doing this because i came out of the security business and this befuddles me that you haven't looked at the source code and don't understand the disk drive to answer my dumb questions, if if you will. if there's only a memory and that memory sits here and there's a chip. the chip does have an encryption code burned into it. you can make 10,000 copies of this nonvolatile memory hard drive then you can perform as many attacks as you want on it. now you have asked specifically apple to defeat the finger code so you can attack it automatically so you don't have to punch in codes. you have asked them to eliminate the ten and destroy. but you haven't, as far as i know, asked them, okay, if we make 1,000 copies or 2,000 co copies of this and put it with the chip and run five tries and
then throw that image away and put another one in and do that 2,000 times, won't we have tried with a nonchanging chip and an encryption code that's duplicated, won't we have tried all 10,000 possible combinations in a matter of hours? if you haven't asked that question, the question is how can you come before this committee and federal judge and demand that somebody else invent something if you can't answer the questions that your people have tried this. >> first, i'm the director of the fbi. if i could answer that question, there would be something dysfunctional in the leadership. >> i only asked if your people had done these things. i u asked you who did you go to -- did you get the source code? you're expecting somebody to obey an order and you haven't figured out whether you could do it yourself. you just told us we can't do it but you didn't ask for the source code and i'm just a
guy -- >> the time of thely gentlemas expired. >> i did not ask the questions you're asking me here. i'm not sure i understand the questions. i have reasonable confidence, in fact, i have high confidence that all elements of the government have focused on this program and have had great conversations with apple. apple has never suggested there's another way to do it. it could be when the representative testifies and we'll have some great breakthrough, but i'm totally open to suggestions. lots of people have e-mailed ideas. we haven't figured it out. i'm hope iing my folks are watcg this and if you said something that makes sense to them, we'll jump on it and let you know. >> thank you, mr. chairman. and thank you, director comey for your service to the country and your efforts to keep us safe. it's appreciated by every member
of this committee along with your entire agency. we do value your service and appreciate it. i remember in law school the phrase bad cases make bad law. i'm sure we've all heard that. i think this might be a prime example of that rule. we can't think of anything worse than what happened in san bernardino. two terrorists murdering innocent people. it's outrageous. it sickens us. and it sickens the country. but the question really has to be what is the rule of law here. where are we going with this. as i was hearing your opening statement, talking about a world where everything is private, it may be that the alternative is a world where nothing is private. because understand you have holes in encryption, the rule is it's not a question of if, but
when those holes will be exploited and everything that you thought was protected will be revealed. now the united states law often tends to set international norms, especially when it comes to technology policy. in fact, china removed provisions that required back-doors from its counterterrorism law passed in december because of the strong international norm against creating cyber weaknesses,p & b last night i heard a report that the ambassadors from america, canada, germany and japan sent a joint letter to china buzz they are now thinking about putting a hole in encryption in their new policy. did you think about the implication for foreign policy what china might do when you filed the motion if san bernardino or was that not part
of the equation? >> i don't remember thinking about in the context of this particular investigation, but i think about it broadly. which is one of the things that makes it so hard. there are international implications. less to the device encryption question. i have no doubt that there's international implications. i don't have good visibility into what the chinese require of people. i know it's an important topic. >> before i forget, i'd like to ask unanimous consent to put in the record an op-ed that was created in "the los angeles times" today authored by myself and my colleague mr. issa on this subject. >> how could anyone object to that? >> i just note that in terms of the -- you mentioned the code they have done a good job of protecting their code and you didn't remember anything getting
out loose. but i do think if you take a look at the situation with jooun per networks where their job is cyber security really and they felt that they had strong encryption and yet there wasn't a vulnerability. they were hacked and it put everybody's data, including the data of the u.s., of the fbi, the state department and department of justice at risk and we still don't know what was taken by our ennys. did you think about the juniper networks issue when you filed the report of remedy in san bernardino? >> no, but i think about that in a similar of similar intrusions and hacks all day long because it's the fbi's job to investigate those and stop those. >> i was struck by your comment that apple hadn't been hacked, but in fact, icloud accounts had
been hacked in the past. we remember 2014 the female celebrity accounts that were hacked from icloud and cnbc had a report that likely attacks and apple had to release a patch in response to concerns that there had been attacks on icloud accounts. so i'm anticipating, we'll see, that apple will take further steps to encrypt and protect not only its operating system that it has today but also the protection as well as the icloud accounts. i will just close with this. i have on my iphone all kinds of messaging apps that are fully
encrypted. some better than others. some were designed in the united states. a bunch of them were designed in other countries. and i'm not -- i wouldn't do anything wrong on my iphone, but if. i were a terrorist i could use any one of those apps and communicate securely and there wouldn't be anything that the u.s. government, not the fbi, not the congress or the president could do to prevent that from occurring. so i see this as the question of whether my security is going to be protected but the terrorists will continue. i thank you for being here. >> the gentleman from texas is recognized for five minutes. >> the fourth amendment protects
citizens from government. citizens have rights. government has power. there's nowhere i see in the fourth amendment that there is a the fourth amendment should be weighed. i signed lots of warrants in 22 years from everybody, including the fbi. what is to be searched and law enforcement typically would full field the duty or ability in that warrant as far as they could. now we have a situation where it's not lawful possession. they are in lawful possession of the san bernardino phone. you agree with me on that. >> yes. >> we're not talking about whether the phones are in lawful
possession. the issue is whether the specific issue is whether government can force apple and to give them the golden key to unlock the safe. >> apple develops software and unlocks the phone, but this is not the only phone in question. there are other phones that fbi has lawful possession. >> law enforcement encounters phones and investigations all over. >> there are several. >> how many cases do you have that you want to get into the phone but you can't get into it because you don't have the software to break into it.
or to get into it. >> i don't know the number. a lot. they are all different, which makes it hard to talk about any one case without being specific. >> but you're in lawful possession. this is not the issue of the fbi lawfully possesses them. you can't get into them. here's a specific phone. my question is what would prevent the fbi from taking that software and going sbo all those other phones you have. >> i see. it's a big different. the direction from the judge is not to have apple get us into the phone. it's to have apple turn off by developing software to tell the phone to turn off the delay features. so we can try to guess the password. so in theory, if you had another 5c running ios9, there is no
door to try to pick the lock on. but if there were phones in the same circumstances, sure. you could ask for the same relief from a court to make effective the search warrant. >> take away the drooling watchdog that's going to attack us. give us time to pick the lock. >> the viper system that mr. issa developed. the government has the ability to demand that occur. we have two court rulings. they are different. a little different cases. would you agree, or not, congress has to resolve this
problem. we shouldn't leave it up to the judiciary to make this decision. congress should determine what the expectation of privacy is and these particular situations of encryption or no encryption. would you agree or not? >> i think that the courts are competent and this is what we have done for 230 years to resolve the narrow question about the scope of the act, but the broader question we're talking about goes far beyond phones or any case. this collision between privacy the courts cannot e resolve that. >> and only congress didn't resolve the expectation of privacy in this high-tech atmosphere of all this information store d and would yu agree or not? since congress resolved this issue of expectation of privacy of the american citizens. >> i think congress has a critical role to play. since the founding of this
country, the courts have interpreted the fifth amendment so they are competent. that's an independent branch of goal, but i think it's a huge role for congress to play. >> i agree with you. this congress is responsible to determine privacy in this high-tech world. i yield back. >> the gentleman from tennessee is recognized for five minutes. >> i'll take a chance. >> if you want to go i'll go or i'll come back. >> i'm trying to move it along. >> director comey, are there limitations that you could see in permitting the fbi or government in a court to look into certain records, certain type of cases, certain type of circumstances that you could foresee or do you want it open for any case where there could be value? >> i'm not sure i'm following you. i like the way we have to do our
work which is go to a judge and show lawful authority and a factual basis for access to anybody's stuff. >> but if we decided to pass a statute and thought it should be limited to terrorism or maybe u to something where there's reasonable expectation that a person's life is in jeopardy and could apprehend somebody, have you thought about any limits because under what you're saying you go to a court for cases that are not capital cases. they get he has something to do with it and that's important. but if you're talking about getting into somebody's information to find out who they
sold two bags or whatever to a whole different issue. where would you limit if if you were coming up with a statute to satisfy both your interest and the most important cases and yet satisfy privacy concerns. >> i misunderstood the question. i don't know. in having thought about it well enough, i don't think it should be the fbi offering those parameters to you. there is precedent for that kind of thing. we can only seek wiretaps on certain offenses. in the united states. it has to be really serious stuff before a judge can even be asked to allow us to listen to someone's communications. . it can't just be any offense. but i haven't thought about it well enough. >> thank you. i'm slow in getting up there to vote and the republicans hit quickly i'm going to yield back and start to walk fast. >> thank you, the committee will stand in recess. we have two votes on the floor with seven remaining in the first vote.
this it hearing on encryption with the fbi director comey and also later the general council of apple will continue. they are in a break here for a series of votes on the house floor. a couple votes on the house floor. you can follow those over on c-span. we expect them back in about half an hour or so.
while they are in this recess, we'll show you some of the opening statements from just a short while ago. we welcome everyone to this afternoon's hearing on this encryption tight rope, balancing american security and privacy. we welcome everyone today to this timely and important hearing on encryption. encryption is a good thing. we see this manifest every week
in the reports of losses of massive amounts of our most valuable information from government agencies, retailers, financial institutions and average americans. from identity theft to the compromising of our infrastructure to our economic and military security, encryption must play an ever increasing role, and the companies that develop it must be encouraged to increase its effectiveness. encryption is a topic that may sound arcane or only the province of techies, but in fact it's a subject whose solutions will have far reaching and lasting consequences. the judiciary committee is a particularly appropriate forum for this congressional debate to occur. as the committee of exclusive
jurisdiction over the united states constitution, the bill of rights and the federal criminal laws and procedures, we are well versed in the perennial struggle between protecting americans' privacy and enabling robust public safety. this committee is accustom to addressing many of the significant legal questions arising from laws that govern surveillance and government access to communications, particularly the wiretap act, the electronic communications privacy act, the foreign intelligence surveillance act and the communications assistance to law enforcement act, otherwise known as calea. today's hearing is a continuation of the committee's work on encryption, work that congress is best suited to resolve. as the hearing title indicates, society has been walking a tight rope for generations in attempting to balance the security and privacy of americans' communications with the needs of our law enforcement and intelligence agencies. in fact, the entire world now faces a similar predicament particularly as our commerce and communications bleed over international boundaries on a daily basis. encryption in securing data in motion and in storage is a valuable technological tool that enhances americans' privacy,
protects our personal safety and national security, and ensures the free flow of our nation's commerce. nevertheless as encryption has increasingly become a ubiquitous technique to secure communications among consumers, industries and governments, a national debate has arisen concerning the positive and negative implications for public safety and national security. this growing use of encryption presents new challenges for law enforcement seeking to obtain information during the course of its investigations, and even more foundationally tests the basic framework that our nation has historically used to ensure a fair and impartial evaluation of legal process used to obtain evidence of a crime. we must answer this question, how do we deploy ever stronger, more effective encryption without undually preventing lawful access to communications
and terrorists doing us harm. this now seems like a perennial question that has challenged us for years. in fact, over 15 years ago i led congressional efforts to ensure strong encryption technologies and to ensure that the government could not automatically demand a back door key to encryption technologies. this enabled the u.s. encryption market to thrive and produce effective encryption technologies for legitimate actors rather than see the market head completely overseas to companies that do not have to comply with basic protections. it is true this technology has been a devious tool of malefactors. here is where our concern lies, adoption of new communications technologies by those intending harm to the american people is outpacing law enforcement's technological capability to access those communications in legitimate criminal and national security investigations.
following the december 15 terrorist attack in san bernardino, california, investigators recovered a cell phone owned by the county government but used by one of the terrorist responsible for the attack. after the fbi was unable to unlock the phone and contents a judge provided apple to provide assistance in obtaining access to the data on the device citing the all writs act as authority to compel. apple has challenged the court order arguing that its encryption technology is necessary to protect its customers' communications, security and privacy and raising both constitutional and statutory objections to the magistrate's order. this particular case has some very unique factors involved and as such may not be an ideal case upon which to set precedent. and it is not the only case in which this issue is being litigated. just yesterday a magistrate judge in the eastern district of
new york ruled that the government cannot compel apple to unlock an iphone pursuant to the all writs act. it is clear that these cases illustrate the competing interests that play in this dynamic policy question, a question that is too complex to be left to the courts and must be answered by congress. americans surely expect that their private communications are protected, similarly law enforcement's sworn duty is to ensure that public safety and national security are not jeopardized if possible solutions exist within their control. this body as well holds its own constitutional prerogatives and duties. congress has a central role to ensure that technology advances so as to protect our privacy,
help keep us safe and prevent crime and terrorist attacks. congress must also continue to find new ways to bring to justice criminals and terrorists. we must find a way for physical security not to be at odds with information security. law enforcement must be able to fight crime and keep us safe and this country's innovative companies must at the same time have the opportunity to offer secure services so keep their customers safe. the question for americans and lawmakers is not whether or not encryption is essential, it is. but instead whether law enforcement should be granted access to encrypted communications when enforcing the law and pursuing their objectives to keep our citizens safe. i look forward to hearing from our distinguished witnesses today as the committee continues its oversight of this real life dilemma facing real people all over the globe. it's now my pleasure to recognize the ranking member of the committee, the gentleman from michigan, mr. conyers, for his opening statement. >> thank you, chairman goodlatte. members of the committee and our
distinguished guests, i want to associate myself with your comments about our jurisdiction. it is not an accident that the house judiciary committee is the committee of primary jurisdiction with respect to the legal architecture of government surveillance. in times of heightened tension some of our colleagues will rush to do something, anything, to get out in front of an issue. we welcome their voices in the debate, but it is here in this committee room that the house begins to make decisions about the tools and methods available to law enforcement.
i believe that it is important to stay up front before we get into the details of the apple case that strong encryption keeps us safe. former national security director michael hayden said only last week that america is more secure with unbreakable end-to-end encryption. in this room just last thursday former secretary of homeland security michael chertoff testified that in his experience strong encryption laws help law enforcement more than it hinders any agency in any given case. the national security council has concluded that the benefits to privacy, civil liberties and cyber security gained from
encryption outweigh the broader risk created by weakening encryption. and director comey himself has put it very plainly, universal strong encryption will protect all of us, our innovation, our private thoughts and so many other things of value. from thieves of all kinds. we will all have lock boxes in our lives that only we can open and in which we can store all that is valuable to us. there are lots of good things about this. now for years despite what we know about the benefits of encryption, the department of
justice and the federal bureau of investigation have urged this committee to give them the authority to mandate that companies create back doors into their secure products. i've been reluctant to support this idea for a number of reasons. the technical experts have warned us that it is impossible to intentionally introduce flaws into secure products, often called back doors, that only law enforcement can exploit to the exclusion of terrorists and cyber criminals. the tech companies have warned us that it would cost millions of dollars to implement and would place them at a competitive disadvantage around
the world. the national security experts have warned us that terrorists and other criminals will simply resort to other tools entirely outside the reach of our law enforcement and intelligence agencies. and i accept that reasonable people can disagree with me on each of these points. but what concerns me, mr. chairman, is that in the middle of an ongoing congressional debate on this subject, the federal bureau of investigation would ask a federal magistrate to give them the special access to secure products that this committee, this congress and the administration have so far refused to provide. why has the government taken this step and force this issue? i suspect that part of the answer lies in an e-mail obtained by "the washington post" and reported to the public
last september. in it a senior person in the law enforcement community writes, although is hostile today, it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement. in turn keeping value open in such important situation. i'm deeply concerned by this cynical mindset. and i would be deeply disappointed if it turns out
that the government is found to be exploiting a national tragedy to pursue a change in the law. i also have doubts about the wisdom of applying the all writs act, enacted in 1879, codified in 1911 and last applied to a communications provider by the supreme court in 1977 to a profound question about privacy in modern 2016. i fear pursuing the serious and complex issue to the awkward use of an inept statute was not and is not the best course of action. and i'm not alone in this view. yesterday in the eastern
district of new york a federal judge denied a motion to order apple to unlock an iphone under circumstances similar these are the things i believe to be true, first, that the logic of encryption will bring us in the not too distant future to a place where all of our conversations and all of our papers and effects are entirely private. that is where no one can listen to our conversations, read our texts, read our e-mails unless we say so without our agreement, that's the first thing i believe that the logic of encryption is taking us there. the second thing i believe is as both you and mr. conyers said there's a lot of good about this, a lot of benefits to this.
we will all be able to have storage spaces in our life that nobody else can get into. the third thing i believe is that there are many costs to this. for the last two centuries public safety in this country has depended in large measure on the ability of law enforcement agents going to courts and obtaining warrants to look in storage areas sometimes people's stuff can be looked at only with predication and oversight and approval by independent judiciary. fourth thing i believe is that these two things are intention in many contacts, increasingly in law enforcement work generally across the country, we see it obviously in isil's efforts to reach into this country and using mobile messaging apps that are end-to-end encrypted task people to kill innocent people in the united states. that is a huge feature of our national security work and a
>> i'll now begin by introducing our first witness today, director james comey of the federal bureau of investigation. to welcome the attorney for the southern district of new york. in 2003 he was appointed deputy attorney general under the united states attorney general. and the university of chicago law school. your written statement will be made a part of the record and i ask that you summarize your testimony in five minutes. and we have the timing light on the table. you may begin your testimony. >> thank you, thank you for hosting this it conversation.
and for helping us all talk about an issue that i believe is the hardest i have confronted in government, which is how to balance the privacy we so treasure i worry that we have been talking past each other when it comes to this question of encryption that we call going dark. it would just take a few minutes and try to frame how i think about it in a way i hope is fair minded and if it's not i hope you will tell me where you think it's not. that l logic of encryption will bring us to a place where all of our conversations and all of our papers and effects are private. no one can read our e-mails
unless yes say so. and no one can look at our stuff, read our documents, read things we file away without our agreement. the second thing i believe is there's a lot of good about this. we'll be able to keep private and protected the things that matter most to us. there's a lot to love about this. we'll be able to have storage spaces in our life that nobody else can get into. the third thing i believe is there are many costs to this. for the last two centuries, public safety has depended in large measure on the ability of law enforcement agents going to courts and obtaining warrants to look in storage areas or apartments or to listen with appropriate predication oversight to conversations. that is the way in which law
enforcement brings us public safety. it is very important and it's been part of the balance in ordered liberty. sometimes the people's stuff can be looked at, but only with predication and only with oversight and approval by an independent judiciary. the fourth thing i believe is these two things are intention in it many contexts increasingly international security work and law enforcement work across the country. we see it, obviously, in isil's efforts to reach into this country and using mobile messaging apps that are encrypted task people to kill innocent people in the united states. that is a huge feature of our national security work and a major impediment to our counterterrorism work. because even with a court order what we get is unreadable. to use a technical term it's gobbledygunk. we see it in criminal work across the country. we saw tragically last year in baton rouge a woman eight months
pregnant was killed by somebody she opened the door to and her mom says she kept a diary, but it's on her phone, which is locked. and so the case remains unsolved. and most recently and most prominently as both mr. conyers and chairman mentioned, we see it in san bernardino. a case where two terrorists in the name of isil killed 14 people and wounded 22 others at behind three phones, two of which the cheaper models they smashed beyond use. and the third was left locked. in any investigation as done competently the fbi would try to get access to that phone. it's important that it's a live ongoing terrorist investigation, but in any organization a competent investigator would use lawful tools to get access to that device. and that's what you see happening in san bernardino. now, the san bernardino case is about that case.
it obviously highlights the broader issue. and of course it will be looked upon by other judges and other litigants, but it is about the case. and trying to do a competent job of understanding is there somebody else and are there clues to what else might have gone on here, that is our job. the fifth thing i believe is that democracies resolve these kind of really hard questions through robust debate. i think the fbi's job is very, very limited. we have two jobs. the first is to investigate cases like san bernardino and to use tools that are lawful and appropriate. the second thing it's our job to tell the american people the tools you are counting on us to use to keep you safe are becoming less and less effective. it is not our job to tell the american people how to resolve that problem. the fbi is not some alien force imposed upon america from mars. we are owned by the american people. we only use the tools that are given to us under the law. and so our job is simply to tell people there is a problem. everybody should care about it. everybody should want to
understand. if there are warrant proof spaces in their life, what does that mean, what are the costs of that and how do we think about that? i don't know what the answer is. it may be the american people through congress and the courts decide. it's too hard to solve. or law enforcement can do its job well enough with strong encryption covering our communications and our papers and effects or that it's something that we have to find a way to fix to achieve a better balance. i don't know. my job is to try to offer thoughtful explanations about the tools the fbi has and to bring them to the attention of the american people and then answer questions about that. so i'm very, very grateful for this forum and this conversation. there are no demons in this debate. the companies are not evil. the government's not evil. you have a whole lot of good people who see the world through different lenses who care about things, all care about the same things in my view, the companies care about public safety, the
fbi cares about innovation and privacy, we devote our lives to trying to stop people from stealing our innovation, our secrets and hacking into our devices. we care about the same things, which should make this in a way an easier conversation, which i very much look forward to. thank you. >> thank you, director comey. we'll now proceed under the five-minute rule with questions for the witness. and i'll begin by recognizing myself. director, there has been quite a bit of debate about the government's reliance on the all writs act, which most people had never heard of until the last week or so. that is being used in this case to try to compel apple to bypass the auto erase functions on the phone. it has been characterized as an antiquated statute dating back to 1789, that was never intended to empower the courts to require a third party to develop new technology. how do you respond to that characterization? has the fbi relied on in the past to gain access to iphones or similar devices and is the act limited to the circumstances in which congress has already imposed a statutory duty on a third party to provide assistance? >> thank you, mr. chairman.
i smile a little bit when i hear that because old doesn't mean bad, at least i hope it doesn't because i'm rapidly approaching that point. the constitution is as old or older than the all writs act and i think that's still a pretty useful document. it's a tool that i used. i think there are some members of the committee or former federal prosecutors, every assistant u.s. attorney knows it. it is an act that congress passed when the constitution was a baby so there was a vehicle for judges to get their orders complied with.
the this meeting will reconvene and continue with questions for director comey and the chair recognized the gentleman from utah. >> thank you, mr. chairman. and director, thank you for being here. my grandfather was a career fbi agent so i have a great affinity for the agency. almost always make us proud. the big question for our country is how much privacy are we going to give up in the name of security. there's no easy answer to that. but when historically with all the resources and assets of the
federal government, when has it been the function of government to compel or force a private citizen or a company to act as an agent of the government to do what the government couldn't do? >> i suppose that's a legal question in lots of different circumstances. private entities have been compelled by court order to assist in the writs act. new york telephone case on the topic. >> so let's talk for a moment about what you can see or what you can do. with all the respect to the fbi, they didn't do what apple had suggested they do in order to retrieve the data, correct? when they went to change the password, that kind of screwed things up. >> i don't know that's accurate. i wasn't there. i don't have complete visibility, but i agreed with the questioner earlier. there was an effort by the county at the fbi's request to
reset it to get into it quickly. >> and if they didn't reset it, they could have gone to a local wifi and performed that backup so they could go to the cloud and look at that data, correct? >> you can get in the cloud through that mechanism anything back upable to the cloud but that it doesn't solve the full problem. >> but let's talk about what the government can see on using the phone. you can look at metadata, correct? >> yes. >> if i called someone else or that phone had called other people, all of that information is available to the fbi, correct? >> in most circumstances. >> in this case, you want to talk about this case. you can see the metadata, correct? >> my understanding is we can see most of the metadata. >> how would you define metadata. >> as i understand it, records
of time of contact, numbers assigned to the particular caller or texter. it's everything except content. you can't see what somebody said, but you can see that i text to you in theory. my understanding with texts in particular that's tricky. texting using i message there's limits to our availability. i'm not an expert, but that's my understanding. >> do you believe that if you're tracking where somebody is, is that content or metadata? >> it depends upon whether you're talking historical or realtime. but it can very much implicate the warrant requirement. it does in the fbi's work a lot. >> what's frustrating to me being the chairman of the oversight committee, there is nobody on this panel in a republic and representative of the people to see what the
guidance is post jones and understanding how you interpret and what you're doing or not doing. what's frustrating is the department of justice is asking for more tools, more compulsion and we can't see what you're already doing. we can't even see to the degree you're using sting raies and how they work. i understand how they work, but what sort of requirements are there? suspicion? is there a probable cause warrant and it's not just the fbi. you have the irs and social security and others using sting raies. other tools i would argue are actually content into somebody's life and not just the metadata that you're able to see. how do we get exposure? how can we help if you refuse,
you, meaning the department of the justice, access what tools you have and what you can access. >> i don't have a great answer sitting here. i'll find out what's been asked for. i like the asked of giving as much transparency as possible. people find it reassuring to take cell phone tower simulat s simulators. we always use search warrant so that shouldn't be that hard. >> you may spnl. i have a hard time figuring out when that is responsible. last comment to what degree are you able to access and get into either in this case or broadly are you able to search social media in general and are you using that as a tool to investigate and combat what you need to do? >> the time has expired. the witness can ask the question. >> soernl immediacial media som us useful information, sometimes
it's not. but it's a big part of our work. >> recognize mr. johnson for five minutes. >> thank you, director comey. the framers of our constitution recognized a right to privacy that americans would enjoy. does it not? >> i'm not a constitutional scholar. i think a scholar might say it's not the fourth amendment that's the source of the right to privacy. it's other amendments to the constitution. but that's a technical answer. the fourth amendment is critically important because it's government power. you may not look at the stuff without a warrant and without independent judiciary. >> but it also grants impliable
to the government the authority to search and seize. when the search or seizure is reasonable, is that correct? >> again, to be technical, i think congress has given the government authority through statute. there's restriction on the authority. >> the right of the people to be secure in it their persons, houses, papers and effects against unreasonable searches and seizures shall not be violated and no warrant shall issue but upon probable cause supported by oath or affirmation. what i'm reading into the fourth amendment is people do have a right to privacy, have right to be secure in their persons, papers and effects, but i'm also reading into it an implied responsibility of the government
on occasion search and seize. would that be your reading of it also? >> yes. >> and upon probable cause, there are some circumstances where in the hot pursuit or at time of an arrest, there's some exceptions that have been carved out to where a warrant is not always required to search and seize. is that correct? >> yes, you mentioned one, the so-called circumstances doctrine where if you're in the middle of an emergency and looking for a gun a bad guy might have hid in a car, you don't have to get the warrant. if you have the factual basis you can do the search and then have the judge validate it. >> now even in a situation where circumstances exist, technology has brought us to the point where law enforcement or
government is preempted from being able to search and seize. is that correct? technology has produced this result. >> i think technology has allowed us to create zones of complete privacy, which sounds like an awesome thing. but those zones prohibit any government action under the fourth amendment or our search authority. >> it's actually a zone of immunity, a zone where bad thing cans happen and the security of americans can be placed at risk. >> potentially, yes, sir. >> and that is the situation that we have with end to end encryption. is that not correct? >> i think that's a fair description. we have communications or even with a judge's order can't be intercepted. >> you said you were not a constitutional scholar and neither am i. but does it seem reasonable that the framers of the constitution
meant to exempt any domain from its authority to be able to search and seize if it's based on probable cause or some circumstance allows for a search and seizeture with less than a warrant and a showing of probable cause. >> i doubt that -- obviously, i doubt that they imagined the devices we have today and the ways of communicating. but also doubt there would be any place in american life where law enforcement with lawful authority could not go. the reason i say that is the first amendment talks about the people's homes. is there a more important place than our homes? the founding of this country was contemplated that law enforcement could go into your house with appropriate predication oversight. to me, the logic of that tells me they wouldn't imagine any box or storage area or device that could never be entered. >> so from that standpoint to be
a strict construction about the constitution and the fourth amendment, it's ridiculous that anyone would think we would not be able to take our present and law to appreciate the niceties of today's practical realities. i know i'm rambling a little bit. but did you understand what i just said? >> i understand what you said, sir. >> would you agree or disagree with me? the time of the gentleman has expired. the director may answer the question. >> i think it's the kind of question that democracies were built to wrestle with and that the congress of the united states is fully capable of wrestling with in a good way. >> well, we have been -- >> the time of the gentleman has expired. >> thank you. >> the chair recognizes the gentleman from pennsylvania for five minutes. >> thank you, chairman. mr. director, it's always a pleasure. >> same, sir. >> i'm going to expand a little
bit on one of the questions. is the bureau asking apple to simply turn over the penetration code for the bureau to get into or that you want the penetration code at your disposal. do you understand what i'm saying? >> as i understand the judge's order, the way it could work out here is that the maker of the phone would write the code, keep the phone and the code entirely in their office space, and the fbi would send the guesses electronically. so, we wouldn't have the phone. we wouldn't have the code. that's my understanding of it. >> that's a good point to clarify. because there's some -- a lot of rumors out there. i'm going to switch to the courts a little bit here. do you see the federal court resolving the warrant issue that the bureau's presently faced with, whatever way that decision eventually comes down, or should congress legislate the issue now, if at all?
>> i don't -- i appreciate the question. i don't think that's for me to say. i do think the courts -- some people have said, so, in the middle of this terrorism investigation, why didn't you come to congress. well, because we're in the middle of a terrorism investigation. i think the courts will sort that out faster than any legislative body could, but only that particular case. the broader question, as i said earlier, i don't see how the courts can resolve the tension between privacy and public safety we're all feeling. >> another good point. given that most of the our social, professional and very personal information is our desktop computers, our laptops and pads and now more than ever on these things, what is your position on notching up the level at which members of the federal judiciary can approve a warrant to access critically valuable evidence to solve a horrific felony, particularly when fighting terrorism? >> do you mean making the threshold something above
probable cause? >> no, not the threshold. the judicial -- the federal judicial individuals making this decision. right now i understand it's a magistrate. when i was at the state level we could do some things at sort of the magistrate level or the district court and then we had to go to the superior court and working in the federal system working with you we had to go to one or two different levels. what is your position on that? >> i see what you're saying. instead of having the magistrate judge decide the questions you are saying having the district court? >> from a perspective of the public that a marrow narrowly defined limited number of people making that decision concerning the electronics that we have. >> honestly, congressman, i haven't thought about that. i agree with you, i have a number of friends who are magistrate judges and they are awesome and they think well and rule well. i think they're fully capable of handling these issues. but i haven't thought about it
well enough to respond beyond that. >> i've managed a couple of prosecution offices and i've never gone to the experts, whether it's in dna or whether it's in these electronics ask them did you complete everything that you should have completed. >> thank you, mr. marino. >> the chair recognizes the gentle woman from california ms. chu for five minutes. >> director comey, my district is next to san bernardino. after the terror attack we mourned the loss of 14 lives and empathized with the 22 wounded. and there is indeed fear and anxiety amongst my constituents. so, our discussion here today is particularly important to the people back home. there are many in our area that want answers, but there are also many that feel conflicted about putting their own privacy at risk. so, my first question to you is,
under federal law we do not require technology companies to maintain a key to unlock encrypted information in the devices they sell to customers. some of the witnesses we'll hear from today argue that if such a key or software was developed to help the fbi access a device used by the san bernardino terrorists it would make the millions of other devices used today vulnerable. how can we be sure we're not creating legal or technical backdoors to u.s. technology that will empower other foreign governments in taking advantage of this loophole? >> that's a great question. i think what you have to do is talk to people on all sides of it who are true experts, which i am not, but i've also talked to a lot of experts. and i'm an optimist. i don't think we've given this the shot it deserves. i don't think the most creative and innovative people in our country have had an incentive to try to solve this problem. but when i look at particular phones in the fall of 2014 the makers of these phones could open them and i don't remember
people saying the world was ending at that point and that we're all exposed. so, i do think judgments have been made that are not irreversible, but i think the best way to get at it talk to people, why do you make the phone this way and what is the possibility. the world i imagine is people comply with warrants. lots of phone makers and providers of e-mail and text today provide secure services to their customers and they comply with warrants. that's just the way they've structured their business so it gives me a sense of optimism that this is not an impossible problem to solve. really, really hard and it will be you people talking to the people who really know this work. >> i'd like to talk about law enforcement finding technical solutions. i understand there may be other methods or solutions for law enforcement when it comes to recovering data on a smartphone. a professor argues that solutions to accessing the data already exists within the forensic analysis community solutions which may include jailbreaking the phone amongst
others. or she says other entities within the federal government may have the expertise to crack the code. has the fbi pursued these other methods or tried to get help from within the federal government such as from agencies like the nsa? >> yes, is the answer. we've talked to anybody who will talk to us about it and i welcome additional suggestions. again, you have to be very specific. 5-c running ios-9 what are the combinations of model and operating system it is possible to break a phone without having ask the manufacturer to do it. we've not found a way to break the f-c running ios-9. the 5-c i'm sure it's a great phone has been overtaken by the 6 and others that are different in ways that make this relief yesterday. >> so, let me ask this, like smartphones safes can be another
form of storage of personal information. similarly to how technology companies are not required to maintain a key to unlock encryption, safe manufacturers are not required to maintain keys or combinations to locks. given this, law enforcement has been able to find a way to get into safes under certain circumstances or obtain critical information through other avenues. so, how does this differ from unlocking a smartphone? it's clear that technology is outpacing law enforcement's ability to get information from devices like the iphone even with the proper warrant. but isn't it the fbi or the law enforcement agency who bears the responsibility to figure out the solution to unlock the code? >> i'll take the last part, first. sure, if we can figure it out. the problem with the safe comparison there's no safe in the world that can't be opened. if our experts can't crack it we'll blow it up and blow the door off. this is different. the awesome, wonderful power of
encryption changes that and makes that comparison frankly ina pc inapt. where law enforcement can appropriately, lawfully figure out how to do it we will and should. but there will be occasions and it's going to sweep across, again, with the updating of phones and the changing of apps where we communicate end-to-end encrypted it will sweep all our work and outscripp our ability to do it on our own. >> thank you, i yield back. >> the chair thanks the gentle woman. the gentleman from south carolina mr. gowdy is recognized for five minutes. >> thank you, mr. chairman. mr. director, thank you for your service to the country. i do appreciate your acknowledge and that of my colleagues in the difficulty of reconciling competing binary constitutional principles like public safety, national security and privacy, and i confess up front my bias is towards public safety because of this loosely held conviction i have that the right to counsel, the right to free speech, the right to a jury trial just isn't of much use if you're dead.
so, i reconcile those competing principles in favor of public safety. and my concern as i hear you testify is that i have colleagues and others who are advocating for these evidence-free zones. they're just going to be compartments of life where you are precluded from going to find evidence of anything. and i'm trying to -- i'm trying to determine whether or not we as a society are going to accept that, that there are certain no matter how compelling the government's interest is in accessing that evidence, we are declaring right now this is an evidence-free zone, you can't go here no matter whether it's a terrorist plot, i'm not talking about the drug case. the case the magistrate decided yesterday in new york is a drug case. those are a dime a dozen. national security, there's nothing that the government has a more compelling interest in than that and we're going to create evidence-free zones, am i
missing something? is that -- is that how you see it? you just can't go in these categories unless somebody consents? >> that's my worry. and why i think it's so important we have this conversation because even i on the surface think it sounds great, hey, you buy this device, no one will ever be able to look at your stuff. but there are times when law enforcement saves our lives, rescues our children and rescues our neighborhoods by going to a judge and getting permission to look at our stuff. again, i come to the case of the baton rouge eight-month pregnant woman and shot when she opens the door and her mom said she keeps a diary on her phone. we can't open the phone to find out what was going on in her life. i love privacy and all of us love public safety and it's easy to talk about buy this amazing device, you'll be private. but you have to take the time to think there's that and what are the costs of that and that's where this collision's coming in. >> well, i love privacy, too, but i want our fellow citizens to understand that most of us also in varying degrees also
love our bodies and the physical integrity of our body but the government has been able to access orders for either blood against the will of the defendant or in some instances surgical procedures against the will of the defendant. so, when i hear my colleagues say, have you ever asked a nongovernment actor to participate in the securing of evidence, absolutely. that's what the surgeon does. if you have a bullet from an officer who was shot in a defendant, you can go to a judge and ask the judge to force a nurse or surgeon to remove that bullet. if you can penetrate the integrity of the human body in certain category of cases, how the hell you can't access a phone, i just find baffling. but let me ask you this. if apple were here, and they're going to be here, how would they tell you to do it?
if there were a plot on an iphone to commit an act of violence against, hey, say, hypothetically, an apple facility, and they expected you to prevent it, how would they tell you to access the material on this phone? >> i think they would say what they've said which i believe is in good faith, that we have designed this in response to what we believe to be the demands of our customers, to be immune to any government warrant or our, the manufacture's efforts, to get in that phone. we think that's what people want. that may be so, except i would hope folks would look at this conversation, really, do i want that? and take a step back and understand that this entire country of ours is based on a balance. it's a hard one to strike. but it's so seductive to talk about privacy is the ultimate value. in a society where we aspire to be safe, and have our families safe and have our children safe, that can't be true. we have to find a way to
accommodate both. >> so, apple on the one hand wants us to kind of weigh and balance privacy, except they've done it for us. they have said at least as it relates to this phone we've already done that weighing and balancing and there's no governmental interest compelling enough for us to allow you to try to guess the password of a dead person's phone that is owned by a -- by a city government. i -- there's no balancing to be done. they've already done it for us. i would just -- i just tell you, director, in conclusion, we ask the bureau and others to do a lot of things, investigate crime after it's taken place, anticipate crime, stop it before it happens, and all you're asking is to be able to guess the password and not have the phone self-destruct and you can go into people's bodies and remove bullets but you can't go into a dead person's iphone and remove data, i just find it baffling. but i'm out of time. >> the gentleman's time has expired. the chair recognizes the
gentleman from florida, mr. deutsch, for five minutes. >> thank you, mr. chairman. director comey, thank you for being here. thank you for your service and that of the men and women who work for you. we're all grateful for what they do, and i just wanted to take a moment before i ask you a couple questions here to let you know that bob levinson who was an agent for over 20 years, 28 years, at the justice department continues to be missing. i want to thank you for what you've done. i want to thank you for the facebook page in farsi that you've put up. i would love a report on the effectiveness and what you've heard from that, and i want to more than anything else on behalf of bob's family, i want to thank you for never forgetting this former agent. and i'm grateful for that. >> thank you, sir. he'll never be forgotten. >> now, i am -- i want to agree with mr. gowdy, that if they were as easy as public safety or
privacy, i think most of us, probably all of us, if we had to make the choice we would opt for public safety for the very reason mr. gowdy spoke of. what i'm confused about is this, the tool that you would need to take away the dogs, to take away the vicious guard dogs, is a tool that would disable the auto erase. there's some confusion as to whether there's an additional tool that you're seeking that would allow you to rapidly test possible pass codes. is there a second tool as well? >> yeah, i think there's actually three elements to it. and i've spoken to experts. i hope i get this right. the first is what you said, which is to disable the self-destruct, auto erase-type feature. the second is to disable the feature that between successive guesses as i understand it ios-9
it spreads out the time so even if we got the ability to guess, it would take years and years to guess, so do away with that function. and the third thing which, which is smaller, is set it up so that we can send you electronic guesses so we don't have to have an fbi agent punch in one, two, three, four, one, two, three, four, like that. >> after this case would you expect them to preserve that or destroy that? >> i don't know. it would depend what the judge's order said. i think that's for the judge to sort out. but that's my recollection. >> and so here's the issue. i think that vicious guard dog that you want to take away so you can pick the lock is one thing. but in a world where we do -- i mean, it's true, there are awful people, terrorists, child predators, molesters, who do everything on here, but so do so many of the rest of us. and we would like a pack of vicious guard dogs to protect our information to keep us safe, because there's a public safety part of that equation as well.
and the example of surgical procedures, the reason that that i don't think applies here because in that case we know the only one doing the surgical procedure is the doctor operating on behalf of law enforcement. but when this tool is created, the fear obviously is that it might be used by others, that there are many who will try to get their hands on it. and will then put at risk our information on our devices. and how do you -- how do you balance it? i don't -- this is a really hard one for me. this isn't either/or. i don't see it as a binary option. so, how do you do that? >> i think it's a reasonable question. i also think it's something the judge will sort out, apple's contention, which i believe, again, is made in good faith is that there would be substantial risk on creating this software. on the government's side, count us skeptical, although we could
be wrong, but i think the government's argument is that's your business to protect your software, your innovation. this would be usable on one phone. but, again, that's something the judge is going to have to sort out. it's not an easy question. >> if it's -- if it's the case, though, that it's usable in more than one phone and that it applies beyond there, then the public safety concerns that we may have that a lot of us have about what would happen if the bad guys got access to our phones and our children's phones, in that case those are really valid, aren't they? >> sure. the question that i think we're going to have litigation about is how reasonable is that concern. and, you know, slippery slope arguments are always attractive, but i suppose you could see, well, apple's engineers have in their head what if they're kidnapped and forced to write software, that's why the judge has to sort this out with good lawyers on each side making all reasonable arguments. >> i just worry when we talk about the value the discussion
is taking place wholly within a domestic context, there are countries around the world where we know very well that the governments do their best to monitor what happens in their country and through people's cell phones are able to squash dissent, are able to take action to throw people in jail and to torture people. and i think that precedent value is something else that the we have to bear in mind as we engage in this really important and really difficult debate and i yield back, mr. chairman. >> the chair thanks the gentleman and recognizes the florida from florida, mr. d de santis for five minutes. >> good afternoon, director comey. when you are looking at a case like the apple case and you want to remove the guard dogs and the fbi go in, are you concerned about preserving the evidentiary value that can then we used or are you more interested in getting the information for intel purposes so you can use it for counterterrorism? >> our hope is to do both, but if we have to choose, we want the information first and then
we'd like it obviously to be in a form that could be used if there was a court proceeding against somebody someday. >> i guess is there -- are there instances in which maybe a company would provide the data but would provide it to you in a way you would not necessarily be able to authenticate that in court? >> sure, that happens all the time. >> and that's something the fbi -- if that's what you get, then you're fine with that. >> it depends upon the case, but in general that's a tool that we use, private cooperation where we may not be able to use the information in court. >> and in terms of this, the guy in san bernardino, it wasn't even his phone and then the owner of the phone has consented for the fbi to have the information, is that correct? >> right. we have a search warrant for the phone. the guy who was possessing it is obviously dead, and the owner of the phone has consented. >> what's the best analogous case to what you're trying to do here? because people look at it and say, well, you're basically commandeering a company to have to do these things, that's
typically not the way it works. so, what would you say is the outside of the technology context, what would be an analogous case? >> well, everyone in the united states to some degree has an obligation to cooperate with appropriate authority. the question that the court has to resolve under the all-writs act is what are the limits of that. apple's argument is that might be okay if it's -- requires us to hand you something we've already made, to open a phone, but if we're going to make something new, that's beyond the scope of the law. as you know, that's something courts do every day in the united states is try to understand a law and interpret its scope based set of facts. that's what will be done in san bernardino, in a different context it's being done in a drug case in brooklyn. i think it's being done in different stages all across the country because in investigation after investigation law enforcement has been encountering these kind of devices. >> in your cases have you gotten
an order under the all-writs act have a defendant produce the code? >> i don't know of a similar case. >> in terms of -- i know some of the technology companies are concerned about if they're creating ways to i guess penetrate their systems, that's creating, like, a back door, and i guess my concern is, terrorists obviously want to operate in a variety of spheres. one of the way they get a lot of bang for their buck is cyberattacks, so if companies were creating more access for law enforcement in some of these situations, would that create more vulnerability for people and be more likely that they were subjected to a potential cyberattack? >> potentially, sure, if there were access tools that got loose in the wild or that could be easily stolen or available to bad people, it's a concern. a huge part of the bureau's work is protecting privacy by fighting against the cybercriminals, so it's something we worry about every
day. >> how would you, then, provide assurances if you're requesting a company to work with you that this doesn't get out into the wild so to speak? >> i think in the particular case, we have confidence, i think it's justified, that apple is highly professional at protecting its own innovation and information. so, the idea here is you keep it. you figure out how to store it. you even take the phone and protect it. i think that's something they do pretty well. but, again, that is something the judge will sort out. apple's argument i think will be that's not reasonable because there are risks around that even though we're good at this, it could still get away from us and the judge will have to figure that out what's reasonable in that circumstance. >> great. thank you. i yield back the balance of my time. >> the chair thanks the gentleman and recognizes the gentleman from illinois, mr. gutierrez. >> thank you, mr. chairman, and thank you, director comey, for coming in and being here with us this afternoon. i won't take my five minutes and make a couple of comments. beginning by saying i hope all of the members of the committee
will take note that the director is actually answering our questions. and that is obviously very refreshing in that we get a lot of witnesses here and if they bring them, we might not like them, if we bring them, they don't seem to like them. it's good to get information without passing judgment. and i think that's what you've done very well here today. you're not passing judgment on apple and their motivations. and i think in not questioning people's motivation is easier to get a solution. because once you do that, everybody kind of says, okay, let's get all our defenses up and really what we need to be doing is defending the american people and not apple or any company or the fbi for that matter. but defending the american people, so i want to thank you for that. and i just want to suggest that we continue these conversations. i buy a house. i have no reasonable expectation that if you get a warrant you're going to go into my -- any drawer in my bedroom.
when i buy the house, i don't have any expectation of privacy once you get a warrant to come. i do expect you to get one. i come from a time when i wasn't quite sure the chicago police and law enforcement was actually getting warrants in the city of chicago in the 1960s to get that, so we want to be a little careful and make sure. i'm trusting of you. if you were the fbi agent, i would say no problem, director comey, come on in. but unfortunately, there are human beings at all the different levels of government, and i just want to say that i'm happy you came because i don't -- i don't have that expectation in my car. i don't have that expectation in -- i don't use the computer a lot, i still write, i don't have any expectation. but the difference is, and i think you've made it, and i think this committee should take it into consideration, we do put a lot of information in these contraptions. and the reason we put them there is because we don't want to put them on a notebook, we want to keep them private. but i don't have any expectdation i really don't have any expectation once i put this
that if you have a lawful warrant you should be able to get it even from my computer. i think that's where you're going. is that where you think -- have i heard you right? >> i do. i agree with you, except i think the case for privacy's even stronger than you said. you do have a reasonable expectation of privacy in your home, in your scar and in your devices. the government under our constitution is required to overcome that by going to an independent judge, making a showing of probable cause and getting a warrant. we need to talk about as a country is we're moving to a place where there are warrant-proof places in our life. and, yes, these devices are spectacular because they do hold our whole lives. they're different than a briefcase. they're different than a drawer. so, it is a source with -- a place with a tremendous reasonable expectation of privacy, but if we're going to move to a place where it's not possible to overcome that's a world we've never lived in the united states. it has profound complications for somebody safety.
all i'm saying we shouldn't drift there. the american people should say the world is different. how do we want to be and figure that out. >> yeah, i think that's -- i think we're on the same place, then, because i do have a reasonable expectation of privacy in my home, but if you go to court, you convince the judge and you overcome it, i have never had any expectation that a court order because i bought something a court -- i'm going to be able to overcome a court order. so i think we're in the same place. so, thank you so much, director for coming in and sharing your time. i hope you can share more time so we can talk some more, thank you. >> the chair recognizes the gentleman from iowa mr. king for five minutes. >> thank you, mr. chairman. director comey, thank you for your leadership of the fbi. i'm curious about this from a perspective that has to do with our global war against radical islamic terrorists. and i have laid out a strategy to defeat that ideology.
i would take it back to our ability some years past to be able to identify their cell phones and get into their -- get into their cell phones in such a way that we also got into their heads which drove them into the caves. and really it diminished a lot of their otherwise robust activity that al qaeda might have carried out against us. i think that was a successful effort. now we have a global cyberoperations going on with i think by your numbers from a previous report i read well over 100,000 isis activities on twitter and other cyberactivity in a single day. and so i'm interested in how the parameters have been examined thoroughly by a lot of the lawyers on this panel might apply to an all-out cyberwarfare against isis and any of their affiliates or subordinates that i think is necessary if we're going to defeat that ideology.
so, i'm thinking in terms of if this congress might diminish, slow down or shut down access to this phone and it also means access to any other phone that they might be using. they would have a high degree of confidence that they could operate with a level of impunity in the cyberworld out there. do you have any comments you'd like to make on the implications that being locked out of an opportunity to unlock this phone might mean to the global war on terror that could be prosecuted in the next administration aggressively across the fields of cyber warfare? i would add to that for the sake of enumerating them, financial warfare, educational warfare and human intel jennings and the network that would be necessary not just the kinetic activity to defeat radical islamic terrorism. >> thank you, mr. king. this conversation we're having today and i hope will continue is really important for domestic law enforcement, but it has
profound implications for among other things our counterterrorism work. because since mr. snowden's revelations terrorist trade craft changed. and they moved immediately to encrypted apps for their communication and trying to find devices that were encrypted wrap their lives in encryption because they understand the power of encryption and so there's no place we see this collision between our love for privacy and the security of encryption and public safety than in fighting terrorism especially isil. because for the fbi's responsibility which is here in the united states, every day we're looking for needles in a haystack and increasingly the most dangerous needles go invisible to us because that's when isil moves them to an encrypted app that's end-to-end encrypted and a judge's order is irrelevant there. that's why this is such an urgent feature of our work. it has huge implications for law enforcement overwhelmingly but it has profound implications in the fight against terrorism. >> do you get any signals that
the american public or the united states congress is contemplating some of the things that you've discussed here to the depth that it would be a component in the decision making? >> i don't know. i know everybody's interested in this and have been, all thoughtful people, see both sides of this and are trying to figure out how to resolve it, how to resolve it practically, how to resolve it technically and the other challenge is not to make it harder, there is no single "it." there's all different kinds of manifestations of this problem we call going dark. what i see is people of goodwill who care about privacy and safety wrestling with this. court cases are important but they are not going to solve this problem for us. >> let me suggest that -- i'll just say i think it's a known and a given that isis or isil is seeking a nuclear device. and pretty much said that publicly. if we had a high degree of confidence that they had -- that they were on the cusp of achieving such capability and perhaps a capability of delivering it, if that became part of the american
consciousness, do you think that would change this debate that we're having here today? >> i do worry that it's hard to have nuanced, complicated conversations like this in an emergency, and in the wake of a disaster, which is why i think it's so important we have this conversation now. because in the wake of something awful happening, it will be hard to talk about this in a thoughtful, newanced way. and so i think that's why i so welcome the chairman having this hearing and having further conversations about it. >> i thank you, director. and i will just state that my view is that i want to protect the constitutional rights of the american people, and i'd like to be able to have this framed in law that reflects our constitutional rights, but i would like to have us consider how we might keep a nation safe in the face of this and how we might prosecute a global war against radical islam even in the aftermath of a decision that might be made by either a judge
or the united states congress. i thank you, mr. chairman, and i yield back the balls of my tiba time. >> thank you, mr. chair, and thank you, director comey, for your time and your patience with us today. i had a town hall meeting in my district on sunday and actually a couple hundred people showed up. and it was a general town hall meeting talking about issues that congress is dealing with. and much to my surprise, this was a burning issue. and many of my constituents came to ask me questions, and i told them that they could suggest some questions and i would ask you, and maybe you could speak to some of my constituents today so i can send them a clip of your testimony. basically in general they had a hard time believing -- i mean, they were not supportive. they don't want, you know, apple to comply. but they had a hard time believing that the fbi couldn't already do this, and so a couple of the questions were, how have so many others cracked iphones
and shared their findings with videos and how-to articles? and given that you described it not as a back door but getting the dogs, you know, away so that you can pick the lock, their question was what other intelligence community agencies has the fbi worked with considering there's at least 12 in the government between all of these agencies how is it that you haven't been able to call the dogs off and pick the lock? >> actually, 16 other members of the u.s. intelligence community. it pains me to say this, because i -- in a way we benefit from the myth you that it's the product of maybe too much television, the only thing that's true on television is we remain very attractive people, but we don't have the capabilities that people sometimes on tv imagine us to have. if we could have done this quietly and privately, we would have done it. right? this litigation is difficult. it's especially difficult as i
said for the people who were victimized in san bernardino and so we really can't. there may be other models and permutations where we have different capabilities but here -- and maybe tonight someone will call us and say i thought of something. apple is very good at what it does. they are a wonderful company and make wonderful products. they set out to design a phone that can't be opened. and they are darn near succeeding. i think with the 6 and beyond they will have succeeded. that doesn't make them bad people but it's a challenge for us that we're not yet up to meeting without intervention from courts. >> since you can clone iphone contents to compatible hardware and test passwords on the clones without putting the original at risk, can't you use so-called brute force methods to guess the pass code? >> not with -- i think this is what mr. issa was asking about. i think a lot of tech experts
ask why can't you mirror the phone and play with the mirror. for reasons i don't fully understand not possible in this circumstance. we do want to try to brute force the phone that is the multiple guesses but we need first -- we'll do that ourselves, but we need removed the auto erase function and the delay between guesses function which would make us take ten years to guess it. if we can have those removed, we can guess the pass code in 26 minutes. we need to be able to bring it to bear without the phone killing itself. >> thank you. i yield back the balance of my time. >> the chair recognized the gentleman from idaho, mr. la a labrador, for five minutes. >> thank you, mr. director. thank you for what you're doing. i know you have a very difficult job as you are trying to balance both security and privacy. i do have a few questions. as you -- as you are looking at the laws that are in place like
fisa or the other different avenues that we're talking about, something that concerns me is that this is very different than some of the examples that have been given here. for example, when you have -- when you're going into a home if you're asking for a key, if you go to the landlord, the key's already made. and you can go to the landlord and you can say, i have a warrant here and that key is made. can you please give me a key for that. or the method of creating that key even if the key does not exist is already -- does already exist. this is very different than that. would you agree? >> yes. exactly right. there's a difference between, hey, landlord, you have this spare key. judge directs you to give it to us. hey, landlord, we need you to make a key for this lock. that's a legal question as to whether the particular statutory authority we're using here the all-writs act extends to that. we think in the government there's a reasonable argument to be made it does and should and on the other side lawyers for
apple argue it doesn't and that's what the judge will sort out. >> but this goes even one step further. in this scenario the landlord can create the key, has the ability to create the key, and the technology to create this key already exists. in the apple case, that's not the case. they have never created the key that you're asking for, isn't that correct? >> i don't know whether that's correct or not. >> well, as far as we know, as far as they're letting us know, there's no way for them as they're telling it -- because if not, i think they would be violating the judge's order. if they have an ability to do this, i do agree with you that they would be violating the judge's order, but what they're telling us the ability does not exist. isn't that correct? >> i think that's right. i think obviously their general counsel's a very smart guy is here, he can talk about this, but i think what they're saying is we can do it but it requires us to sit at a keyboard and write new code that doesn't currently exist.
whether there's a meaningful distinction between that and someone who already has a key legally is something a judge will have to sort out. >> what concerns me is the old legal maxim that bad cases make bad law. this is clearly a bad case. we all want you to get access to this phone through legal means because maybe it would uncover some of the problems we have in the middle east, maybe there's some evidence in there that could really lead us to take some terrorists down. i think we are all there. but the problem is that this is a bad case. this is a person who obviously is dead who does -- has never given his code to somebody else. and i'm concerned that as we're looking down this road, what we're doing is we're opening the door for other things that could actually be detrimental to our safety and security. for example, i think you've testified many times that we're getting hacked all the time, isn't that correct? >> yes. >> so, maybe one of the reasons that apple is refusing to do
this or is hesitant to do something like this, because they know that even they get hacked. and when you open -- when you create that key that doesn't exist at all right now, you're actually opening up every other phone that's out there. do you see how that could be a concern? >> i see the argument. the question the judge will have to decide is, is that a reasonable argument. >> i'm sorry, no, you go ahead. you said that apple is highly -- they are highly professional in keeping secrets. would you say that the federal also has very good people that are highly professional in keeping secrets? >> parts of it. >> me, too. recently we've learned that there's been a hacking incident at the irs. are you familiar with that? >> yes. >> so, that's what i'm concerned about. the moment that you open up that door, the moment that you open up that key that doesn't currently exist, you're actually allowing all these hackers that
are out there, and some of them are enemies that are trying to do us harm whether it's economic harm or whether it's actual terrorism, they're out there looking for ways to actually get into your iphone, into my iphone, into everybody else's iphone and at some point that's why you have such a difficult job is we have to balance that safety and security. do you think that this capability that you're asking for will -- can only be used pursuant to a warrant? >> the capability that the judge has directed apple to provide? >> correct. >> i think that's the way it's -- that's the procedural posture of it, there's a warrant and the judge has issued an order. >> that's how it is issued right now. but do you think that that can only be obtained through a warrant? are you seeking to obtain it later through other means other than warrants? >> i don't know how we would if it's in apple's possession unless they voluntarily gave it to someone, have to be judicial process, if they maintained it afterwards. >> thank you very much.
i've run out of time. thank you. >> the chair thanks the gentleman. recognizes the gentleman from louisiana, mr. richmond, for five minutes. >> thank you, mr. chairman. before i start, i'd like to enter into the record two articles, one is from the "toronto star" titled "encrypted evidence is increasingly hampering criminal investigations police say." and another one is from "the baton rouge advocate" which says "cell phone encryption debate." thank you, mr. chairman. let me just say, and, director comey, you have mentioned the brittany mills case a number of times. i just want to paint the scenario for everyone in the room and put a face with it. this is brittany mills and this is brittany mills almost eight months pregnant with her daughter. in may of last year brittany was
murdered in my district. she was a mother. she was eight months pregnant with her second child at the time. someone came to her door and killed her. and a couple days later they are unborn child or born child also died. and according to her family and her friends, she kept a very detailed diary in her phone. and her family, who are here today -- ms. mills, ms. barbara mills, would you please stand, and tia and roger. her family would like the phone opened so our district attorney who is also here today -- thank you for standing. our district attorney who is also here today, hillam moore, can use that to attempt to find the murderer who committed this crime. and i guess my question is we balance privacy, public safety, and criminal justice.
that are we in danger of creating an underground criminal sanctuary for some very disturbed people? and how do we balance that? >> we are in danger of that. until these awesome devices -- and that's what makes it so painful. they're wonderful. until this, there was no closet in america, no safe in america, no garage in america, no basement in america that could not be entered with a judge's order. we now live in a different world and that's the point we're trying to make here. before we drift to a place where a whole lot of other families in incredible pain, look at other district attorneys and say, what do you mean you can't, you have a court order? before we drift to that place we got to talk about it, because privacy is awesome. but stopping this kind of savagery and murder and pedophilia and all the other things that hide in the dark spaces in american life is also incredibly important to us. that's why this conversation matters so much. but it's also why we have to
talk to each other. there are no demons in this conversation. we care about the same things. but it is urgent and there's no more painful circumstance to demonstrate it than the death of that beautiful woman and her baby. >> and i do appreciate you saying we have to talk to each other, because just in the small time that i was able to put the representatives of apple and the district attorney in the room, i think we made some progress and maybe some alternatives and maybe we'll get somewhere. but it is a very difficult balancing act. and i think the people from apple are very well intentioned and have some real concerns. but let me ask you this -- i took a congressional delegation trip over to the ukraine. and when we landed our plane, we were on the runway, and our security advisers came to the back and said, if you don't want your phone hacked and people have access to your text messages, your pictures, your
e-mails and everything else, we e-mails you to power your phon off and leave it on the plane. and no one is in close enough proximity right now to do it so if you need to make a call, make a call. but when we get closer to the terminal, you need to power that phone down. so, does ukraine have better technology -- well, they were really worried about russian hackers. but does russia have that much of a technology advantage over us that they can get into my phone while i'm on it in my possession and we can't get into a phone that we have in our possession? >> the difference -- and i'm going to be careful about what i say in an open setting, is that some countries have different control over their infrastructure and require providers in their country to make accommodations that we do not require here to give them greater surveillance capabilities than we would ever imagine in the united states. that's the first thing. the second thing is we are a
rule of law country. the fbi is not cracking into your phone or listening to your communications except under the rule of law and going to a judge. those are the two big differences, but countries have capabilities and in part based accommodations that device makers and providers have made in these countries that are different in this country. >> thank you, mr. chairman. i see my time has expired. >> the chair recognizes the gentle woman from washington state for five minutes. >> thank you, mr. chair, and thank you, director comey, for being with us and for all of your time. i worked my career in technology, on e-mail and mobile communications, and constantly heard from customers, both consumers and businesses and even the government, to make sure that information was protected and that devices were secure. and in your testimony, you state that you're simply asking to ensure that you can continue to obtain electronic information and evidence, and you seem to be
asking technology companies to freeze in place or revert back to systems that might have been easier to access. but don't you think in general that that's much -- an oversimplification of this issue? because we all know that bad actors want to exploit vulnerabilities to breaking into any number of things from a phone, a personal device, to our power grid. these things aren't static. they're changing constantly and they're getting smarter every day. the bad actors are getting smarter every day and we need to be smarter every day in terms of protecting information. so, in that type of environment, how would you expect a technology company not to continue to evolve their security measures to keep up with new threats that we see? >> first of all, i would expect security companies and technology companies to continue to try and improve their security. that's why it's important that all of us talk about this, because it's not the company's job to worry about public safety. it's the fbi's job, congress'
job and a lot of other folks in the government. so, i don't put that on the companies. but the other thing that concerns me a little bit is the sense if we have a world where people comply with government warrants, it must be insecure. and i don't buy that. because there are lots of providers today of e-mail service, of tech service who have highly secure systems who because of their business models visualize the information in plain text on their servers so they comply with court orders. i've not heard people say their systems are insecure. they simply have chosen a different business model, so actually i don't think it's -- a lot of people may disagree with me, i don't think it's a technological problem. it's a business model problem. that doesn't solve it, but it gets us away from it's impossible nonsense. >> we're talking with phones today but we're talking about the growth of internet of things with more and more personal devices where security will be even more critical and so it's hard to say you're talking about a world where it's confined to the way the world works today, i
think that absolutely is not the situation that we're facing. we're seeing evolution every day and these are devices that are kects connected to networks and information is flowing and that information might be someone's financial information or personal information that if it is exploited would create a security issue itself. so, don't you believe that encryption has an important role to play in protecting security? >> vital. >> so, now when we've talked about what role congress plays versus what role the courts would play, and you've kind of talked about both in different scenarios. you talk about privacy versus security and that congress should play a role there but the courts should decide whether or not there's a security breach if there's a piece of technology that breaks into a device and whether or not there's a concern that that will be widely available. yet, the tension isn't really between just privacy and security, it's between security and security and protecting
people's information. and so how do you -- where do you think congress plays a role versus the courts when you've talked about both of them in your testimony today? >> i think the courts have a job to in particular cases interpret the laws that congress has passed throughout the history of this country, to try and decide the government is seeking this relief, does that fit within the statute. that's the court's job and they're very, very good at it. the larger societal problem we have is, this collision that i think you've said well, between privacy and security. very difficult to solve it case by case by case. we have to ask ourselves how do we want to govern ourselves. if you are a manufacturer of devices in the united states or you provide communication services in the united states what are our, as a country, what are our expectations and demands of you. it's hard for me to see that worked out a common law basis obviously, but it's going to be because the issue is joined every single day in our law
enforcement work if nobody else gets involved, the courts will have to figure it out. >> this isn't just an issue of u.s. companies alone because clearly there's access to technology that could be developed in other countries that we'll not have access to and that's widely available today and people can use. but also then it is important, we have laws that are centuries and decades old that have not kept up with the way the world works today and so it is very important that congress plays a role because if courts are going to be interpret those laws and those laws were written with no awareness of what is happening today then congress needs to play a role so laws are up to date and setting the standard that courts can then follow. thank you, i yield back, mr. chair. >> the chair thanks the gentle woman and recognizes the gentleman from new york, mr. jeffries. >> thank you, mr. chairman. and thank you, mr. comey, for your presence here today and as one of my colleagues mentioned your candor and the open
dialogue and communication is much appreciated. it's not always the case with high-level government witnesses and others. you testified today that you don't question apple's motives in connection with the san bernardino case, is that correct? >> correct. >> and you also testified that there are no demons in this conversation, true? >> correct. i hope not. >> but the department of justice has questioned the company's motives in defending the privacy of the american people, isn't that right? >> i don't know that they questioned their motives in the sense that attributed sort of that they're acting with evil intent or something. i remember a filing the department said a lot of apple's position has to do with its market power which frankly i think is not an illegitimate motive. >> in fact, in the motion to compel that you referred to i believe the prosecutor said that apple's current refusal to comply with the court's order despite the technical feasibility of doing so appears to be based on its concern for its business model and public brand marketing strategy.
is that the statement that you're referring to, sir? >> yeah. i think that's fair. i bet that's accurate. apple has a legal obligation, because i used to be the general counsel of a public company, to maximize shareholder value. they're a business. and so i would hope that's part of their motivation and it's not a bad thing if it's entirely their motivation. their job is not to worry about public safety. that's our job, all of us in this room who work for the government. >> william bratton is the police commissioner of the new york city department -- police department, is that right? >> yes. >> it's the largest department in the country? >> yes. >> and he's one of the most respected law enforcement professionals in the country, would you agree with that? >> i agree with that very, very much. >> at a february 18th press conference in new york city he said apple -- do you agree with the strident statement that apple is engaging in corporate irresponsibility -- >> i don't know that bill said that but i'm not going to characterize it that way. i don't think they're acting
irresponsibly, i think they're acting as a corporation in their self-interest which is the way -- which is the engine of innovation and enterprise in this country. >> fundamentally as it relates to those of us on the judiciary committee as well as members in the house and the senate, guardians of the constitution, this is not about marketing or corporate irresponsibility, correct? this debate. >> i hope not. i mean, i hope part of it is -- and that's a voice to listen to, but they cell phones. they don't sell civil liberties. they don't sell public safety. that's our business to worry about. >> but in terms of our perspective this is really about fundamental issues of importance as relates to who we are as a country, the fourth amendment of the united states constitutional, the reasonableness of government intrusion, the rule of law. the legitimate centuries-old concern as it relates to government overreach and the damage that that can do. this is fundamentally a big picture debate about some things that are very important as to who we are as a country.
is that correct? >> i agree completely. >> now, in terms of the technology that's available today, americans seem to have the opportunity to choose between privacy or unfettered access to data which can reveal the far reaches of their life to a third party, to a government, to a bad actor. would you agree that if there's an opportunity that the technology is providing for americans to choose privacy? >> i don't agree with that framing. because it sounds like you're framing it as we either have privacy or we have unfettered access by bad actors. i don't accept that premise. >> okay, so let me ask a few questions. one of the obstacles to unfettered access is the pass code, correct? the pass code. a six number pass code. >> i'm naturally equivocal because i'm a lawyer. i'm stuck on unfettered -- >> let me drop unfettered. the pass code is an obstacle,
correct? >> correct, correct. >> you can choose a pass code or choose not to activate a pass code, correct? >> i think that's right. >> whether you back up your system or not is an issue as it relates to access, correct? in other words, if you don't back up your system, you don't have access, correct? to the cloud. >> yeah, i think if you don't back up your system to the cloud there's nothing in the cloud that could be obtained by a warrant. >> right. now, with respect to auto erase, that is a choice that's being made. in other words, you have to actually affirmatively choose auto erase. if you didn't choose it, in this particular case or in any other case, eventually your computer is powerful enough to get access to the data, correct? >> i think that's right for the 5-c. i think that's right. folks from apple could tell you better. i think for the later models it's not a choice, but i think it's a choice -- i'm reasonably confident it's a choice for the
5-c. >> my time has expired but i think it's important as we frame this debate to understand it is actually the american citizen that is choosing on at least three different occasions in three different ways the value of privacy. and that's something that we should respect as congress attempts to craft a solution. >> the chair thanks the gentleman and recognizes the gentleman from road island for five minutes. >> thank you, mr. chairmen, thank you, director, comey, for your service to our country and thank you for being here today and for the outstanding work of the men and women of the fbi. we all, of course, acknowledge the incredible horrors of the san bernardino attack but i think in many ways what we're struggling with is not necessarily security versus privacy but security versus security and the real argument that the danger that exists for the misuse of this new technology by foreign agents, by terrorists, bad actors, by
criminals, will actually make us less safe in the long term. and while it may achieve your objective in the short term in this particular case that the implications in terms of our own national security and personal security pose greater dangers, i think greater danger. i appreciate you said this is the hardest question you've confronted. it is a hard one. first thing i wantqd$ey to ask this is different, would you agree, than all the examples that have been used about producing items in your custody. this is a different kind of warrant. it's compelling a third party to produce and create intellectual property, which doesn't exist today. >> i understand that to be apple's argument. i don't know enough about the other possible comparisons to give you a thoughtful response. yes, i understand that. >> it's hard to imagine that a court ultimately enforces that. you have to sort of get into the head of the engineers to figure out did they actually comply with what the government order is directing them to clee ate?
i'm not saying it's not something you're not allowed to ask for, but it is different, it seems to me, than simply asking for people to produce that which they are in possession of, custodians of. >> i see that. i heard someone earlier say there's a difference between a landlord has a key in his pocket. you say you have to give us the key. we don't have one. go make one for this door. and the significance of this. >> not that we make one, but to develop a whole new technology and intellectual property. i raise it because i think we have to acknowledge it's different and then decide what to do with it. in addition to that, you've said repeatedly that government doesn't have the ability to do this already. and, as you know, there was a decision yesterday, magistrate judge, ask their consent that the memorandum be made part of the record. >> it is already part of the record. >> okay. he goes through and says the all ritz act doesn't apply.
in addition to that, he goes on to say that the government argued in an unrelated case that the government actually has the ability to do this, department of homeland security investigations, that they are in possession of technology that would allow its forensic technicians to override the pass code security feature on the iphone and obtain the data. this is a very important question for me. if, in fact -- is it, in fact, the case that the government doesn't have the ability, including the department of homeland security investigations, and all of the intelligence agencies, to do what it is that you claim is necessary to access this information? >> yes. >> the answer is yes? >> that is correct. i don't know. i could be wrong, but i think the phone in the case from brock lynn is different. maybe both the model and the ios, operating system is different. but i'm here to tell you -- people know the sound of my voice. if you have an idea, let us know. 5c, ios 9 we don't have that capability.
we can get into that phone with our computing power if they take off the auto erase and delay between guess its function, we can get into that phone. >> do you agree, director comey, if there's authority to be able to do what you are asking, that authority has to come from congress? >> no, i don't agree with that. >> so, with r do you think the authority comes from? >> the government has already asked the court and made the argument to the court the ability to order this relief. that's what the court case is going to be about. >> if the ruling made yesterday remains, which rejects the notion that the ulritz act applies and authorization has not been provided, then would you agree that congress is the only place that can authorize this? if so, what would you recommend we do? what would that look like as we grapple with this question? i can tell you, me having read
that, i think kalia is clear. if there is to be authority, assuming we decide there should be, it seems it must come from congress. as director of the fbi, what would your recommendation be that would respond to what you see as your needs but also the national security interests of our country? >> i'm not prepared to make a recommendation. i think i get your question now. if the judges are right that you can't use the ulritz act for this relief, what should congress do to grant relief? i think it's something that congress is going to have to wrestle with. >> i yield back. thank you, mr. chairman. thank you, director. >> consent that letters from the association dated february 29, statement for the record from president of the fbi agent association and letter dated february 29 from the liberal civil liberties union be made
part of the record. director comey, you've given us three hours -- i'm sorry. the gentleman from california, mr. peters, is recognized for five minutes. >> i listened to your opening statement. i thought it was very constructive. both to preserve civil liberty. the problem we see in terrorism now is the onesies and the twosies and notion we would have invulnerable communications is something we should all be concerned about. i hope that you and the panel to
follow will find compromises and the lines won't be too hard on either side so we can do that. i look forward to the next panel and thank director comey for being here. >> thank you. >> director, you've donated three hours of your time to our efforts today, or more, i'm sure, in getting ready. we thank you very much for your participation and for answering a multitude of question. if you have more to add, we would welcome that later as well. thank you very much. >> thank you, sir. >> chairman, would you entertain a unanimous consent while we're changing panels? >> i would. >> unanimous consent that a letter i receive d late yesterdy from a constituent in the technology business concerning this case be placed in the record. this is emily hirsch. >> without object that will be made part of the record. we ask the witnesses on the second panel to please come forward and be seated.
witnesses to the second panel. if you would all please rise, i'll begin by swearing you in. do each of you swear that the testimony you are are about to give shall be the truth, the whole truth and nothing but the truth, so help you god? >> i do. >> all the witnesses responded in the affirmative. let the record so reflect. i'll now introduce the witnesses. bruce sewell is senior vice president and general counsel of apple. he serves on apple's legal team and oversees all legal matters, including global security and privacy. prior to joining apple, mr. sewell was deputy general counsel of intel corporation, receiving his bachelors degree from university of lancaster and jd from george washington university. dr. susan landow is professor of cyber security at worcester polytech knick institute, trained as a theatrical computer
scientist, she is an expert in crypt crypt crypt cryptics. she earned bachelor from princeton, masters from cornell university and phd from massachusetts institute of technology. our final witness, mr. cyrus vance jr. is currently serving his second term as district attorney after being re-elected in 2013. he also serves as co-chair of the new york state permanent commission on sentencing. previously, mr. vance worked in private practice and taught at seattle university school of law. he is a graduate of yale university and the georgetown university law center. all of your written statements will be entered into the record in their entirety. and we ask that each of you summarize your testimony in five minutes or less. to help you stay within that time, there's a timing light on the table. when the light switches from green to yellow, you have one minute to conclude your
testimony. and when the light turns red, that's it. your time is up. we begin with you, mr. sewell. welcome. >> thank you very much, mr. chairman. >> make sure that microphone is on and pulled close. >> thank you for that technology hint. thank you, mr. chairman. it's my pleasure to appear before you and the committee today on behalf of apple. we appreciate your invitation and the opportunity to be part of the discussion on this important issue, which centers on the civil liberties at the foundation of our country. i want to repeat something we've said since the beginning. that the vekts and the families of the san bernardino attacks have our deepest sympathies. we strongly agree that justice should be served and apple has no sympathy for terrorists. we have the utmost respect for law enforcement and share their goal of creating a safer world. we have a team of dedicated professionals on call 24 horse a