There were a few face-palm moments in yesterday’s House Judiciary Committee hearing, from committee members who appeared not to know what encryption is to Apple’s lead lawyer Bruce Sewell having to make a hasty switch from his iPad Pro to paper when the device apparently failed. (Some suggested it may simply have timed-out and auto-locked, but it’s unclear why he wouldn’t use Touch ID to let himself back in.)

Overall, though, it was a serious discussion of the issue, with each side making its points in a calm, rational manner and being subjected to many probing and intelligent questions.

It wasn’t a one-sided battle by any means. FBI Director James Comey made some solid arguments that clearly hit home. But my view is that Apple not only won on points, but also scored the knock-out blow …

You could argue that I’m biased, of course. I’m already on record – actually, since before the case – as supporting Apple’s position here. But I think even a disinterested observer would reach the same conclusion.

Let’s begin with the FBI’s case, which adopted a softer tone than we’ve heard in the past. The government has so far made much use of the phrase “going dark” to describe the ability iPhone users have to make it impossible for their data and communication to be monitored. That’s a scary-sounding phrase to the average non-tech member of the public, but one that can be pointed to as an example of hyperbole rather than rational argument.

FBI #1: ‘Warrant-proof spaces’

Yesterday, Comey introduced a new and, I would argue, much more effective phrase: ‘warrant-proof spaces.’ He is asking whether it is reasonable that Apple be allowed to create environments that cannot be penetrated by the government even when it comes armed with a search warrant.

That’s a good argument. A search warrant is granted only when a judge has weighed up the balance of good and harm that would be done, and concluded that in the specific case in question, that it is right for law enforcement to conduct a search. We allow police officers to enter private houses when armed with a warrant. We let them search cars. Even open safe deposit boxes. Why not an iPhone?

FBI #2: Costs to society

Comey also adopted a very reasonable tone. He didn’t say it was impossible to argue against this, or that Apple was necessarily wrong, he simply argued that it raised important questions.

In particular, he said, there was a cost to society in a decision being made by a corporation.

If there are warrant-proof spaces in American life, what does that mean? What are the costs? The tools we use to keep you safe are becoming less and less effective.

FBI #3: Ancient law still valid today

Addressing criticism that the FBI was using the centuries-old All Writs Act in ways that could never have been intended, Comey had a good come-back.

The Constitution is as old or older than the All Writs Act, and it’s still a pretty good document.

FBI #4(ish): No other way to get the data

He also denied that the government possessed the means to access the iPhone without Apple’s help.

If we could have done this quietly and privately, we would have done this.

Though I’ll return to that point shortly.

The FBI had earlier accused Apple of wanting to defend iPhone security for marketing purposes. Comey again toned down this language yesterday – though in a way which may put some backs up.

They sell phones, they don’t sell civil liberties. That’s our business to worry about.

FBI #5: Apple hasn’t suggested a way forward

Rep. Jim Sensenbrenner also got in a good point, noting that while Apple has agreed there is a balance to be struck here between privacy and law enforcement, the company hasn’t put forward any suggestion as to how this balance might best be achieved.

You’ve told us what you don’t like. You haven’t told us one thing about what you do like. When are we going to hear about what you do like so Apple has a positive solution to what you are complaining about.

He told Sewell that while Congress could reach a conclusion without Apple putting forward its own proposal, “I can guarantee you aren’t going to like the result”.

Manhattan District Attorney Cyrus Vance weighed into the debate with what could have been a good point but turned into something of an own-goal. He repeated a statement he made last summer, that a jailed inmate had described iOS 8 as “a gift from God” as data on it was now fully encrypted.

Rep. Hakeem Jeffries rather weakened the impact of this when he observed that Vance knew about this statement because it had been recorded by the prison phone system, and the inmate had been dumb enough to make the comment while staring at a notice informing him that all calls were recorded. “I have faith in your ability to outsmart the bad actors,” he said, dryly.

I think that one was successfully parried, and I’ve already given the FBI one dubious point, so I’d say that was five points to the FBI.

passcode

Apple’s general counsel Bruce Sewell (top photo) found part of his argument already conceded by Comey.

Apple #1: This could never be undone

Despite initially claiming in a blog post that the Bureau was not attempting to set a precedent with this case, the FBI director later admitted that it likely would – an admission repeated at the hearing. Sewell hammered home the point that this is a one-way street – once the tool has been invented, it cannot be uninvented.

Once you take that step, once you create the mechanisms to unlock the phone, then you’ve created a back door.

Cybersecurity professor Susan Landau, testifying on Apple’s side, agreed.

The fact is that the software cannot be developed, used, and deleted. Given that the phone’s data may be used in investigations and court cases, the “break-in” software must remain available for examination. The longevity of the update code constitutes the first risk for Apple’s iPhone users.

Apple #2: It wouldn’t just affect older iPhones

Sewell rubbished claims that the tool would only work on older iPhones like the 5c in question, and wouldn’t work on later models with a Secure Enclave.

The tool we’re being asked to create will work on any iPhone in use today: it’s extensible.

Apple #3: The tool could fall into the wrong hands

But legal precedent wasn’t, he said, the main risk. Once the tool exists, there is always the risk that it would get into the wrong hands – a point which Comey conceded but dismissed as a “hypothetical scenario.” Laundau said that view was nonsense.

If the information on the phone is accessible to Apple, it will be accessible to others—and this promising and important solution to protecting login credentials […] will be ineffective. That’s why locking down the data is so crucial for security. Rather than providing us with better security, the FBI’s efforts will torpedo it.

She very effectively drove this point home.

All it takes for things to go badly wrong is a bit of neglect in the process or the collaboration of a rogue employee. And if the FBI, CIA, and NSA can suffer from rogue employees, then certainly Apple can as well. A phone that an unfriendly government, a criminal organization, or a business competitor wants to examine receives a signed security update from Apple. This enables the government, criminal group, or competitor to probe the smartphone and read its data when the smartphone is taken during a customs inspection, a theft, or a meeting in which all electronic devices are kept outside the room.

Sewell contradicted previous reports that the problem couldn’t arise because the FBI was asking for the bypass to be done in Apple’s own labs. Sewell said that the agency wants Apple to put the compromised version of iOS onto a hard drive and send it to the FBI. I was almost tempted to give Apple an extra point for that.

Apple #4: We all have legitimate things to hide

Landau successfully demolished the suggestion that only criminals and terrorists with things to hide have anything to fear.

Smartphones are increasingly becoming wallets, providing access to accounts (not only financial, but also various online accounts, such as Dropbox), and storing emails and notes, including ones from meetings or design drawings and the like. For many people their personal smartphone acts as a convenient temporary repository for proprietary work information, information they know they ought to protect but rarely do as carefully as they ought. There are other ways of using phones for authentication; these rely on the device’s security.

Apple #5: Repressive regimes will want it too

She also pointed out that once the U.S. government has been given access to a master key, other governments around the world will demand the same.

There is no question that authoritarian governments in such countries as Russia and China will demand Apple deliver the same software that is it has been ordered to develop to handle Farook’s work phone. Apple’s ability to resist such demands is made much more difficult if it has already created the code for US government use.

Comey was again forced to admit that this was a possibility.

There will be international implications, but we’re not sure of the scope just yet.

Apple #6: The FBI doesn’t need Apple’s help in such cases

Landau pointed out that it wasn’t true that the government had no way to access the iPhone without Apple’s help. She described the chip de-capping technique pointed to by Edward Snowden, said that wiretaps were available in future cases and hinted that the NSA may have capabilities the FBI doesn’t.

Although the FBI has been expressing great concern since the early 1990s that encryption would prevent law enforcement from wiretapping, the sky has apparently not fallen—at least for the NSA.

Comey bolstered this case by coming clean about the iCloud password change, admitting now that it was a mistake after an earlier FBI statement brushed aside the suggestion.

Apple #7: This would breach both First and Fifth Amendments

And if the logical arguments weren’t enough, Sewell also made the legal argument Bloomberg revealed a week ago: that compelling Apple to write code against its will was a violation of both First and Fifth Amendments. The Supreme Court has already recognized computer code as protected speech under the First Amendment, and the Fifth Amendment protects Apple against coercion.

congress

So Apple won on points, with a score of 7:5 – but it also won in a more meaningful way. Apple had argued all along that this issue was far too important to be settled in court on the basis of a single case. That it has such huge implications that it should be a matter for legislators not judges. The case should, it said, be decided by Congress.

It looks to me like Apple is set to get its way. We’ve already had one hearing in Congress, and committee members on both sides appeared to agree that the issue is indeed so important that Congress is the appropriate forum. Even Comey seemed to accept as much, saying that “we must continue the current public debate.”

The court case will continue in the meantime, but it looks to me that the issue will indeed eventually be settled – one way or the other – by legislation passed in 2016, rather than by a court’s interpretation of an Act dating back to 1789. Apple scored the knock-out punch.

Photos: AP Photo/Jose Luis Magana; popsci.com; Wikipedia