Ben Wittes and Susan Hennessey deserve many responses to their ongoing arguments about Apple and the court case. It's very much on my to-do list, but I have been busy. I will confine myself here to correcting a misimpression in Susan's latest discussions of the case. This regards the issue of NSA helping the FBI out in the iPhone case.
I did not say that the FBI should have gone to the NSA for help with unlocking the iPhone. Indeed, during testimony at this month's House Judiciary Committee hearing on encryption, I explicitly acknowledged that NSA does not share tools with the FBI except during "exceptional circumstances." Susan and I are in complete agreement on this point (I'm not sure why she indicated otherwise).
The point I was making was that NSA probably had the capability to unlock the phone. That raises the issue that if NSA could develop that capability, why couldn't the FBI? During the hearing I strongly argued about the need for the FBI to develop its own technical investigative capabilities. That's in both the verbal testimony (e.g., "We're in this situation when I think law enforcement needs to really develop those skills by themselves") and the written. That's where the real solution rests—not just in this case but for the long term. Instead of pressing for weakened security protections in devices and communications, the FBI needs to develop better investigative capabilities.
Of course there are different legal authorities governing the NSA and the FBI; I've never said otherwise. And no surprise that there are also different technical capabilities between the two agencies. But contrary to Susan's third post, the FBI does not need new legal authorities in order to develop capabilities to break into devices. It is a technique that FBI has already used multiple times in various ways. There probably are new authorities and policies needed to help out state and local in such investigations. Again, this was something I said during testimony.
I'm glad to set the record straight. No straw men please; this discussion is complicated enough as it is. I'll try to post more on the encryption issue shortly.