FBI Is Using Classified Tools For Regular Investigations And That's Going To End Up Hurting Everyone
from the when-'going-dark'-just-means-parallel-construction dept
A recent Inspector General's report laid bare the FBI's real motivations in the San Bernardino shooting case. It didn't want a technical solution. It wanted judicial precedent. While the DOJ presented its claims that no tech breakthrough was forthcoming, the FBI's left and right hands were operating independently. Technically, this means Comey and the DOJ did not lie when they told a federal judge and Congress (respectively) that an All Writs Act order was the only solution.
But dig deeper into the report, and you'll find information much more damning than some truth-fudging. One division of the FBI, which had been explicitly asked to search for a way to hack into the locked iPhone, only made a half-assed effort to do so, in hopes of slow-walking the FBI into favorable precedent. The FBI's cryptographic unit (CEAU) was supposed to keep looking for a solution, but it didn't. It asked some cursory questions and then sat back to watch the courtroom drama.
Another area of the agency -- one supposedly limited to national security investigations -- did manage to find a solution via a third party. The Remote Operations Unit had this vendor drop everything else and work on an iPhone crack to help the CEAU out. Unfortunately for the helpful ROU official, the CEAU head didn't really want a solution and was irritated when one was found.
The reason the CEAU and ROU weren't speaking to each other directly was related to the ROU chief's belief its tools were not meant to be used in standard criminal investigations. The CEAU, however, felt it could use national security tools possessed by the ROU whenever necessary, even when the investigations had nothing to do with the agency's national security work.
Joseph Cox at Motherboard points to a couple of footnotes in the Inspector General's report that indicate the FBI has ignored this "wall" at least twice in the past.
One mentions the ROU chief, based on long standing policy, sees a “line in the sand” against using national security tools in criminal cases—this was why the ROU initially did not get involved at all with finding a solution to unlocking the San Bernardino iPhone.
[...]
“The ROU Chief was aware of two instances in which the FBI invoked these procedures,” a footnote in the report reads. In other words, although it seemingly only happened twice, the FBI has asked for permission to use classified hacking techniques in a criminal case.
The report does not provide any more info about the FBI's internal wall-breaking, but Cox speculates it may have something to do with its child porn investigations. The malware the FBI deployed to expose visitors of darkweb child porn sites was originally unclassified, but the FBI attempted to classify the exploit post-deployment for supposed national security reasons. And, indeed, the FBI has deployed this twice (that we know of) to target child porn site visitors.
The wall is there for a reason. If the exploits and tools are classified, the use in standard criminal investigations raises the chances they'll be exposed in court. It also initiates mission creep. Powerful tools become routinely-deployed exploits, eventually lessening their effectiveness and slowly (but surely) stripping away the layers of opacity surrounding them.
This is what has happened with Stingray devices. Originally, the repurposed military gear was used in only the most dire situations. Now, they're used to track people stealing fast food. In the process, the tool no one ever wanted to talk about has gone mainstream, with extensive paper trails emanating from courtroom decisions and public records requests.
The FBI had concerns Stingrays would become exactly what they are now: standard equipment, rather than overpowered tools that should only be deployed when public safety is threatened. It knew the slippery slope towards standardized use would end up exposing the devices and their capabilities. This is why it tied up agencies with non-disclosure agreements and demands it be consulted whenever info about Stingrays was requested by the public or at risk of being disclosed in court.
But there's another side effect of breaking down this wall between national security and vanilla law enforcement. The implications of this range far beyond the possible burning of a useful investigative tool. When the FBI uses classified tools to engage in normal investigations, defendants are placed at a severe disadvantage.
“When hacking tools are classified, reliance on them in regular criminal investigations is likely to severely undermine a defendant’s constitutional rights by complicating discovery into and confrontation of their details,” Brett Kaufman, a staff attorney at the ACLU, told Motherboard in an email. “If hacking tools are used at all, the government should seek a warrant to employ them, and it must fully disclose to a judge sufficient information, in clear language, about how the tools work and what they will do,” he added.
Perhaps the FBI's Remote Operations Unit was more aware, or simply more considerate, of the Constitutional implications of bringing hacking tools over the wall. The CEAU chief, at least according to this report, was less concerned about the constitutional implications but extremely worried any new tool might undermine the DOJ's push for compelled assistance precedent. As a whole, the FBI is only mildly concerned about violating rights. The agency's continuous creation of easily-indicted "terrorists" is only part of the problem. Beyond that, the agency appears to be willing to use any tools to achieve any ends… including ignoring its many options if there's a chance a court might deliver an opinion it can use to force US companies to crack open devices for it.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, fbi, san bernardino
Reader Comments
Subscribe: RSS
View by: Time | Thread
Spectre/Meltdown?
It didn't want a technical solution.
Do not Apples devices use flawed CPU's susceptible to the Spectre/Meltdown exploits?
https://www.macworld.com/article/3246007/security/protect-your-mac-meltdown-spectre-faq.ht ml
https://meltdownattack.com/
[ link to this | view in chronology ]
Spectre / Meltdown
Yes, but that may not get a TPM to spill its authentication codes, which was the problem with the San Bernardino iPhone.
TPMs can be hacked, but it's expensive.
[ link to this | view in chronology ]
rights
well, if U don't trust the FBI ... exactly which Federal agency(ies) do U trust to reliably protect your constitutional rights?
[ link to this | view in chronology ]
Re: rights
[ link to this | view in chronology ]
Re: rights
This is what FBI Tyrants do when you're on a public sidewalk with a Camera recording a FBI building, that is a first amendment constitutional protected activity!!!
https://www.youtube.com/watch?v=ko3Ir2jodSw
Or this
https://www.youtube.com/watch?v=tbBa95sbw2M
and there are many others. You do not have to give out ID or tell them who the F you are. You've committed no crime. A so-called Suspicious activity is not a misdemeanor or a Felony. Throwing out 9/11 gives them no extra rights. They can't detain you when they can't cite a crime you did because you've done nothing wrong.
You have ZERO expectation of privacy in public. I could stand in front of your house on the sidewalk and film you and your house. I can go into a public park and film your kid. All these things are 100% legal. In fact you're on cameras everywhere you go, maybe as soon as you're out your front door.
Hell Google gets a better view from the street and above and you don't even have to leave your house. The FBI, DEA, Police, Security Guards, most are completely clueless. They will ALL LIE right to your face to get you to do what they want. They will stand there and makeup anything!!!
You know you're more than 9 times more likely to be killed by the police than a terrorist!!!
Justine Ruszczyk called 911 on Saturday night to report a possible sexual assault in an alley near her home, Two police officers responded and one of them killed Ruszczyk. She died of a gunshot wound to the abdomen!!!
A Texas woman who called 911 on Saturday saying she was being stalked was shot and killed by a San Antonio police officer!!!
The police these days shoot first and ask questions later. They are scared by their own shadow.
[ link to this | view in chronology ]
Remember the FBI is NOT a law-enforcement agency.
Not any more. The FBI is now a national security agency. It's interest is in preserving the current regime.
For the FBI's new mission, it is a lot easier to justify methods that are classified or reserved for extreme cases whenever they are desired.
I'm pretty sure the NYPD has also changed its mission from law enforcement to national security, which would explain its behavior in the last decade. I expect other precincts and agencies to follow suit.
[ link to this | view in chronology ]
FSSAI
Our team has worked with the food and hospitality industry for more than a decade, helping you implement the best food safety practices by regularly testing your products, ingredients and facilities to ensure compliance with global food safety standards.
[ link to this | view in chronology ]
Imagine what theyare doing as they distribute child pornography?
So- working within the hydra of NGOs and CVE programs that leak NSA backdoor data into local law enforcement, "the FBI is only mildly concerned about violating rights. The agency's continuous creation of easily-indicted "terrorists" is only part of the problem"
What you actually have isthe FBI distributing child pornography, in sync with NGO and US military psyops runfrom offshore(Osaka, Phillipines, Thailand), and in most cases, they do not, and will not prosecute these cases because theyare creating HUMINT assets- because the real end goal is creating patsies,and informants, via slipping childporn into free-sites, and targeting individuals porn habits with "ooops".
Then, in some cases they create controlled assets- in others, like the inter-generational FBI family of Las Vegas shooter Stephen Paddock, we see the FBI always curiously close to childporn, and mass shooters.
I mean- do the research yourself, but the prima facie case is there.
[ link to this | view in chronology ]