ICE Leads The Nation In Encryption-Cracking Expenditures

from the [not-pictured:-the-Federal-Bureau-of-Sucking-At-Counting-Phones] dept

We don't hear much from anyone other than FBI officials about the "going dark" theory. The DOJ pitches in from time to time, but it's the FBI's baby. And it's an ugly baby. Earlier this year, the FBI admitted it couldn't count physical devices. The software it used to track uncrackable devices spat out inflated numbers, possibly tripling the number of phones the FBI claimed stood between it and justice. FBI officials like James Comey and Chris Wray said "7,800." The real number -- should it ever be delivered -- is expected to be less than 2,000.

The FBI also hasn't been honest about its efforts to crack these supposedly-uncrackable phones. Internal communications showed the agency slow-walked its search for a solution to the San Bernardino shooter's locked iPhone, hoping instead for a precedential federal court decision forcing device manufacturers to break encryption whenever presented with a warrant.

The FBI appears to have ignored multiple vendors offering solutions for its overstated "going dark" problem. At this point, it's public knowledge that at least two vendors have the ability to crack any iPhone. Israel's Cellebrite -- the company presumed to have broken into the San Bernardino phone for the FBI -- is one of them. The other is GrayShift, which sells a device called GrayKey, which allows law enforcement to bypass built-in protections to engage in brute force password cracking.

We don't know how often the FBI avails itself of these services. A pile of locked phones numbering in the thousands (but which thousands?!) suggests it is allowing the serviceable (vendor services) to be the enemy of the perfect (favorable court rulings and/or legislation).

Other federal agencies aren't waiting around for the next horrifying terrorist attack to nudge Congress towards mandating encryption backdoors. They're spending tax dollars now to take advantage of vulnerabilities that may be patched out of existence in the near future, if they haven't been addressed already. Thomas Brewster of Forbes has spent some time sifting through government records to see who's buying and how much they're spending. The FBI isn't on the list. The DEA is. But the Daddy Warbucks of federal law enforcement agencies is none other than the one voted Most In Need Of Immediate Abolishment.

According to government contract records on FPDS.gov, ICE acquired the services of GrayShift earlier this month. And it’s spent more than any other government department on GrayShift tech, with a single order of $384,000. Other branches of the Trump government, from the Drug Enforcement Administration to the Food and Drug Administration, have splashed between $15,000 and $30,000 on different models of the GrayKey, which requires physical access to an Apple device before it can break through the passcode.

ICE wants everything on the menu. In addition to spending big on cellphone-cracking devices, the agency has also thrown money at forensic tools from Cellebrite, social media tracking software, "intercept software" from a Nebraska-based vendor, and "computer support equipment" from foreign companies (one of them Russian) known for their ability to extract data from encrypted messaging services.

It would seem the agency involved in investigating the widest variety of crimes would be joining ICE in its encryption-breaking spending spree. But there's no trace of FBI expenditures to be found in these records. It may be the FBI has exempted itself from reporting this information under the theory that naming dollar amounts and/or vendors would allow wily criminals to escape its grasp. If so, it seems unlikely this refusal has a legal basis. The DEA and ICE have both allowed these records to be published and both agencies routinely engage in investigations that theoretically could be compromised by making spending data public. (The key is "theoretically." In reality, it's unlikely publishing contract data has any noticeable effect on criminal behavior.)

Moving past the FBI, there's reason to be concerned ICE is making purchases like these. Given its main concern is the speedy removal of undocumented immigrants, this tech seems to be more of a "want" than a "need." Most of the cases ICE deals with don't need to involve cracked phones and forensic searches. But because it has the tools on hand, it will make sure it gets our money's worth.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, encryption, ice, phones


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 25 Sep 2018 @ 4:46am

    Why do I get the impression that read everything on you phone, laptop and tablet, and in your social media accounts is the new papers please that law enforcement dreams of.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 25 Sep 2018 @ 4:57am

    I
    Crack
    Encryption

    link to this | view in thread ]

  3. This comment has been flagged by the community. Click here to show it
    icon
    Rizwan (profile), 25 Sep 2018 @ 5:21am

    Happy Independence Day Text

    it,s very easy to that it,s great and help full for every one.

    link to this | view in thread ]

  4. icon
    DannyB (profile), 25 Sep 2018 @ 6:05am

    The FBI also hasn't been honest

    The FBI also hasn't been honest about . . .

    I'm shocked! Shocked, I tell you that the FIB isn't honest.

    link to this | view in thread ]

  5. This comment has been flagged by the community. Click here to show it
    icon
    Veelead Solutions (profile), 25 Sep 2018 @ 6:14am

    SharePoint

    Thanks for sharing this useful information

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 25 Sep 2018 @ 6:57am

    Re:

    What if I have no papers?

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 25 Sep 2018 @ 7:04am

    Re: Re:

    Then you must be a criminal, as not recording everything you do means you have something to hide.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 25 Sep 2018 @ 8:03am

    Re: Re: Re:

    Does my Obama phone count?

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 25 Sep 2018 @ 8:07am

    "ICE Leads The Nation In Encryption-Cracking Expenditures"

    But are they now able to decrypt things they were not able to decrypt in the past or are they buying snake oil?

    link to this | view in thread ]

  10. icon
    JoeCool (profile), 25 Sep 2018 @ 9:22am

    Re:

    Both. That's the danger of buying everything available. Some of it works as advertised, some of it works but is redundant, and the rest is snake oil.

    link to this | view in thread ]

  11. identicon
    Fat Chance, 25 Sep 2018 @ 9:56am

    Who, me?

    A family or other group sharing cars and devices, none of which requiring a password or anything else to use, operate, etc.

    Various agencies tracking vehicles and devices, but not people.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 25 Sep 2018 @ 10:52am

    from all the headlines, it is hard to make out - is this being raised because LE is cracking phones (well, duh) or because ICE spent $384,000 to gain the technology to crack phones?

    ...if it is the latter, um, yeah. these days $384,000 is a drop in the bucket in enterprise level software world.

    i'm rather interested in what the heck the DEA and FDA got for $15K to $30K.

    link to this | view in thread ]

  13. icon
    Uriel-238 (profile), 25 Sep 2018 @ 3:22pm

    ICE is no-one's first choice when they go into Law Enforcement

    I'm pretty sure ICE pulls from a... different... pool of recruits than does the NSA or FBI.

    I wonder if the latter two only spent money on the stuff they figured worked, whereas ICE couldn't tell the Shinola. Given that ICE is currently one of Trump's favorite investments, they might also be able to afford frivolous expenses.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.