After FBI Successfully Breaks Into IPhones, Bill Barr Says It's Time For Legislated Encryption Backdoors
from the drawing-exactly-the-wrong-conclusions-from-the-evidence-at-hand dept
FBI Director Chris Wray's potshots at Apple during the joint press conference about the Pensacola Air Base shooting weren't the only ones delivered by a federal employee. Famous anti-encryptionist/current DOJ boss Bill Barr made even more pointed comments during his remarks, mostly glossing over the FBI's brilliant discovery that the shooter was linked to al Qaeda -- something al Qaeda had claimed shortly after the shooting took place.
The DOJ never got the court battle it wanted. Its second attempt to talk a court into compelled decryption never gained momentum and FBI techs were eventually able to do the thing the DOJ couldn't make Apple do: access the phones' contents. Barr's comments had very little to do with the supposed matter at hand: the investigation of a shooting on a US military base. Instead, Barr gave perfunctory thanks to the hardworking men and women of the FBI before moving on to declaring Apple an enemy of the people, if not an actual enemy of the state.
Here's the first smear, which insinuates device encryption is a criminal co-conspirator.
Within one day of the shootings, the FBI sought and obtained court orders, supported by probable cause, authorizing the FBI to search the contents of both phones as part of its investigation. The problem was that the phones were locked and the FBI did not have the passwords, so they needed help to get in. We asked Apple for assistance and so did the President. Unfortunately, Apple would not help us unlock the phones. Apple had deliberately designed them so that only the user — in this case, the terrorist — could gain access to their contents.
Yes, this is a deliberate design decision by Apple. It secures all users' phones, not just users who engage in criminal acts. Barr wants insecure devices for everyone because it would make things easier for law enforcement. That it would make things easier for other criminals (phone thieves, stalkers, malicious hackers, etc.) never seems to cross his mind. Or if it does, he figures it's a sacrifice he's willing to force Americans to make.
That's not hyperbole. Later in Barr's remarks, he claims it's not even up to the public to vote with their phone-buying dollars on the subject of device encryption and the problems it poses for law enforcement. And despite this comment, Barr doesn't want it left up to citizens to vote with their actual votes.
Striking this balance should not be left to corporate boardrooms. It is a decision to be made by the American people through their representatives.
That sounds almost democratic. If you choose to stop reading here, it almost appears Barr will accept the will of the people even if they would prefer device security over encryption backdoors. But Barr doesn't stop there. He expands on this thought, dismissing the American people's momentary involvement in this issue.
The developments in this case demonstrate the need for a legislative solution. The truth is that we needed luck, in addition to ingenuity, to get into the phones this time. There is no guarantee that we will be successful again or that a delay of four months (or longer) will not have significant consequences for the safety of Americans. In addition, the costs in time and money of devising alternative methods of accessing encrypted information can be enormous. This is not a scalable solution.
There it is: a call for mandated encryption backdoors. If Apple and other device makers aren't willing to bend to Barr's will, perhaps the legislative branch can put its collective boot on tech companies' necks.
Barr's anti-encryption pitches are still as dishonest as ever. When not portraying encryption as almost solely beneficial to criminals, Barr deliberately misconstrues what's at stake. There's a reason he keeps discussing this in terms of privacy when it's actually about security. Privacy has wiggle room. Security doesn't. Encryption is secure. Backdoored encryption isn't. It's that simple. Barr's term-swap deceives listeners, many of whom are lawmakers.
Apple’s desire to provide privacy for its customers is understandable, but not at all costs. Under our nation’s long-established constitutional principles, where a court authorizes a search for evidence of a crime, an individual’s privacy interests must yield to the broader needs of public safety.
It's not a privacy issue when the government demands all backdoors in the nation remain unlocked just in case law enforcement needs to enter them. It's a security issue. That's pretty much what Barr wants, using houses as an analogy for devices capable of holding far more sensitive info and data than any home possibly could. Barr wants encryption that can be bypassed at will. That's not a privacy issue. It's about securing devices users rely on to handle almost everything in their daily lives. Security helps protect their privacy, but the important thing here is the security -- not the government's lawful invasions of privacy when warrants are served.
If the FBI can break into a device without Apple's assistance -- as it has in at least two high-profile cases -- it can do it again. Weakening encryption shouldn't even be a discussion topic at this point. For all the talk about the problems encryption poses to securing the nation, arguing that a nation filled with insecure devices would be more secure than what we have now is ridiculous.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, bill barr, doj, encryption, fbi, iphones
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
Let's change a few words for accuracy shall we?
Within one day of the theft, the individual who had stolen the phone attempted to access the device in order to make use of any bank or email accounts linked to it before the owner could change the passwords. The problem was that the phones were locked and the thief did not have the password to the phone, so they needed help to get in. They sought help from those that provided code designed to breach the encryption on the phones, but fortunately for the owner that took too long, and the passwords were changed in time. Apple had deliberately designed them so that only the user — in this case, not the person who had stolen the phone — could gain access to their contents.
It's one thing to be stupid, another to be dangerously stupid, but worse by far is someone who is maliciously dishonest, willing to have anyone else pay whatever price is needed in order for them to get what they want, and who is willing to lie to get it.
By attacking that which protects the security and privacy of hundreds of millions those that are trying to sabotage encryption for the american public pose a greater threat to that public than the criminals and terrorists they are trying to use as justification ever have or ever could, and if that's not bad enough it also poses a very real risk to the economy of the gorram country, because a company or country would have to be utterly insane to want to do business in a country where vital services and platforms are required to be insecure such that if they do manage to mandate broken encryption I foresee an exodus of companies and investment as companies flee to a country that actually cares about security.
[ link to this | view in chronology ]
I propose
We do a test run first. All doj and fbi people get the new weakened security first. On all systems as we need to also get.into networked systems. Any attempt to bypass will be punished
No reason to worry nonnactors will misuse it.or.brute force it, right?
[ link to this | view in chronology ]
Re: Let's change a few words for accuracy shall we?
I understand your point, but... stealing your money for no reason, and reading your email, are things the American government expects to be able to do without your permission.
[ link to this | view in chronology ]
Re: Re: Let's change a few words for accuracy shall we?
And can unfortunately, but what they are trying to do would allow many, many other people and groups to do the same.
[ link to this | view in chronology ]
Re: Re: Re: Let's change a few words for accuracy shall we?
Also, when it is illegal they can not use it against you in court.
[ link to this | view in chronology ]
Re: Re: Re: Re: Let's change a few words for accuracy shall we?
What makes you think they want to use whatever they collect in court? Blackmail does not require a court. In fact courts kinda frown upon it.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Let's change a few words for accuracy shall
idk, parallel construction is too expensive?
[ link to this | view in chronology ]
Re: Re: Re: Re: Let's change a few words for accuracy shall we?
How do I put this gently?
Good Faith Exception.
Qualified Immunity.
A thing can be blatantly illegal, and it can still be used as evidence in court, the agents immunized from damages for their bad behavior.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Let's change a few words for accuracy shall
Well - ok, but the stories they brain wash everyone with as children do not include the nefarious activities that most adults are aware of although many are in denial. How can one hold these two diametrically opposed ideas at the same time? You can't.
[ link to this | view in chronology ]
Of course he does, as long as it isnt his phone yhat access is wanted! Like those in Congress who want to allow the FBI, NSA etc to have access to everyone's browsing (and email) history, it's always fine when it isn't them!
[ link to this | view in chronology ]
It's almost like some bizarro version of the oft-used Franklin quote: "Those who won't give up essential security for the sake of the minuscule gain in safety we're offering them don't deserve to be considered in my ongoing effort to make them sacrifice it anyway."
[ link to this | view in chronology ]
This is treating every person in the US as if they are guilty.
This turns the entire criminal justice system on its head and proposes to treat everyone as if we have been convicted of some horrible crime and they now need to get access to our device to show who else was involved. None of that is the case and by trying to backdoor our phones, they are backdooring our rights. Give everyone full read access to Mr. Barrs electronics and I might consider allowing you to do the same with me. I will not allow you to access my children's devices though since you have proven you can't be trusted with such access by running and improving a child porn site.
[ link to this | view in chronology ]
Re: This is treating every person in the US as if they are guilt
Nope, they won't stop at full read access so why should we? We demand full write access to Mr. Barrs electronics.
Play the long game. If they can read they can replace too, and we all know what happens when officials are under public pressure: They want to close the case to pacify an enraged public as soon as possible by throwing everything and everything at them. Even if it means convicting the innocent. Give them backdoors and they will use them to falsify evidence against and convict someone when it's convenient for them to do so. Let alone what some more unscrupulous administrations would do with them.
[ link to this | view in chronology ]
What about China, or Russia?
The question that all these people who want to break encryption need to answer is: what does Apple do when the Chinese government ask Apple to decrypt a device? Or when the Chinese government asks Apple how to decrypt a device?
They also need to answer the question of how are they going to secure their own devices and those of US government officials (and US spies) when they travel abroad?
[ link to this | view in chronology ]
Re: What about China, or Russia?
Not that they're not already dead wrong, but if they think for a moment that China won't end up with direct access through that back door on their own (possibly via corporate espionage) then they're plain stupid.
[ link to this | view in chronology ]
Re: Re: What about China, or Russia?
The ability to decrypt or bypass the encryption of any of a company's devices would be by far the most valuable bit of code in existence at the moment, such that if it stayed secure for a week after it was created I would be incredibly surprised.
[ link to this | view in chronology ]
'Now that you've set the precedent...'
A very good point that definitely deserves to be pointed out. By trying to pressure Apple and other companies to cripple encryption by claiming that the USG needs access they are utterly destroying any standing they might have had when other countries follow suit.
Related to a somewhat recent article, don't like the idea of chinese hackers going after american targets? Too damn bad, you just made it vastly easier for them as you not only required a security hole in US systems you also gave them all the excuse they needed to demand that they also have a way to bypass encryption on demand.
Those that would cripple encryption in the US are not just making people in the US less secure they are making everyone less secure by providing a perfect roadmap for any other country to do the same.
[ link to this | view in chronology ]
Barr is one of the sleeziest fbi directors ever - I wonder what's on his phone?
[ link to this | view in chronology ]
Re:
Probably something that would get anyone else arrested and charged with a sex crime.
[ link to this | view in chronology ]
Re:
Barr is the AG, not FBI Director. Though, that does mean that the FBI Director reports to him.
[ link to this | view in chronology ]
This only applies to apple phones Eg Most people use Android phones. Android phones don, t have encryption on by default. The nsa can get acess to phone data from the phone company, browsing data from the isp. Most people do not use encryption on android phones. There's devices that can decode the pass codes on iPhones. Apple gives the police acess to icloud data and other user data if the police ask for it. Apple is trying to protect the privacy of its users. Police. Government officials politicians use iPhones too. If Apple choose to open up the phone data it it would have a negative effect on America, s
National security. Is it worth giving up millions of citizens privacy and security to get a bit of info
On a few terrorists?
[ link to this | view in chronology ]
Re:
Android devices have had device encryption on by default since Android Nougat (7.0). It's one of Google's requirements for OEM devices and it's the reason that so many cheap Android tablets used Android Marshmallow (6.0) to avoid the performance hit that full disk encryption causes.
Starting with devices that shipped with Android 10, device encryption is only activated when you add a screen lock to your device but, as soon as you add any sort of screen lock, your device is encrypted with File-Based Encryption so that your device is able to boot to the lock screen and dial emergency numbers without being unlocked (these last two features were unavailable with the 7.0-9.0 Full Disk Encryption).
[ link to this | view in chronology ]
So, Mr. Barr, what you're really saying....
...is that you CAN break encryption, but it's just so darn HARD.
So was 9th grade algebra at one point in time in my life. Then I learned how to do it, and I practiced it over and over, and by the time I left 9th grade, I had that bit of knowledge down pat.
Sack up, Barr.
[ link to this | view in chronology ]
The only argument that shuts these guys up is right here:
Weaken encryption in the U.S. and all exports of software
and network-related technology "made in U.S.A." will dry up.
Everybody (Americans included) will shop elsewhere for tech.
That's trillions of dollars in new trade deficits, hundreds
of billions in lost profits to tech industries and tens of
billions in lost taxes every year until a new administration
undoes the damage and stops the bleeding.
Arguing about security and rights of the American people has
no effect on these clowns because they hold the public in
contempt and always will. Show them what effect their dumb-
ass meddling will do to their billionaire friends and corporate
backers and they'll quietly let the issue die off without ever
having to admit why it was a stupid idea to start with.
[ link to this | view in chronology ]
Bill Bar is STILL a neo-feudal extremist
He's established both in arguments as Attorney General and in less official statements that he believes in a return to Divine Right of Kings, of hereditary monarchies, of preservation of institutions (even when corrupt) over equal justice, or the good or will of the people. Even a constitutional monarchy is not enough monarchy for Barr, and his religion tells him so.
Bill Barr wants to sabotage encryption because he feels we peons deserve no rights, not to privacy or protection from judicial overreach. We exist at the pleasure of the king, and die at the pleasure of the king as well.
It's a good reason why Barr should not be appointed to political position. But then again neither should the guy who appointed him (and fired several people before finding Barr.) He's the end result of a subverted executive branch.
[ link to this | view in chronology ]
Scalable
GOOD. It should be something that has to be done from the ground up on a case by case basis. It should take time and money. It should be difficult. It should be so onerous that it is obviously not worth it unless a specific phone probably has relevant criminal evidence on it. There should not be a "scalable" solution that lets you easily and quickly snoop on millions of peoples' phones, even though that is clearly what you want.
[ link to this | view in chronology ]
All phones can be cracked with a lab and experts.
It's been established a few times (some at conventions) that a device's TPM can be cracked with an electron microscope, a technician who knows what he's doing and a bit of time (less than a week). But this is acceptable because it's super expensive and an institution would have to really want to get into that phone.
We want to avoid means for any highway patrol or precinct with a dancing drug dog to be able to unlock the phone to find some esoteric cause for a prosecutor to imprison someone for decades. Because they will totally do that.
[ link to this | view in chronology ]