Hell Hath No Fury Like A Federal Law Enforcement Agency That Keeps Finding Some Way To Break Into IPhones
from the flow-my-angry-tears dept
Nothing has made the FBI more irritated than its ability to break into phones it swears (often in court!) it cannot possibly get into without the device maker's assistance. The agency doesn't want third-party vendors to offer solutions and it doesn't seem to want its own technical staff to find ways to get stuff from encrypted devices. It wants the government to tell companies like Apple to do what they're told. It will accept any solution that involves a mandate, whether it's from a federal court or our nation's legislators. It will accept nothing else.
The FBI and DOJ's foul mood over its phone-cracking success and its courtroom failures came to a head recently. A joint press conference announcing not-so-breaking news about the contents of the Pensacola air base shooter's phones contained a whole lot of off-target griping about a company whose only crime was selling consumer products. Here's Rianna Pfefferkorn for TechCruch:
You’d think the FBI’s success at a tricky task (remember, one of the phones had been shot) would be good news for the Bureau. Yet an unmistakable note of bitterness tinged the laudatory remarks at the press conference for the technicians who made it happen. Despite the Bureau’s impressive achievement, and despite the gobs of data Apple had provided, Barr and Wray devoted much of their remarks to maligning Apple, with Wray going so far as to say the government “received effectively no help” from the company.
If the FBI's ultimate aim was to bury the lede -- that it could either break encryption or exfiltrate contents without cracking devices -- it succeeded. Everyone talked about Apple and how its unhelpfulness led to this petulant press conference where it was stated clearly and repeatedly that Apple was harming the nation's security by... um... temporarily delaying the discovery of evidence linking the shooter to the terrorist group that had already claimed responsibility for the attack months ago.
As Pfefferkorn points out, Bill Barr and Chris Wray's roughly concurrent tantrums allowed them to avoid discussing something that should have been much bigger news.
By reviving the old blame-Apple routine, the two officials managed to evade a number of questions that their press conference left unanswered. What exactly are the FBI’s capabilities when it comes to accessing locked, encrypted smartphones? Wray claimed the technique developed by FBI technicians is “of pretty limited application” beyond the Pensacola iPhones. How limited? What other phone-cracking techniques does the FBI have, and which handset models and which mobile OS versions do those techniques reliably work on? In what kinds of cases, for what kinds of crimes, are these tools being used?
After all of this, we don't know what the FBI is capable of and how often these previously unmentioned techniques are used to bypass or break device encryption. With the only suspect dead, it's obvious FBI agents didn't beat the passcode out of him. But that's all we really know.
The FBI can break into iPhones. But it won't celebrate that victory because -- without a federal government derived mandate -- it doesn't feel like a victory. This "sick of winning" attitude dates back to the FBI's efforts in the San Bernardino shooting where agency officials were upset a third party solved their access problem before they could talk a court into precedent compelling assistance from cell phone manufacturers.
By portraying this victory as a loss to a tech company, the FBI can avoid talking about its tools and techniques. It can bypass its oversight by glossing over this breakthrough as a very limited success that won't scale and possibly cannot be used against any other phones. It can also keep its secrets from our nation's courts, ensuring defendants are left in the dark about the true origin of evidence being used against them.
And that's if we're thinking positively. Here's where we're at if we bring to bear all the distrust and cynicism the government (at all levels) has earned:
The worst-case scenario would be that, between in-house and third-party tools, pretty much any law enforcement agency can now reliably crack into everybody’s phones, and yet nevertheless this turns out to be the year they finally get their legislative victory over encryption anyway. I can’t wait to see what else 2020 has in store.
USA! USA! USA!
We, the people, are going to get what's coming to us, even if we haven't earned it or asked for it. Encryption is public enemy number one, right behind device manufacturers and developers of encrypted communication services. If the first enemy is killed dead, the rest will be manageable. And the general public will be forced into sacrificing their personal security for jingoism-spouting opportunists who will never see the United States as safe enough to entrust citizens with their own decisions about the level of protection they want for their communications and data.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, doj, encryption, fbi, phone cracking
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
Getting what you asked for, but not what you wanted
'Stop solving the problem we claim we have so we can get a court or legislators to force companies to provide what we actually want!'
[ link to this | view in chronology ]
Sure
But the FBI and DoJ do a 5 year trial of the new phones first. I am sure that noone will take.afvantage of potential flaws and cracks
After all, if they have nothing to hide.....
[ link to this | view in chronology ]
I am going to hazard a bet that the first to use any OEM-backdoored encryption as demanded by the FBI will actually be terrorists. But we will likely never hear of it, so it's a stupid bet to take.
I also keep wondering how much is on phones (sticky notes, photographs?) thatthe NSA did not akready capture in transit. I'm thinking they don't need the phones at all.
[ link to this | view in chronology ]
Re:
Considering that most of the domestic terrorist arrests in the US over the past couple of decades have been people recruited and trained by the FBI, you are right! The FBI seems to be running rogue and creating more terrorists than ever existed before they started working on them.
[ link to this | view in chronology ]
Worse-er Case
I disagree, in that I can imagine a much worse case scenario: that the FBI can crack the encryption 1.) from a remote location, 2.) quickly, as in perhaps a few minutes, and 3.) cheaply, as in they could choose to break the encryption on every device that they so desire. In other words: remote mass surveillance.
My outlook on the grumpy press conference, is that although the FBI got the data off of this device, the exploit that they used required physical possession, was time consuming, and cost enough resources that their ability to replicate this success is somehow limited. They did NOT get what they truly wanted, which was a court case which could be used to mandate remote mass surveillance installed by default from the manufacturer.
[ link to this | view in chronology ]
The *real* lede
This is so utterly and obviously wrong that I'm surprised Techdirt misunderstood what the actual lede was.
This was the FIRST TERRORIST ATTACK ON US SOIL BY A FOREIGN NATIONAL SINCE 9/11 THAT WAS PLANNED OVERSEAS. The administration and FBI focused on the encrypted iPhone in order to avoid talking about that, and how their total incompetence allowed it.
I'm saddened -- and more than a little disgusted -- that even Techdirt thinks that this brouhaha has anything at all to do with encryption.
You've allowed yourselves to be distracted by the shiny object you wanted to see, rather than the horrific truth. Congratulations on being so completely fooled by the least competent liars in history.
[ link to this | view in chronology ]
Re: The *real* lede
While that might be important, maybe even suppressed by the government point, it wasn't the point of the press conferences mentioned in the article. That the DoJ and FBI are working on getting back doors to encryption, a subject Techdirt cares about and is reporting on, it doesn't mean Techdirt doesn't care about the fact you mention.
But it wasn't the focus of the post, and just because you think your point is more important than the elimination of security for not just phone calls but banking and e-commerce and private communications and many other things important to many people, doesn't mean that Techdirt should ignore this important subject to accommodate your perspective.
Let me suggest https://www.blogger.com/home as an inexpensive starting place where you can dictate what should be talked about.
[ link to this | view in chronology ]
Re: The *real* lede
"This is so utterly and obviously wrong that I'm surprised Techdirt misunderstood what the actual lede was."
No, just that the FBI covering their own asses over their ineptitude when it comes to prevent yet another saudi national with known terrorist affiliations from killing people on US soil isn't exactly newsworthy. We've all known since 9/11 that if you want to plot terrorism in the US, make sure the triggerman you send is saudi arabian. He could wear a bomb belt openly while marching off the plane and they'd still wave him through customs as soon as they saw his passport.
We all know this. Trump has good friends in saudi Arabia. The State Department has good friends in Saudi Arabia. When these good friends send their precious scions to the US to study and blow shit up the FBI gets told to back the fsck off. We know this.
And so, of course, does Al-Quaeda and every other terrorist organization in the middle east.
And no kidding that's serious stuff.
But no matter how you slice it that doesn't compare to the fact that if the FBI do get that "shiny new thing" we're all so focused on what it means is that the 4th amendment is, effectively, gone. As is the 5th, for all intents and purposes. You will never have privacy again because the phone in your pocket is from then on the government's microphone and tracker.
You also won't ever be able to use that phone for confidential stuff - like banking, your identity details or money transfers, because a month after the FBI get their backdoor, organized crime will have it as well.
[ link to this | view in chronology ]
Re: Re: The *real* lede
At which point the thing looses it's value for many.
The whole fscking point is that the public "unknowing" buy and maintain their own surveillance collar. Where that succeeds is by co-opting a must have item for their purpose. The only problem is that must have item cannot suddenly drop in popularity. If it does, suddenly the treasure trove of data is a lot less valuable, because fewer and fewer people have them at all times.
People carry around phones because they are convenient tools. If the FBI's backdoor suddenly becomes public, and anyone with a phone keeps getting massively hacked by anyone capable of opening a console window, the public will take notice and drop the things in the dumpster. Given that occurs long enough, people will stop buying new ones altogether. Sadly for the FBI, they can't help themselves anymore than the script kiddies who will be competing with them, and the compromises will be huge and lasting.
The first rule of any espionage agent: Don't get detected.
The first rule the FBI cannot understand: Don't get detected.
[ link to this | view in chronology ]
Regardless of side-stepping or evasion, those questions will never be answered by current management, because they're sooper-sekret methods and techniques that OMG TERRORISTS.
And such.
[ link to this | view in chronology ]
Seems like the DOJ and FBI are hell bent on returning to the Hoover era of surveillance, so it's probably past time we have the modern equivalent of the Church Committee. Sen. Wyden seems like a good nomination to chair it.
[ link to this | view in chronology ]