FBI Tracks Down Cop Car Firebomber Using Info The FBI Claims Is Way Less Useful Than An Encryption Backdoor
from the I-don't-want-to-tell-you-how-to-do-your-job-but dept
For all of the DOJ and FBI's protestations that Apple (and others) just aren't doing enough to help out the federal government, the company actually provides a lot of assistance. No, Apple won't break encryption or build backdoors, but we live in a golden age of surveillance -- one so golden it's putting the surveillers at risk.
Bill Barr has continually attacked Apple for refusing to cede to his anti-encryption demands. Barr and FBI Director Chris Wray also like to complain that the information Apple can give them -- the stuff that isn't encrypted -- is mostly useless.
It isn't. And they know this. But this false claim provides a lot more leverage than the truth does. There's a wealth of information available that's not secured by encryption. A recent case covered by Thomas Brewster for Forbes shows how much investigators can do with Apple's assistance.
In the Seattle case, the FBI had been tipped off about the identity of a protester police believed had set fire to at least two police patrol vehicles during a protest against police brutality on May 30 following the killing of George Floyd, according to a search warrant reviewed by Forbes. The FBI checked the tip against surveillance feeds, news broadcast footage and social media images, deciding that the lead was worth chasing down. They obtained Verizon records for the suspect, Kelly Jackson, that revealed his location during the protests, what calls he made and the fact that he was using an iPhone 7.
That’s when the FBI called on Apple, asking for the suspect’s iCloud information. A trove of potential evidence was returned by the Cupertino tech giant, including screenshots hosted in Jackson’s photo library, according to the search warrant.
The key element here was the suspect's iCloud account. Videos showing the man building his Molotov cocktails, as well as videos showing him throwing them at cop cars, were found there. An image taken later in the day showed the suspect with his mask removed, allowing investigators to identify him. The account also contained a screenshot of a website providing the list of things needed to concoct the Molotov cocktails.
But there's more in the complaint [PDF]. Investigators also used Facebook to tie the suspect to his employer and drivers license data to identify him. The suspect had had previous interactions with law enforcement, which gave them access to his phone number. Phone records put him near the scene of the firebombings, as did videos uploaded by other protesters.
Investigators may not be able to crack the phone (then again, maybe they can), but they can still obtain plenty of information from data backed up to the cloud. This is true with most mobile devices, even though Barr and Wray seem to have a particular dislike for Apple. Pretending this isn't the case is self-serving at best and thoroughly dishonest at worst.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, doj, encryption, fbi, privacy, surveillance
Companies: apple, facebook
Reader Comments
Subscribe: RSS
View by: Time | Thread
Note, an encryption backdoor would not have helped them identify the person, as they need the phone to use it.
[ link to this | view in chronology ]
Re:
Unless that backdoor provided such easy use that they already know who belongs to what phone.
[ link to this | view in chronology ]
Re:
Depends on the backdoor. I'm sure they'd ideally want one that can be exploited remotely.
[ link to this | view in chronology ]
Re: Re:
They still need to know which phone to target. That is an encryption backdoor is only of use when you have decided where to use it. As has been frequently demonstrated in terrorist cases, gathering everything is only useful when you know what or who you are searching for in the haystacks. That is haystacks of data have mainly proven to be of use to figure out what happened, rather than preventing the happening.
[ link to this | view in chronology ]
Re: Re: Re:
"They still need to know which phone to target. That is an encryption backdoor is only of use when you have decided where to use it.
Of course, but the point is that once they have the target, they don't want to go through the process of physically getting the phone before getting entry. Similarly, they will likely want some kind of universal backdoor so they don't have to deal with those pesky warrants and things that might be involved if they have to find out the exploit for the specific phone.
"As has been frequently demonstrated in terrorist cases, gathering everything is only useful when you know what or who you are searching for in the haystacks."
But, you assume that they're actually trying to solve a specific crime rather than going on a fishing expedition against someone they don't like. In the latter case, a remote backdoor is perfect. They can invent a reason to search the phone on the record later if they find something they can use.
[ link to this | view in chronology ]
Re: Re: Re: Re:
"They can invent a reason to search the phone on the record later if they find something they can use."
Or else just say "Well, the intel was good" and walk away with copies of any fully legal yet potentially personally embarrassing information in their possession. No way, of course, that a threat of release of said information later on would ever be used to extort benefits.
[ link to this | view in chronology ]
All of this is stuff that ought to have been encrypted. Apple could easily encrypt iCloud data in future. It will be harder to take care of the location and call records, but if Apple are serious about customer privacy, they can push the telcos to support new privacy-respecting protocols to ensure telcos (and Apple) won't have this data.
[ link to this | view in chronology ]
Happy Medium
Tech companies don't want to waste time with police warrants and investigations that involve breaking open the security on a device. On the other hand, they want to be able to say that their devices are secure. Maybe this is the compromise? The devices themselves are (maybe) secure, but the cloud storage is not. So dumb people will still get caught, with a minimum of effort copying a customer's data onto a usb stick, while everyone else's device data remains secure.
[ link to this | view in chronology ]
Re: Happy Medium
It's no compromise, these are 2 totally separate things. A phone is a device that you physically own, and that you should be able to protect at any time in order to secure your own property. A cloud account is something you rent on Apple's property.
There's no problem with Apple giving law enforcement access to something on their own property if the correct legal channels are followed. There is a problem in them leaving a back door open for anyone who wants to violate your property just because some lazy cops want them to. These are not conflicting ideas.
[ link to this | view in chronology ]
Re: Happy Medium
"Maybe this is the compromise? The devices themselves are (maybe) secure, but the cloud storage is not."
That's not a compromise. You can't be just a little bit pregnant, a door can't just be almost unlocked. A device can either be secured...or not.
If a backdoor exists then that backdoor does not care who uses it, for what purpose, or through what mechanism. So if the cloud storage isn't secure, neither is the device. It's that simple, and every IT expert has been telling the DoJ as much for years.
"Tech companies don't want to waste time with police warrants and investigations that involve breaking open the security on a device."
Because if the device is actually secure, they can't. They'd have to create a new version of the device OS which includes a backdoor then force the update. But if they design and create such a backdoor update then that's a master key anyone can use to gain access. With it being worth billions of dollars it will leak no matter who holds it faster than water through a colander.
"So dumb people will still get caught, with a minimum of effort copying a customer's data onto a usb stick..."
That's...not how it'd work. What you describe there was literally the way unsecured cloud storage in the past has been hacked and the contents then distributed on the open net.
[ link to this | view in chronology ]
He needed a website's help to figure out to make Molotov cocktails?
[ link to this | view in chronology ]
Re: needed help to figure out to make Molotov cocktails
He kept burning his lips testing the early prototypes.
[ link to this | view in chronology ]
Re:
Amusingly, I did a quick search to check to see if the guy was a "genuine" protestor or a guy with right-wing leanings who was trying to make the movement look bad, as you never know nowadays. The following was the caption of the main photo in the first result that came up:
[ link to this | view in chronology ]
Again, LEOs Rely on Criminal Stupidity of Criminals
"...they can still obtain plenty of information from data backed up to the cloud."
Clam-shell burner phone never store data in the cloud (and never butt dial - BONUS!).
[ link to this | view in chronology ]
Re: Again, LEOs Rely on Criminal Stupidity of Criminals
It is also a sign of the time where everybody feels the need to document and share everything.
I'm an old geezer and I would never dream of photographing or videoing evidence for police to find and use. If I planned on throwing Molotov cocktails, or worse, I would probably lock my phone in a faraday cage someplace other than my own location, just to be sure. Even searches for "How to make Molotov Cocktails" or "How to create explosives from fertilizer and Diesel oil" would be done on a computer I don't own and which would be hard to tie to me.
[ link to this | view in chronology ]
Not even a geofenced reverse warrant? Garshk.
[ link to this | view in chronology ]
Re:
Time to FOI about stingray use around protests.
[ link to this | view in chronology ]
Re: Re:
No need for a stingray if you have cell tower records.
... and uploaded video from others.
[ link to this | view in chronology ]
this false claim provides a lot more leverage
" than the truth does." https://www.youtube.com/watch?v=G2ks3JmHPCQ
[ link to this | view in chronology ]
Absolute criminal genius this one. I'm surprised they caught him with him leaving all that self-incriminating evidence around.
[ link to this | view in chronology ]