Gun Trafficking Investigation Shows The FBI Is Still Capable Of Accessing Communications On Encrypted Devices

from the so-dark-we-could-only-get-everything-we-needed dept

It's been clear for some time that the FBI and DOJ's overly dramatic calls for encryption backdoors are unwarranted. Law enforcement still has plenty of options to deal with device encryption and end-to-end encrypted messaging services. Multiple reports have shown encryption is rarely an obstacle to investigations. And for all the noise the FBI has made about its supposedly huge stockpile of locked devices, it still has yet to hand over an accurate count of devices in its possession, more than two years after it discovered it had been using an inflated figure to back its "going dark" hysteria for months.

An ongoing criminal case discussed by Thomas Forbes for Fortune provides more evidence law enforcement is not only finding ways to bypass device encryption, but access contents of end-to-end encrypted messages. This isn't the indictment of Signal (a popular encrypted messaging service) it first appears to be, though. The access point was the iPhone in law enforcement's possession which, despite still being locked, was subjected to a successful forensic extraction.

In the Signal chats obtained from one of [the suspect's] phones, they discuss not just weapons trades but attempted murder too, according to documents filed by the Justice Department. There’s also some metadata in the screenshots, which indicates not only that Signal had been decrypted on the phone, but that the extraction was done in “partial AFU.” That latter acronym stands for “after first unlock” and describes an iPhone in a certain state: an iPhone that is locked but that has been unlocked once and not turned off. An iPhone in this state is more susceptible to having data inside extracted because encryption keys are stored in memory.

Seizing a phone in this vulnerable state allows investigators to obtain evidence from "locked" phones by using forensic tools like those sold by Cellebrite and Grayshift. Signal's encryption works. But that encryption doesn't matter -- not if law enforcement has access to the device. Encryption protects against message interception but even the strongest forms of encryption can't secure communications on a partially unlocked device. In this state, it's as simple as hooking up a phone to an extraction device and letting the device do the work.

It's not clear which forensic option was used, but it does show encryption isn't making phones and communications "warrant-proof." A locked device (rather than one in an "after first unlock") is going to be tougher to crack, but it's far from impossible. And if it is indeed impossible, a wealth of information can be recovered from cloud backups, unencrypted communications platforms, social media services, and any number of third parties that collect information and location data from cellphone users. In only the rarest cases will investigators have almost nothing to work with.

Even in those cases, there are options. Investigators can roll the dice on Fifth Amendment challenges and hope a court orders arrestees to unlock their devices. They can also seek consent to a search -- something that's never a one-and-done thing when law enforcement has both suspects and their devices in its possession.

This case shows multiple layers of encryption are mainly a hassle at this point. It's enough to keep people's devices secure in case of loss or theft, but it's not much of an impediment to investigators with powerful forensic tools at their disposal.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: access, doj, encryption, evidence, fbi, going dark, law enforcement


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    ECA (profile), 11 Feb 2021 @ 11:07am

    Love the system

    That holds every password you ever created.
    Uses them automatically
    Then hides them someplace on your machine so you cant find them or Tell what has been saved.

    My bank asked me if I used unline banking on my phone or computer.
    NOPE NEVER.

    link to this | view in thread ]

  2. icon
    Upstream (profile), 11 Feb 2021 @ 2:10pm

    Security v Convenience

    Yeah, frequently booting up, typing in passwords, and shutting down is a hassle, and it is time-consuming, but so far it seems that it is just part of the deal if you want anything approaching real security.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 11 Feb 2021 @ 2:53pm

    Re: Security v Convenience

    And just how many strong passwords can you remember? Just how accurately can you type on a phone?

    link to this | view in thread ]

  4. icon
    Tanner Andrews (profile), 12 Feb 2021 @ 9:35am

    No need

    My bank asked me if I used unline banking on my phone or computer.

    They do not have to ask me. They see me every week, they know who I am. When I want money, I walk in, it is only a block or so from the office. No, of course I do not do on-line banking, my computer does not have the right printing equipment to spit out cash.

    Things might be different at MegaBank/Merger United, so your mileage may vary. And maybe your phone has a system to spit out cash where mine does not, so you may not even need to walk over to the bank.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.