FBI Officials Were Angry That An iPhone Hack Blocked Them From Getting Court To Force Apple To Break Encryption

from the agency-actually-doesn't-care-much-about-the-public-or-safety dept

As you probably recall, last year the FBI tried to force a court to effectively create a backdoor for encrypted iPhones, using the high profile San Bernardino shootings as the wedge. It seemed quite obvious with how the whole thing played out that the FBI didn't really need to get into Syed Farook's work iPhone, but that it hoped leverage the high profile nature of the case and the "fear, uncertainty and doubt" around a "terrorist" attack to finally get a court to force Apple to do this. A new report reveals that the FBI was very much focused on using this case to force the issue to the point that top officials were angry that a vendor figured out another way into the iPhone, and stopped the court proceedings.

Again: if the real goal (as stated publicly by the FBI at the time) was to find a way into this phone for important reasons, then you'd think the FBI would be excited when they found a way in, rather than pissed that a court wasn't needed to force a backdoor. But that's not what happened.

A recently-released Inspector General's report [PDF] shows the FBI jumped the gun in the San Bernardino case. The FBI insisted it had no other options when it asked a judge to grant its All Writs Act request to compel Apple to break into the shooter's recovered iPhone. But this report shows these claims -- one repeated by the DOJ in its legal filings and by James Comey in testimony to Congress -- weren't actually true.

The ROU [Remote Operations Unit] Chief told us that, at a monthly OTD managers’ meeting on February 11, 2016, the Chief of DFAS (of which CEAU [Cryptographic and Electronics Analysis Unit] is a part but ROU is not), indicated that CEAU was having problems accessing the data on the Farook iPhone and was preparing for court. The ROU Chief, who told the OIG that his unit did not have a technique for accessing the iPhone at the time, said that it was only after this meeting that he started contacting vendors and that ROU “got the word out” that it was looking for a solution. As discussed further below, at that time, he was aware that one of the vendors that he worked closely with was almost 90 percent of the way toward a solution that the vendor had been working on for many months, and he asked the vendor to prioritize completion of the solution.

There was a another option available at the time the DOJ filed its All Writs Request (February 16). It may not have been complete yet, but the FBI had reason to believe it would be soon. Instead of giving this option a shot, the FBI tried to secure a favorable ruling compelling Apple to crack the shooter's iPhone. This wasn't what was presented to the judge in the DOJ's filing.

Comey testified before Congress on February 9th. If there had been better communication between the FBI's Operational Technology Division (OTD) and the Cryptographic and Electronic Analysis Unit (CEAU), Comey may have been apprised of this fact before his first testimonial appearance. Given the national attention being paid to this case, there's no reason Comey should have been out of the operational loop, even at this early date.

But Comey repeated the same claim nearly a month later (March 1st): the FBI could not get into the iPhone without Apple's assistance. (And again three weeks later in an angry letter to the editor published by the Wall Street Journal.) There's no way Comey could not have been aware of these developments, not with the DOJ engaged in a high-profile courtroom battle with Apple over compelled assistance.

The Inspector General finds Comey's claims to be technically true: the breakthrough offered by the still-undisclosed vendor was not passed on to the FBI until March 16th and successfully demonstrated for agents on March 20th. The following day, the US Attorney's Office informed the court of this development and withdrew its All Writs request.

Comey's statements were technically true but not the parts where he insisted the only way to access the iPhone's contents was with Apple's assistance. If he was not being informed of ongoing developments on the tech side, that's inexplicable behavior by FBI entities directly tasked with cracking the shooter's iPhone. Given the high-profile status of this case, it's not just inexplicable. It's literally unbelievable.

But that's not the only concerning aspect of this report. The head of the FBI's Remote Operations Unit (ROU) -- the person who reached out to the vendor about the progress of its iPhone crack -- was never contacted or consulted by the other offices working on the same problem. As the ROU Chief stated, the ROU walled itself off to prevent national security tools from being used in normal criminal cases.

This would seem to be good news -- the FBI drawing internal lines in the sand between natsec and normal criminal investigations -- but it actually isn't. The CEAU head believed no line existed and it could bring tools over from the natsec side any time it wanted to. But that's not the worst of it. The CEAU actually did not want a solution found.

According to the ROU Chief, his only conversation with the CEAU Chief was well after the fact, during which the CEAU Chief “was definitely not happy” that the legal proceeding against Apple could no longer go forward.

This is further backed up by statements made to the IG by FBI Executive Assistant Director (EAD) Amy Hess.

After the outside vendor successfully demonstrated its technique to the FBI in late March, EAD Hess learned of an alleged disagreement between the CEAU and ROU Chiefs over the use of this technique to exploit the Farook iPhone – the ROU Chief wanted to use capabilities available to national security programs, and the CEAU Chief did not. She became concerned that the CEAU Chief did not seem to want to find a technical solution, and that perhaps he knew of a solution but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple. According to EAD Hess, the problem with the Farook iPhone encryption was the “poster child” case for the Going Dark challenge.

This was also admitted by the CEAU Chief in his interview with the Inspector General.

The CEAU Chief told the OIG that, after the outside vendor came forward, he became frustrated that the case against Apple could no longer go forward, and he vented his frustration to the ROU Chief. He acknowledged that during this conversation between the two, he expressed disappointment that the ROU Chief had engaged an outside vendor to assist with the Farook iPhone, asking the ROU Chief, “Why did you do that for?”

The report makes it clear those steering the iPhone-cracking efforts were less interested in an outside vendor cracking the phone than obtaining a precedential decision. In doing so, the DOJ ended up filing false statements as sworn assertions, claiming it had exhausted every option before approaching the court with an All Writs Request. This report may sort of clear Comey and the DOJ, but it exposes something much uglier: FBI officials are not making good faith efforts to find outside solutions to the FBI's supposed "going dark" problem. They'd much rather have favorable court decisions and legislative mandates than work with the tools others are crafting for them. This all but guarantees the number of uncracked phones in the FBI's possession will continue to grow. But they should never be viewed as investigative dead ends. They should be seen for what they are: rhetorical devices.

Update: Sen. Ron Wyden sees the report for what it is. Here's his statement on the matter:

"The FBI's leadership went straight to the nuclear option -- attempting to force Apple to circumvent its encryption -- before attempting to see if their in-house hackers or trusted outside suppliers had the technical capability to break into the San Bernardino terrorist's iPhone," Wyden said. "It's clear now that the FBI was far more interested in using this horrific terrorist attack to establish a powerful legal precedent than they were in promptly gaining access to the terrorist's phone."

Filed Under: all writs act, encryption, fbi, going dark, iphone, syed farook
Companies: apple

FBI Won't Tell Me How Much It Paid To Break Into Syed Farook's iPhone, Saying It Might Jeopardize Its Investigation

from the say-what-now? dept

As you probably recall, several months ago, after going to court to try to force Apple to write some software to allow the FBI to hack into Syed Farook's work iPhone, the DOJ and FBI abruptly called off the case, claiming that it had been able to get an exploit that let it into the phone. A few weeks later, FBI Director James Comey suggested that the government paid over $1.2 million to get that exploit from some "hackers." Some later news reports indicated that the FBI quietly tried to talk down those numbers, and suggested that perhaps Comey was just bad at math (rather than name a number, he said that the FBI had paid "more than I will make in the remainder of this job, which is seven years and four months....").

Either way, I sent a FOIA request into the FBI that day asking for either the invoice or any other documentation showing how much the FBI had paid to get into Farook's work iPhone. The FBI has now rejected my FOIA request, arguing that since this is an "ongoing investigation," responding to such a request might somehow "interfere" with the case. This is complete hogwash, for a variety of reasons. First, Farook is dead. Second, what investigation is there left to do? We know that Farook and his wife shot up Farook's office party and killed a bunch of people. We also know that the FBI was so unconcerned about further investigation that it allowed reporters to ransack Farook's townhouse soon after the shooting. Third, how the hell would revealing the price impact the investigation? The answer is that it will not. There is nothing in saying "it cost us $1 million" or "it cost us $653,000" or whatever, that in any way interferes with whatever investigation remains to be done.

This is nothing more than the FBI doing what the FBI frequently does with FOIA requests. Denying them because the FBI doesn't want to answer.

Filed Under: exploit, fbi, foia, iphone, james comey, syed farook, vulnerability

FBI Allegedly Paid More Than $1 Million To Get Into Encrypted iPhone... And To Avoid Setting Legal Precedent It Didn't Like

from the just-saying dept

On Thursday, FBI Director James Comey suggested that the FBI paid over a million dollars to a group of hackers who helped it get into Syed Farook's encrypted work iPhone. Of course, just as pretty much everyone predicted, the FBI found nothing of value on the iPhone. This was hardly a surprise. It was a case where we already know who did it, and that they were already dead. We also know that they destroyed their two personal iPhones, leaving open the question why anyone would think there was anything valuable on the work iPhone.

Specifically, Comey said that buying the exploit from this group cost the FBI "more than I will make in the remainder of this job, which is seven years and four months, for sure." Comey makes $185,100 per year at his job, implying that buying the exploit cost at least $1.3 million or so.

This has, understandably caused some to ask how it could possibly be worth it to pay so much money for an exploit that everyone must have known was worthless.

It would have been more responsible to give the FBI’s slush fund over to the victims’ families than to pursue such an obvious non-lead.

— Jonathan Zdziarski (@JZdziarski) April 21, 2016

Things that would've better served the American public with $1.3M than Comey's goose chase: Mental health funding.

— Jonathan Zdziarski (@JZdziarski) April 21, 2016

Of course, that is taking a slightly narrow view on things, considering that many people believe, strongly, that the FBI's motive here was really to extricate itself from the legal dispute over the phone that had the very strong potential of ending with a bad precedent for the FBI and the DOJ. When looked at through that lens, $1.3 million or whatever seems like very little money to pay...

Filed Under: doj, fbi, hack, iphone, james comey, precedent, syed farook
Companies: apple

Apparently Hacking Syed Farook's iPhone Accomplished Nothing (Other Than Making Everyone Less Safe)

from the putting-everyone-at-risk dept

This should hardly comes as a surprise but reports are surfacing saying that after hacking into Syed Farook's work iPhone, that was subject to so much attention, the FBI has found absolutely nothing of interest:

Law enforcement source tells @CBSNews so far nothing of real significance has been found on San Bernardino terrorist iPhone unlocked by FBI.

— Charlie Kaye (@CharlieKayeCBS) April 13, 2016

Remember, this was the same iPhone that the DOJ and the FBI said was critical in their investigation. This is the same iPhone that the San Bernardino District Attorney, Michael Ramos, insisted could be hiding evidence of a "dormant cyber pathogen" destined to destroy San Bernardino County's computer network.

And, in the end, it appears that (as everyone expected) there was nothing on it. At all.

This isn't surprising. As the FBI freely admitted all along, Farook and his wife had destroyed their own personal iPhones, and the only remaining one was this one, which was Farook's work phone. If there had been anything that sensitive on it, you'd have figured they would have destroyed it too. And, of course, others had noted that the FBI's choice of words after getting in pretty clearly suggested there was nothing useful on the phone.

But... in the meantime, the FBI has now made it clear that at least certain iPhone models have a massive vulnerability in them that potentially puts millions of iPhone users at risk. And the FBI has shown no interest in telling Apple where this vulnerability exists.

In short, the FBI, who is supposed to keep us safe from crime, broke into an iPhone which helped it solve no crime, but almost certainly has put millions of people at risk for potential criminal attacks in the future. Why does anyone think this is a good result?

Filed Under: encryption, fbi, going dark, iphone, syed farook

DOJ Says That The Crack Of Syed Farook's iPhone Only Applies To That Model Of iPhone

from the that's-not-how-tech-works dept

Update: We've now added to the story that the DOJ is saying that CNN got the quote wrong, and the vulnerability applies to any iPhone 5C, which is more believable, but still raises questions. Original story, with a note appended is below.

So late yesterday the Justice Department told magistrate judge Sheri Pym that it had successfully broken into Syed Farook's work iPhone and therefore no longer needed to continue with the court's order compelling Apple to write a new version of its iOS with security features removed. And then, in talking to the press, the DOJ apparently claimed the method only works for Farook's iPhone:

On Monday, the Department of Justice said the method only works on this particular phone, which is an iPhone 5C running a version of iOS 9 software.

Perhaps the CNN reporter who wrote this really meant "this particular type of phone," in which case the statement would be only marginally more believable, but the idea that it only applies to "this particular phone" makes absolutely no sense, and suggests the DOJ is flat out lying again. The only way in that works with just this phone would be magically finding Farook's passcode (perhaps he left a post-it somewhere?). But if that was the case, the DOJ wouldn't have asked for two weeks to "test" the method (even if they only took one week). Finding the passcode and testing it doesn't take that long. Update: A DOJ spokesperson says that CNN got the quote wrong and that the actual statement was that the crack only applied to iPhone 5C devices.

And if it's any other method, it must have wider applicability to other iPhones. It's possible, if unlikely, that the method in question only works on iPhone 5Cs running iOS 9, but if it's a true vulnerability, it's likely that it impacts much more. It is true that later versions of the hardware include a chip called the Secure Enclave that might get in the way of certain vulnerabilities, but claiming that any such crack is limited to a specific phone is ludicrous.

And, of course, as we mentioned in the original post, if the DOJ really did find a vulnerability and refuses to share it with Apple, then the Justice Department is making us all less safe by refusing to reveal a potential security flaw that may impact tons of people. And then it's also lying about it publicly. Not a good look, but an all too typical one, unfortunately.

Filed Under: crack, doj, fbi, iphone, syed farook, vulnerability
Companies: apple

DOJ To Court: We Got Into The iPhone, So Please Drop Our Demand To Force Apple To Help Us... This Time

from the moving-on dept

So it appears that the mainstage event over the DOJ's ability to force Apple to help it get around the security features of an iPhone is ending with a whimper, rather than a bang. The DOJ has just filed an early status report saying basically that it got into Syed Farook's work iPhone and it no longer needs the court to order Apple to help it comply by writing a modified version of iOS that disables security features.

The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court's Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016.

There's also an associated one line proposed order that magistrate Judge Sheri Pym will almost certainly sign off on shortly.

And thus... the big showdown between the tech industry and the Justice Department goes nowhere. Just a little over a month after the DOJ swore to a court that it had exhausted all possibilities that didn't involve co-opting Apple to hack its own phones, the DOJ is admitting that the FBI has found a way in. Still, this was just one fight in a war that is still ongoing. It seems fairly clear that the DOJ and FBI expected their side of things to get a lot more support, which is why they chose the Syed Farook case to make a big public stand, rather than one of the many other cases where similar issues are at stake.

However, the overall issue is not over. There are still plenty of questions: What method did the DOJ use to get into Farook's iPhone? And what will happen in the other cases involving iPhones or involving other companies such as Whatsapp? And what will happen as Apple and other companies increasingly strengthen their encryption and security, making it more and more difficult for the FBI to get in?

In short, this is far from over. However, in the short term, the DOJ has learned that it isn't easy to win over public opinion on this issue, which suggests that future battles may play out under the cover of a bit more darkness, as the DOJ seeks to seal various filings and orders off from the public. My guess is that perhaps the next big fight will be in revealing what kinds of orders come through under the cover of darkness.

Filed Under: all writs act, doj, encryption, fbi, going dark, iphone, syed farook
Companies: apple

DOJ To Court: Hey, Can We Postpone Tomorrow's Hearing? We Want To See If We Can Use This New Hole To Hack In

from the oh-really-now? dept

So, this morning we wrote about a new flaw found in the encryption in Apple's iMessage system -- though it was noted that this wouldn't really have impacted what the FBI was trying to do to get into Syed Farook's work iPhone. However, just a little while ago, the Justice Department asked the court to delay the big hearing planned for tomorrow afternoon, because of this newly disclosed vulnerability:

Since the attacks in San Bernardino on December 2, 2015, the Federal Bureau of Investigation (“FBI”) has continued to pursue all avenues available to discover all relevant evidence related to the attacks.

Specifically, since recovering Farook’s iPhone on December 3, 2015, the FBI has continued to research methods to gain access to the data stored on it. The FBI did not cease its efforts after this litigation began. As the FBI continued to conduct its own research, and as a result of the worldwide publicity and attention on this case, others outside the U.S. government have continued to contact the U.S. government offering avenues of possible research.

On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone. Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. (“Apple”) set forth in the All Writs Act Order in this case.

Accordingly, to provide time for testing the method, the government hereby requests that the hearing set for March 22, 2016 be vacated. The government proposes filing a status report with the Court by April 5, 2016.

This could mean a variety of different things... including that the DOJ is looking for a way "out" of this case without setting the precedent it doesn't want, after discovering that the case and public opinion didn't seem to be going the way the DOJ had hoped it was going to go when it first brought it last month. Either way, there's never a dull moment in this case...

Update: And the judge has accepted the request, meaning the hearing is off. The DOJ put out a statement trying to spin this as being about how they're just really interested in getting into this one phone and not about setting a precedent:

Our top priority has always been gaining access into the phone used by the terrorist in San Bernardino. With this goal in mind, the FBI has continued in its efforts to gain access to the phone without Apple's assistance, even during a month-long period of litigation with the company. As a result of these efforts, an outside party demonstrated to the FBI this past weekend a possible method for unlocking the phone. We must first test this method to ensure that it doesn't destroy the data on the phone, but we remain cautiously optimistic. That is why we asked the court to give us some time to explore this option. If this solution works, it will allow us to search the phone and continue our investigation into the terrorist attack that killed 14 people and wounded 22 people.

Of course, that statement is more misleading bullshit from the DOJ. It's pretty clear that the DOJ is just trying to get out of this case as it's realized that the original plan completely backfired, and they were likely to lose.

Update 2: Okay, the court has officially posted its decision to grant the DOJ's request. You can see it below as well.

Filed Under: all writs act, court, doj, encryption, fbi, going dark, hacking, syed farook, vulnerability
Companies: apple

Apple's Response To DOJ: Your Filing Is Full Of Blatantly Misleading Claims And Outright Falsehoods

from the no-love-lost dept

As expected, Apple has now responded to the DOJ in the case about whether or not it can be forced to write code to break its own security features to help the FBI access the encrypted work iPhone of Syed Farook, one of the San Bernardino attackers. As we noted, the DOJ's filing was chock-full of blatantly misleading claims, and Apple was flabbergasted by just how ridiculous that filing was. That comes through in this response.

The government attempts to rewrite history by portraying the Act as an all-powerful magic wand rather than the limited procedural tool it is. As theorized by the government, the Act can authorize any and all relief except in two situations: (1) where Congress enacts a specific statute prohibiting the precise action (i.e., says a court may not “order a smartphone manufacturer to remove barriers to accessing stored data on a particular smartphone,” ... or (2) where the government seeks to “arbitrarily dragoon[]” or “forcibly deputize[]” “random citizens” off the street.... Thus, according to the government, short of kidnapping or breaking an express law, the courts can order private parties to do virtually anything the Justice Department and FBI can dream up. The Founders would be appalled.

The Founders would be appalled. That's quite a statement.

Apple also slams the DOJ for insisting that this really is all about the one iPhone and that the court should ignore the wider precedent, citing FBI Director James Comey's own statements:

It has become crystal clear that this case is not about a “modest” order and a “single iPhone,” Opp. 1, as the FBI Director himself admitted when testifying before Congress two weeks ago. Ex. EE at 35 [FBI Director James Comey, Encryption Hr’g] (“[T]he broader question we’re talking about here goes far beyond phones or far beyond any case. This collision between public safety and privacy—the courts cannot resolve that.”). Instead, this case hinges on a contentious policy issue about how society should weigh what law enforcement officials want against the widespread repercussions and serious risks their demands would create. “Democracies resolve such tensions through robust debate” among the people and their elected representatives, Dkt. 16-8 [Comey, Going Dark], not through an unprecedented All Writs Act proceeding.

Apple then, repeatedly, points out where the DOJ selectively quoted, misquoted or misleadingly quoted arguments in its favor. For example:

The government misquotes Bank of the United States v. Halstead,..., for the proposition that “‘[t]he operation of [the Act]’” should not be limited “‘to that which it would have had in the year 1789.’” ... (misquoting Halstead, 23 U.S. (10 Wheat.) at 62) (alterations are the government’s). But what the Court actually said was that the “operation of an execution”—the ancient common law writ of “venditioni exponas”—is not limited to that “which it would have had in the year 1789.” ... see also... (“That executions are among the writs hereby authorized to be issued, cannot admit of a doubt . . . .”). The narrow holding of Halstead was that the Act (and the Process Act of 1792) allowed courts “to alter the form of the process of execution.” ... (courts are not limited to the form of the writ of execution “in use in the Supreme Courts of the several States in the year 1789”). The limited “power given to the Courts over their process is no more than authorizing them to regulate and direct the conduct of the Marshal, in the execution of the process.”

The authority to alter the process by which courts issue traditional common law writs is not authority to invent entirely new writs with no common law analog. But that is precisely what the government is asking this Court to do: The Order requiring Apple to create software so that the FBI can hack into the iPhone has no common law analog.

The filing then goes step by step in pointing out how the government is wrong about almost everything. The DOJ, for example, kept insisting that CALEA doesn't apply at all to Apple, but Apple points out that the DOJ just seems to be totally misreading the law:

Contrary to the government’s assertion that its request merely “brush[es] up against similar issues” to CALEA..., CALEA, in fact, has three critical limitations—two of which the government ignores entirely—that preclude the relief the government seeks.... First, CALEA prohibits law enforcement agencies from requiring “electronic communication service” providers to adopt “any specific design of equipment, facilities, services, features, or system configurations . . . .” The term “electronic communication service” provider is broadly defined to encompass Apple. ... (“any service which provides to users thereof the ability to send or receive wire or electronic communications”). Apple is an “electronic communication services” provider for purposes of the very services at issue here because Apple’s software allows users to “send or receive . . . communications” between iPhones through features such as iMessage and Mail....

The government acknowledges that FaceTime and iMessage are electronic communication services, but asserts that this fact is irrelevant because “the Court’s order does not bear at all upon the operation of those programs.” ... Not so. The passcode Apple is being asked to circumvent is a feature of the same Apple iOS that runs FaceTime, iMessage, and Mail, because an integral part of providing those services is enabling the phone’s owner to password-protect the private information contained within those communications. More importantly, the very communications to which law enforcement seeks access are the iMessage communications stored on the phone.... And, only a few pages after asserting that “the Court’s order does not bear at all upon the operation of” FaceTime and iMessage for purposes of the CALEA analysis..., the government spends several pages seeking to justify the Court’s order based on those very same programs, arguing that they render Apple “intimately close” to the crime for purposes of the New York Telephone analysis.

Second, the government does not dispute, or even discuss, that CALEA excludes “information services” providers from the scope of its mandatory assistance provisions.... Apple is indisputably an information services provider given the features of iOS, including Facetime, iMessage, and Mail....

Finally, CALEA makes clear that even telecommunications carriers (a category of providers subject to more intrusive requirements under CALEA, but which Apple is not) cannot be required to “ensure the government’s ability” to decrypt or to create decryption programs the company does not already “possess.”... If companies subject to CALEA’s obligations cannot be required to bear this burden, Congress surely did not intend to allow parties specifically exempted by CALEA (such as Apple) to be subjected to it. The government fails to address this truism.

Next, Apple rebuts the DOJ saying that since CALEA doesn't address this specific situation, that means Congress is just leaving it up to the courts to use the All Writs Act. As Apple points out, in some cases, Congress not doing something doesn't mean it rejected certain positions, but in this case, the legislative history is quite clear that Congress did not intend for companies to be forced to help in this manner.

Here, Congress chose to require limited third-party assistance in certain statutes designed to aid law enforcement in gathering electronic evidence (although none as expansive as what the government seeks here), but it has declined to include similar provisions in other statutes, despite vigorous lobbying by law enforcement and notwithstanding its “prolonged and acute awareness of so important an issue” as the one presented here.... Accordingly, the lack of statutory authorization in CALEA or any of the complementary statutes in the “comprehensive federal scheme” of surveillance and telecommunications law speaks volumes.... To that end, Congress chose to “greatly narrow[]” the “scope of [CALEA],” which ran contrary to the FBI’s interests but was “important from a privacy standpoint.” ... Indeed, CALEA’s provisions were drafted to “limit[] the scope of [industry’s] assistance requirements in several important ways.”....

That the Executive Branch recently abandoned plans to seek legislation expanding CALEA’s reach... provides renewed confirmation that Congress has not acceded to the FBI’s wishes, and belies the government’s view that it has possessed such authority under the All Writs Act since 1789.

In fact, in a footnote, Apple goes even further in not just blasting the DOJ's suggestion that Congress didn't really consider a legislative proposal to update CALEA to suck in requirements for internet communications companies, but also highlighting the infamous quote from top intelligence community lawyer Robert Litt about how they'd just wait for the next terrorist attack and get the law passed in their favor at that point.

The government’s attempts to minimize CALEA II, saying its plans consisted of “mere[] vague discussions” that never developed into a formal legislative submission ..., but federal officials familiar with that failed lobbying effort confirmed that the FBI had in fact developed a “draft proposal” containing a web of detailed provisions, including specific fines and compliance timelines, and had floated that proposal with the White House..... As The Washington Post reported, advocates of the proposal within the government dropped the effort, because they determined they could not get what they wanted from Congress at that time: “Although ‘the legislative environment is very hostile today,’ the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August [2015] e-mail, which was obtained by The Post, ‘it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.’ There is value, he said, in ‘keeping our options open for such a situation.’”

Next Apple goes through the arguments for saying that, even if the All Writs Act does apply, and even if the court accepts the DOJ's made up three factor test, Apple should still prevail. It notes, again, that it is "far removed" from the issue and reminds the court that the order sought here is very different from past cases where Apple has cooperated:

The government argues that “courts have already issued AWA orders” requiring manufacturers to “unlock” phones ... but those cases involved orders requiring “unlocking” assistance to provide access through existing means, not the extraordinary remedy sought here, i.e., an order that requires creating new software to undermine the phones’ (or in the Blake case, the iPad’s) security safeguards.

It also mocks that weird argument from the DOJ that said because Apple "licenses" rather than "sells" its software, that means Apple is more closely tied to the case:

The government discusses Apple’s software licensing and data policies at length, equating Apple to a feudal lord demanding fealty from its customers (“suzerainty”). ... But the government does not cite any authority, and none exists, suggesting that the design features and software that exist on every iPhone somehow link Apple to the subject phone and the crime. Likewise, the government has cited no case holding that a license to use a product constituted a sufficient connection under New York Telephone. Indeed, under the government’s theory, any ongoing postpurchase connection between a manufacturer or service provider and a consumer suffices to connect the two in perpetuity—even where, as here, the data on the iPhone is inaccessible to Apple.

From there, Apple dives in on the question of how much of a "burden" this would be. This is the issue that Judge Pym has indicated she's most interested in, and Apple goes deep here -- again and again focusing on how the DOJ was blatantly misleading in its motion:

Forcing Apple to create new software that degrades its security features is unprecedented and unlike any burden ever imposed under the All Writs Act. The government’s assertion that the phone companies in Mountain Bell and In re Application of the U.S. for an Order Authorizing the Installation of a Pen Register or Touch-Tone Decoder and a Terminating Trap ..., were conscripted to “write” code, akin to the request here... mischaracterizes the actual assistance required in those cases. The government seizes on the word “programmed” in those cases and superficially equates it to the process of creating new software..... But the “programming” in those cases—back in 1979 and 1980—consisted of a “technician” using a “teletypewriter” in Mountain Bell ..., and “t[ook] less than one minute” in Penn Bell... Indeed, in Mountain Bell, the government itself stated that the only burden imposed “was a large number of print-outs on the teletype machine”—not creating new code..... More importantly, the phone companies already had and themselves used the tracing capabilities the government wanted to access.... And although relying heavily on Mountain Bell, the government neglects to point out the court’s explicit warning that “[t]his holding is a narrow one, and our decision today should not be read to authorize the wholesale imposition upon private, third parties of duties pursuant to search warrants.” ...This case stands light years from Mountain Bell. The government seeks to commandeer Apple to design, create, test, and validate a new operating system that does not exist, and that Apple believes—with overwhelming support from the technology community and security experts—is too dangerous to create.

Seeking to belittle this widely accepted policy position, the government grossly mischaracterizes Apple’s objection to the requested Order as a concern that “compliance will tarnish its brand”..., a mischaracterization that both the FBI Director and the courts have flatly rejected. [See Comey] (“I don’t question [Apple’s] motive”);... (disagreeing “with the government’s contention that Apple’s objection [to being compelled to decrypt an iPhone] is not ‘conscientious’ but merely a matter of ‘its concern with public relations’”). As Apple explained in its Motion, Apple prioritizes the security and privacy of its users, and that priority is reflected in Apple’s increasingly secure operating systems, in which Apple has chosen not to create a back door.

Apple also calls out the DOJ's technical ignorance.

The government’s assertion that “there is no reason to think that the code Apple writes in compliance with the Order will ever leave Apple’s possession” ... simply shows the government misunderstands the technology and the nature of the cyber-threat landscape. As Apple engineer Erik Neuenschwander states:

I believe that Apple’s iOS platform is the most-attacked software platform in existence. Each time Apple closes one vulnerability, attackers work to find another. This is a constant and never-ending battle. Mr. Perino’s description of third-party efforts to circumvent Apple’s security demonstrates this point. And the protections that the government now asks Apple to compromise are the most security-critical software component of the iPhone—any vulnerability or back door, whether introduced intentionally or unintentionally, can represent a risk to all users of Apple devices simultaneously.

... The government is also mistaken in claiming that the crippled iOS it wants Apple to build can only be used on one iPhone:

Mr. Perino’s characterization of Apple’s process . . . is inaccurate. Apple does not create hundreds of millions of operating systems each tailored to an individual device. Each time Apple releases a new operating system, that operating system is the same for every device of a given model. The operating system then gets a personalized signature specific to each device. This personalization occurs as part of the installation process after the iOS is created.

Once GovtOS is created, personalizing it to a new device becomes a simple process. If Apple were forced to create GovtOS for installation on the device at issue in this case, it would likely take only minutes for Apple, or a malicious actor with sufficient access, to perform the necessary engineering work to install it on another device of the same model.

. . . [T]he initial creation of GovtOS itself creates serious ongoing burdens and risks. This includes the risk that if the ability to install GovtOS got into the wrong hands, it would open a significant new avenue of attack, undermining the security protections that Apple has spent years developing to protect its customers.

And, not surprisingly, Apple angrily attacks the DOJ's bogus misleading use of Apple's transparency report statements about responding to lawaful requests for government information in China, by pointing out how that's quite different than this situation:

Finally, the government attempts to disclaim the obvious international implications of its demand, asserting that any pressure to hand over the same software to foreign agents “flows from [Apple’s] decision to do business in foreign countries . . . .”. Contrary to the government’s misleading statistics ..., which had to do with lawful process and did not compel the creation of software that undermines the security of its users, Apple has never built a back door of any kind into iOS, or otherwise made data stored on the iPhone or in iCloud more technically accessible to any country’s government.... The government is wrong in asserting that Apple made “special accommodations” for China, as Apple uses the same security protocols everywhere in the world and follows the same standards for responding to law enforcement requests.

Apple also points out that the FBI appears to be contradicting itself as well:

Moreover, while they now argue that the FBI’s changing of the iCloud passcode—which ended any hope of backing up the phone’s data and accessing it via iCloud—“was the reasoned decision of experienced FBI agents”, the FBI Director himself admitted to Congress under oath that the decision was a “mistake”.... The Justice Department’s shifting, contradictory positions on this issue—first blaming the passcode change on the County, then admitting that the FBI told the County to change the passcode after the County objected to being blamed for doing so, and now trying to justify the decision in the face of Director Comey’s admission that it was a mistake—discredits any notion that the government properly exhausted all viable investigative alternatives before seeking this extraordinary order from this Court.

On the Constitutional questions, again Apple points out that the DOJ doesn't appear to understand what it's talking about:

The government begins its First Amendment analysis by suggesting that “[t]here is reason to doubt that functional programming is even entitled to traditional speech protections” ... , evincing its confusion over the technology it demands Apple create. Even assuming there is such a thing as purely functional code, creating the type of software demanded here, an operating system that has never existed before, would necessarily involve precisely the kind of expression of ideas and concepts protected by the First Amendment. Because writing code requires a choice of (1) language, (2) audience, and (3) syntax and vocabulary, as well as the creation of (4) data structures, (5) algorithms to manipulate and transform data, (6) detailed textual descriptions explaining what code is doing, and (7) methods of communicating information to the user, “[t]here are a number of ways to write code to accomplish a given task.”... As such, code falls squarely within the First Amendment’s protection, as even the cases cited by the government acknowledge...

Later it points out that the DOJ's claim that since Apple can write such code however it wants it's not compelled speech, Apple points out that their argument says the exact opposite:

The government attempts to evade this unavoidable conclusion by insisting that, “[t]o the extent [that] Apple’s software includes expressive elements . . . the Order permits Apple to express whatever it wants, so long as the software functions” by allowing it to hack into iPhones.... This serves only to illuminate the broader speech implications of the government’s request. The code that the government is asking the Court to force Apple to write contains an extra layer of expression unique to this case. When Apple designed iOS 8, it consciously took a position on an issue of public importance.... The government disagrees with Apple’s position and asks this Court to compel Apple to write new code that reflects its own viewpoint—a viewpoint that is deeply offensive to Apple.

The filing is basically Apple, over and over again, saying, "uh, what the DOJ said was wrong, clueless, technically ignorant, or purposely misleading." Hell, they even attack the DOJ's claim that the All Writs Act was used back in 1807 to force Aaron Burr's secretary to decrypt one of Burr's cipher-protected letters. Apple points out that the DOJ is lying.

The government contends that Chief Justice Marshall once ordered a third party to “provide decryption services” to the government.... He did nothing of the sort, and the All Writs Act was not even at issue in Burr. In that case, Aaron Burr’s secretary declined to state whether he “understood” the contents of a certain letter written in cipher, on the ground that he might incriminate himself.... The Court held that the clerk’s answer as to whether he understood the cipher could not incriminate him, and the Court thus held that “the witness may answer the question now propounded”—i.e., whether he understood the letter.... The Court did not require the clerk to decipher the letter.

If anything, to be honest, I'm surprised that Apple didn't go even harder on the DOJ for misrepresenting things. Either way, Apple is pretty clearly highlighting just how desperate the DOJ seems in this case.

Filed Under: all writs act, doj, encryption, fbi, going dark, syed farook
Companies: apple

We Read Apple's 65 Page Filing Calling Bullshit On The Justice Department, So You Don't Have To

from the and-off-we-go dept

Apple didn't need to reply until tomorrow, but has now released its Motion to Vacate the magistrate judge's order from last week, compelling Apple to create a new operating system that undermines a couple of key security features, so that the FBI could then brute force the passcode on Syed Farook's work iPhone. It's clearly a bit of a rush job as there are a few typos (and things like incorrect page numbers in the table of contents). However, it's not too surprising to see the crux of Apple's argument. In summary it's:

• The 1789 All Writs Act doesn't apply at all to this situation for a whole long list of reasons that most of this filing will explain.
• Even if it does, the order is an unconstitutional violation of the First Amendment (freedom of expression) and the Fifth Amendment (due process).

I really do recommend reading the 65 page filing (it goes fast!). But on the assumption that you have more of a life than we do, let's dig in and detail what Apple's argument is. The brief is quite well written (other than the typos) in making the issues pretty clear:

This is not a case about one isolated iPhone. Rather, this case is about the Department of Justice and the FBI seeking through the courts a dangerous power that Congress and the American people have withheld: the ability to force companies like Apple to undermine the basic security and privacy interests of hundreds of millions of individuals around the globe. The government demands that Apple create a back door to defeat the encryption on the iPhone, making its users’ most confidential and personal information vulnerable to hackers, identity thieves, hostile foreign agents, and unwarranted government surveillance. The All Writs Act, first enacted in 1789 and on which the government bases its entire case, “does not give the district court a roving commission” to conscript and commandeer Apple in this manner. Plum Creek Lumber Co. v. Hutton, 608 F.2d 1283, 1289 (9th Cir. 1979). In fact, no court has ever authorized what the government now seeks, no law supports such unlimited and sweeping use of the judicial process, and the Constitution forbids it.

The motion also notes the importance of strong encryption in keeping people safe and secure:

Since the dawn of the computer age, there have been malicious people dedicated to breaching security and stealing stored personal information. Indeed, the government itself falls victim to hackers, cyber-criminals, and foreign agents on a regular basis, most famously when foreign hackers breached Office of Personnel Management databases and gained access to personnel records, affecting over 22 million current and former federal workers and family members. In the face of this daily siege, Apple is dedicated to enhancing the security of its devices, so that when customers use an iPhone, they can feel confident that their most private personal information—financial records and credit card information, health information, location data, calendars, personal and political beliefs, family photographs, information about their children—will be safe and secure. To this end, Apple uses encryption to protect its customers from cyber-attack and works hard to improve security with every software release because the threats are becoming more frequent and sophisticated. Beginning with iOS 8, Apple added additional security features that incorporate the passcode into the encryption system. It is these protections that the government now seeks to roll back by judicial decree.

And the filing makes it clear that the government is lying in claiming that this is all just about this phone:

The government says: “Just this once” and “Just this phone.” But the government knows those statements are not true; indeed the government has filed multiple other applications for similar orders, some of which are pending in other courts.2 And as news of this Court’s order broke last week, state and local officials publicly declared their intent to use the proposed operating system to open hundreds of other seized devices—in cases having nothing to do with terrorism. If this order is permitted to stand, it will only be a matter of days before some other prosecutor, in some other important case, before some other judge, seeks a similar order using this case as precedent. Once the floodgates open, they cannot be closed, and the device security that Apple has worked so tirelessly to achieve will be unwound without so much as a congressional vote. As Tim Cook, Apple’s CEO, recently noted: “Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks—from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”

There's a footnote in the middle of that which points to Manhattan DA Cyrus Vance already talking about why he supports the FBI, and how he has 155 to 160 phones that he wants to force Apple to help unlock.

Apple also details how accepting the government's interpretation of the All Writs Act here could easily extend in absolutely crazy ways:

Finally, given the government’s boundless interpretation of the All Writs Act, it is hard to conceive of any limits on the orders the government could obtain in the future. For example, if Apple can be forced to write code in this case to bypass security features and create new accessibility, what is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone’s user? Nothing.

Apple also doesn't pull any punches on how the FBI itself messed things up:

Unfortunately, the FBI, without consulting Apple or reviewing its public guidance regarding iOS, changed the iCloud password associated with one of the attacker’s accounts, foreclosing the possibility of the phone initiating an automatic iCloud back-up of its data to a known Wi-Fi network... which could have obviated the need to unlock the phone and thus for the extraordinary order the government now seeks.21 Had the FBI consulted Apple first, this litigation may not have been necessary.

Apple's filing also does a good job debunking the DOJ's ridiculous "this is no burden, because it's just software and Apple writes software" argument:

The compromised operating system that the government demands would require significant resources and effort to develop. Although it is difficult to estimate, because it has never been done before, the design, creation, validation, and deployment of the software likely would necessitate six to ten Apple engineers and employees dedicating a very substantial portion of their time for a minimum of two weeks, and likely as many as four weeks.... Members of the team would include engineers from Apple’s core operating system group, a quality assurance engineer, a project manager, and either a document writer or a tool writer.... No operating system currently exists that can accomplish what the government wants, and any effort to create one will require that Apple write new code, not just disable existing code functionality.... Rather, Apple will need to design and implement untested functionality in order to allow the capability to enter passcodes into the device electronically in the manner that the government describes.... In addition, Apple would need to either develop and prepare detailed documentation for the above protocol to enable the FBI to build a brute-force tool that is able to interface with the device to input passcode attempts, or design, develop and prepare documentation for such a tool itself.... Further, if the tool is utilized remotely (rather than at a secure Apple facility), Apple will also have to develop procedures to encrypt, validate, and input into the device communications from the FBI.... This entire development process would need to be logged and recorded in case Apple’s methodology is ever questioned, for example in court by a defense lawyer for anyone charged in relation to the crime....

Once created, the operating system would need to go through Apple’s quality assurance and security testing process.... Apple’s software ecosystem is incredibly complicated, and changing one feature of an operating system often has ancillary or unanticipated consequences.... Thus, quality assurance and security testing would require that the new operating system be tested on multiple devices and validated before being deployed.... Apple would have to undertake additional testing efforts to confirm and validate that running this newly developed operating system to bypass the device’s security features will not inadvertently destroy or alter any user data.... To the extent problems are identified (which is almost always the case), solutions would need to be developed and re-coded, and testing would begin anew.... As with the development process, the entire quality assurance and security testing process would need to be logged, recorded, and preserved.... Once the new custom operating system is created and validated, it would need to be deployed on to the subject device, which would need to be done at an Apple facility.... And if the new operating system has to be destroyed and recreated each time a new order is issued, the burden will multiply.

From there we dig into the meat of the filing: that the All Writs Act doesn't apply.

The All Writs Act (or the “Act”) does not provide the judiciary with the boundless and unbridled power the government asks this Court to exercise. The Act is intended to enable the federal courts to fill in gaps in the law so they can exercise the authority they already possess by virtue of the express powers granted to them by the Constitution and Congress; it does not grant the courts free-wheeling authority to change the substantive law, resolve policy disputes, or exercise new powers that Congress has not afforded them. Accordingly, the Ninth Circuit has squarely rejected the notion that “the district court has such wide-ranging inherent powers that it can impose a duty on a private party when Congress has failed to impose one. To so rule would be to usurp the legislative function and to improperly extend the limited federal court jurisdiction.”

Congress has never authorized judges to compel innocent third parties to provide decryption services to the FBI. Indeed, Congress has expressly withheld that authority in other contexts, and this issue is currently the subject of a raging national policy debate among members of Congress, the President, the FBI Director, and state and local prosecutors. Moreover, federal courts themselves have never recognized an inherent authority to order non-parties to become de facto government agents in ongoing criminal investigations. Because the Order is not grounded in any duly enacted rule or statute, and goes well beyond the very limited powers afforded by Article III of the Constitution and the All Writs Act, it must be vacated.

In short, Apple is leaning heavily on the idea that CALEA pre-empts the All Writs Act here, and that CALEA explicitly says that companies can't be forced into helping to decrypt encrypted content. Beyond that, Apple is claiming that it's "too far removed" from the case for the All Writs Act to apply and mocks the idea (put forth by the DOJ) that because Apple licenses its software instead of selling it, that makes it okay:

Apple is no more connected to this phone than General Motors is to a company car used by a fraudster on his daily commute. Moreover, that Apple’s software is “licensed, not sold,”..., is “a total red herring,” as Judge Orenstein already concluded.... A licensing agreement no more connects Apple to the underlying events than a sale. The license does not permit Apple to invade or control the private data of its customers. It merely limits customers’ use and redistribution of Apple’s software. Indeed, the government’s position has no limits and, if accepted, would eviscerate the “remoteness” factor entirely, as any company that offers products or services to consumers could be conscripted to assist with an investigation, no matter how attenuated their connection to the criminal activity. This is not, and never has been, the law.

From there, Apple attacks the argument that there is no undue burden on Apple if it's forced to build this system, which Apple calls GovtOS. It starts out by noting that the idea that Apple can just create the software for this one phone and delete it appears nonsensical when put in context:

Moreover, the government’s flawed suggestion to delete the program and erase every trace of the activity would not lessen the burden, it would actually increase it since there are hundreds of demands to create and utilize the software waiting in the wings..... If Apple creates new software to open a back door, other federal and state prosecutors—and other governments and agencies—will repeatedly seek orders compelling Apple to use the software to open the back door for tens of thousands of iPhones. Indeed, Manhattan District Attorney Cyrus Vance, Jr., has made clear that the federal and state governments want access to every phone in a criminal investigation.... [Charlie Rose, Television Interview of Cyrus Vance (Feb. 18, 2016)] (Vance stating “absolutely” that he “want[s] access to all those phones that [he thinks] are crucial in a criminal proceeding”). This enormously intrusive burden—building everything up and tearing it down for each demand by law enforcement—lacks any support in the cases relied on by the government, nor do such cases exist.

The alternative—keeping and maintaining the compromised operating system and everything related to it—imposes a different but no less significant burden, i.e., forcing Apple to take on the task of unfailingly securing against disclosure or misappropriation the development and testing environments, equipment, codebase, documentation, and any other materials relating to the compromised operating system.... Given the millions of iPhones in use and the value of the data on them, criminals, terrorists, and hackers will no doubt view the code as a major prize and can be expected to go to considerable lengths to steal it, risking the security, safety, and privacy of customers whose lives are chronicled on their phones. Indeed, as the Supreme Court has recognized, “[t]he term ‘cell phone’ is itself misleading shorthand; . . . these devices are in fact minicomputers” that “could just as easily be called cameras, video players, rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps, or newspapers.”...By forcing Apple to write code to compromise its encryption defenses, the Order would impose substantial burdens not just on Apple, but on the public at large. And in the meantime, nimble and technologically savvy criminals will continue to use other encryption technologies, while the law-abiding public endures these threats to their security and personal liberties—an especially perverse form of unilateral disarmament in the war on terror and crime.

That last point is key. Criminals will still use other forms of encryption, while forcing Apple to do this harms everyone else by putting them more at risk.

Here Apple goes even deeper in questioning what are the limits to the All Writs Act:

For example, under the same legal theories advocated by the government here, the government could argue that it should be permitted to force citizens to do all manner of things “necessary” to assist it in enforcing the laws, like compelling a pharmaceutical company against its will to produce drugs needed to carry out a lethal injection in furtherance of a lawfully issued death warrant, or requiring a journalist to plant a false story in order to help lure out a fugitive, or forcing a software company to insert malicious code in its autoupdate process that makes it easier for the government to conduct court-ordered surveillance.

Next, Apple calls bullshit on the DOJ's claim that it absolutely needs Apple's help here. First, the FBI messed things up with the whole resetting iCloud password thing, and then what about the NSA? Why can't the NSA just hack in? That's what the following is saying in a more legalistic way:

... the government has failed to demonstrate that the requested order was absolutely necessary to effectuate the search warrant, including that it exhausted all other avenues for recovering information. Indeed, the FBI foreclosed one such avenue when, without consulting Apple or reviewing its public guidance regarding iOS, the government changed the iCloud password associated with an attacker’s account, thereby preventing the phone from initiating an automatic iCloud back-up.... Moreover, the government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks. See... (Judge Orenstein asking the government “to make a representation for purposes of the All Writs Act” as to whether the “entire Government,” including the “intelligence community,” did or did not have the capability to decrypt an iPhone, and the government responding that “federal prosecutors don’t have an obligation to consult the intelligence community in order to investigate crime”).

From there, we move onto the Constitutional arguments, which the court might not even address if it decides the All Writs Act doesn't apply. But, here, Apple starts with the First Amendment concerns of "compelled" speech.

Under well-settled law, computer code is treated as speech within the meaning of the First Amendment.... The Supreme Court has made clear that where, as here, the government seeks to compel speech, such action triggers First Amendment protections..... Compelled speech is a content-based restriction subject to exacting scrutiny... and so may only be upheld if it is narrowly tailored to obtain a compelling state interest....

The government cannot meet this standard here. Apple does not question the government’s legitimate and worthy interest in investigating and prosecuting terrorists, but here the government has produced nothing more than speculation that this iPhone might contain potentially relevant information... It is well known that terrorists and other criminals use highly sophisticated encryption techniques and readily available software applications, making it likely that any information on the phone lies behind several other layers of non-Apple encryption....

This argument feels a bit weakly supported. Then there's the Fifth Amendment argument, concerning due process:

In addition to violating the First Amendment, the government’s requested order, by conscripting a private party with an extraordinarily attenuated connection to the crime to do the government’s bidding in a way that is statutorily unauthorized, highly burdensome, and contrary to the party’s core principles, violates Apple’s substantive due process right to be free from “‘arbitrary deprivation of [its] liberty by government.’”

Again, this feels a bit weakly developed, but not surprisingly so. Apple is betting heavily that its main argument, concerning the All Writs Act not applying, will win the day (which seems to have a strong likelihood of being true). The Constitutional arguments are just being thrown in there so that they're in the case at this stage, and can then be raised on appeal, should it get to that level.

I imagine the DOJ will respond to this before long as well, so stay tuned (we certainly will).

Filed Under: all writs act, backdoors, compelled speech, doj, due process, encryption, fbi, fifth amendment, first amendment, iphone, san bernardino, syed farook
Companies: apple

No, The FBI Does Not 'Need' The Info On Farook's iPhone; This Is Entirely About The Precedent

from the stop-saying-that dept

Over and over again as people keep talking about the Apple / FBI encryption stuff, I keep seeing the same line pop up. It's something along the lines of "but the FBI needs to know what's on that phone, so if Apple can help, why shouldn't it." Let's debunk that myth. The FBI absolutely does not need to know what's on that phone. It might not even care very much about what's on that phone. As the Grugq ably explained last week, there's almost certainly nothing of interest on the phone. As he notes, Farook destroyed his and his wife's personal phones, indicating that if there were anything truly important, he would have destroyed the last phone too. Also:

FBI already has a massive amounts of data, all of which indicates that Farook and Malik were not in contact with a foreign terrorist organisation, nor were they in contact with any other unknown terrorists.

Even if, despite all evidence to the contrary, Farook and Malik were somehow in invisible traceless contact with an ISIS handler, that handler would not have revealed information about other cells, because that would violate the most basic tenet of security — need to know.

Other information, including things like who they were in contact with could be obtained from other sources -- either service providers for metadata or from the phones of those they were in contact with.

There's another post by forensic scientist Jonathan Zdziarski that provides even more reasons why there's almost certainly nothing of use on the phone -- noting that Farook left the "track my phone" feature on, even though it's on the same settings page as turning off the iCloud backup, which the FBI claims he turned off.

But let's get beyond even that. Assume that there actually is something interesting or useful on the phone. That still doesn't mean the FBI "needs" the information. In basically any situation where crime has occurred, there is a ton of information that might be useful, but that is far from mandatory. Hell, in this case alone, there were the destroyed phones. It's much more likely that there would have been useful information on those phones. But no one's talking about how the FBI "needs" that information, because everyone knows the FBI can't get it. And, since much of the planning for this attack must have happened between Farook and Malik in their home, the FBI is never going to know what they said to each other as they sat around the kitchen table, or on the sofa, or in bed. And, again, no one is upset about this information that is "not accessible" because there's always information that's not accessible.

In some cases, it's because it was destroyed. In some cases, it's because it was verbal communications that were never stored anywhere. In some cases, it's because people communicated in a code that only they know. In some cases, it's because information wasn't found. There are dozens of reasons why information that might be useful isn't accessible to the government during criminal investigations.

And you know what: it's not the end of the world.

Hell, in almost every criminal case, there's a ton of missing information. The cases are about taking all the evidence that they do have and making inferences on the rest. And no one whines about that.

So why are so many people insisting that the FBI "needs" the information on this particular phone?

There are a few possible reasons, but none of them are very convincing or compelling. There's just the simple fact that the information is there and, it appears, if Apple is forced to create this special operating system (creatively called FBiOS by some), it will remove the security features that otherwise block the FBI from brute forcing Farook's passcode. Of course, no one seems to be mentioning that if he has a really long passcode, brute forcing it might not work either (perhaps because that's unlikely). But, again, that's another situation under which the information wouldn't actually be available.

Honestly, the only reason that the FBI wants to force Apple to create the special operating system for this particular phone is the precedent that it can go to court and force a company to build special hacking tools to remove security features from customers. That's a big deal. The information on the phone is almost certainly not a big deal at all.

Filed Under: encryption, evidence, fbi, going dark, information, investigations, leads, syed farook
Companies: apple