Encryption

FBI Won't (or Can't) Say How It Broke Into Terrorist's IPhone

Agency wants to avoid a review process over passing information back to Apple.

|

iPhone
Credit: magerleagues / photo on flickr

The FBI doesn't know how the third party tech folks it hired to break into San Bernardino terrorist Syed Farook's iPhone succeeded. Therefore, it says it can't inform Apple how it was done to alert them of a security risk potentially affecting its customers. Or so the FBI says.

That's the breaking news from the Wall Street Journal this afternoon. There was a big question mark as to whether, as is typical policy, the federal government would inform a company about a security risk in its software. Apple, we all know, resisted the FBI's efforts to try to force it to develop code to assist officials in breaking its own security. Right before a planned court confrontation, the FBI withdrew its demands because it found another company (an unidentified third party) who was able to figure out how to bypass the phone's security (at significant expense).

Sources told the Wall Street Journal that it will tell the White House that it doesn't know how the tool used to break into the iPhone worked—that it "knows so little" that there's no point in even having a review process to determine whether the information should be passed along to Apple.

As a result, this means that American customers who have phones models similar to Farook's have a security vulnerability that might not be fixable, unless Apple is informed or figures it out on its own (one suspects they're probably working on it).

Should we actually believe the FBI when they say they don't know how the tool works? It's easy to be skeptical of their honesty given how pettily the Department of Justice responded to Apple's attempts to defend itself in court, dismissing the company's very real need to protect the security of its customers as a "marketing" concern. But a post by Susan Landau at the Lawfare blog suggests that they may well be telling the truth, and that itself is a cause for concern. The FBI is trying to terrify us all about the threat of terrorists and child predators "going dark," but it doesn't seem to be making budget recommendations that reflect this fear:

The FBI is going dark, but the cause is not encryption; it is the Bureau's approach to investigations involving encryption and other types of anonymizing tools. Consider the FBI's 2017 budget request. It includes a requested increase of $38.3 million and 0 positions for "challenges related to encryption, mobility, anonymization, and more"; current services are at "39 positions (11 agents) and $31 million." This explains the FBI's problem. Despite six years of publicly pressing for laws to control encryption's deployment, the FBI staffing is at a remarkably low level, one that fits the attack profile of quite a few years ago, not the present time. By contrast, the 2017 request for additional physical surveillance capabilities is for $8.2 million and 36 positions (18 agents); this request is on top of the current 1770 positions (549 agents) and $297.8 million budget.

(The 2017 FBI budget request also includes a separate cyber component with 1,753 positions (897 agents)  along with a current budget of $541.4 million, and a 2017 request of $85.1 million and 0 positions. While the cyber component interacts with the Going Dark program and small amounts of funds are fungible, the cyber effort does not substitute for the missing Going Dark capabilities.)

If that's how the FBI is prioritizing spending, then no wonder they are so hot to draft tech companies to do the work for them.

Read more here.

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

34 responses to “FBI Won't (or Can't) Say How It Broke Into Terrorist's IPhone

  1. Plausible Deniability.

    “I can’t not know, and I can’t not can’t not know.”

  2. So this is a big FY to Apple. What’s that expression… there’s no fighting city hall?

  3. We’re supposed to believe the FBI just handed the phone over to Haxx0rs Inc, closed their eyes, and said “have at it”? Uh huh.

  4. This does not strike me as FBI SOP because any evidence gleaned from the phone is now inadmissible.

    1. Inadmissible, but not inoperative. Their entire argument boiled down to “we need the info for like safety reasons.”

    2. Not quite. If they just handed the phone over – maybe.

      But there are procedures for maintaining the custody chain of evidence when dealing with third party forensics.

      1. I’m not versed on the procedures. Is there a step that includes “I don’t know what they did to retrieve the evidence”?

  5. assumes they actually did get in

    1. Good point.

      1. remember when MI5 got the Enigma machine and said “in your face Hitler”.

        me neither.

    2. assumes they actually did get in

      Thank you. I’ve been saying this over and over and people look at me like I’m crazy. Well, they do anyway, but, you know.

      I strongly suspect that this was purely a tactical retreat from getting their clock cleaned in court.

      1. Comb your hair once in a while.

        1. I would if I had enough left to comb.

  6. Bull. Shit.

    If they DID actually find something useful on that phone (instead of finding nothing), it would be inadmissible in court because they wouldn’t be able to actually prove the information came from the phone.

    Fuck, how do they even known there’s nothing of use on that phone if they can’t actually verify the hack worked?

    1. Yep. Chain of custody FTW. Not even the fibbies are stupid enough to blow chain of custody on actionable info.

    2. Who is there to prosecute? The suspects are dead.

  7. “Just trust us,” says the FBI, an agency which has never lied to the public.

  8. Should we actually believe the FBI when they say they don’t know how the tool works?

    Technically, yes.

  9. Why can’t Apple just get a friendly judge to issue an All-Writs warrant and force the FBI to hand over the information? Isn’t that how this cybersecurity stuff works in the post-constitutional age? Think of how many innocent lives are at risk if Apple isn’t able to adequately protect the innertubes just because some stubborn bureaucracy holds to some outdated words written on a piece of parchment a hundred years ago! Does the FBI think their rules and procedures are more important than children’s lives?

  10. “By contrast, the 2017 request for additional physical surveillance capabilities is for $8.2 million and 36 positions (18 agents)”. 36 positions = 18 agents, do they each get a non-agent sidekick or something?

  11. I watch too many movies. There’s gotta be a dozen directions this plot could follow… none of them good.

    1. Red pill or blue pill?

  12. It would seem that you have to take the most-cynical-possible POV to even come remotely to the truth in this particular debate.

    Everything the FBI has done up until this point has been orchestrated in an attempt to compel Apple to give them tools they wanted long before the San B. shooting even happened.

    The reason they seem to have pulled back on all fronts from continuing that effort is because 1) their legal case based on ‘all-writs’ is likely to fail miserably and bar any future attempts at using that angle, and 2) its possible that if congress intervenes at this point and tries to write legislation focusing on encryption, that the end result will be law LESS favorable to the FBI, who still has some ability to make-shit-up as they go along in their efforts to gain compliance and cooperation.

  13. The FBI is certainly lying when they say they don’t know how the phone was cracked. Handing over a phone into a “black box”, and getting it back with no idea what might have been done other than cracking it (stuff deleted? stuff inserted/ who knows?) is not only colossally stupid (I know, I know) but contrary to the control freak mentality of the FBI.

    Now, not wanting to publish exactly how it was cracked strikes me as a good idea. Not telling Apple? Not so much.

  14. I’m still betting that they haven’t really broken into the phone. They just didn’t want a potentially negative court precedent OR to be seen as giving up and are just making this up as a way out of the mess.

  15. Should we actually believe the FBI when they say they don’t know how the tool works?

    Sure, why not? This doesn’t seem the stuff of dark conspiracies. They hire the firm, the firm takes the phone, does its crack, and hands the FBI the contents of the file. When the consultants start to say how they did it, the FBI officials say, “before you go any further, we don’t want to know the methodology of how you cracked the iPhone… for legal reasons.”

  16. Does concrete evidence actually exist that they actually did manage to crack the phone other than their saying so? If they found anything useful, they’d be shouting it from the rooftops trying to shame Apple. Their claim reeks of bullshit to me but, at the least, it seems they didn’t find anything of real value.

    1. By the time they got their thumbs out of their asses, whatever was on that phone is likely hopelessly outdated.

      Their attempt to claim that info on phone they had for months was AN EMERGENCY! ALL WRITS! ALL WRITS! would have been more credible the day they got the phone.

  17. At this point, I wouldn’t believe the FBI if they said water was wet.
    If they don’t know how it was done they can’t replicate it (without another seven figure payout, presumably).
    Without chain of custody, no evidence can be used directly, though they could still try using it in (massively unconstitutional) “Parallel Construction”.

  18. I bought brand new white Ferrari byy working ONline work. five month ago i hear from my friend that she is working some online job and making more then $85/hr i can’t beleive. But when i start this job i have to believed her Now i am also making 85$/hr if you want to try. Check Here…….JU011

    ===== http://www.Buzzmax7.com

  19. Thats because Apple told them to say that after they helped them lol. the sheeple have been white washed again.

    http://www.Complete-Privacy.tk

  20. Want to meet a girl? Welcome to http://goo.gl/mxiosK
    the Best adult Dating site!

Please to post comments

Comments are closed.