Remember when the FBI went before a judge to demand that Apple break its own encryption and force access into a terrorist's iPhone? A newly released report from the Justice Department suggests that the bureau may have deliberately avoided alternative solutions in order to go to court and create a precedent.
The case involved a locked work iPhone in the possession of Syed Farook, one of the terrorists responsible for killing 14 people at a San Bernardino Christmas party in 2015. When the FBI asked Apple to help them break into the phone, Apple refused, arguing that doing so would render all their customers vulnerable to intrusion. The bureau eventually gained access with the assistance of a third-party contractor.
Cybersecurity and privacy experts speculated that the FBI was deliberately trying to create a precedent for forcing tech companies to weaken their encryption on demand. An inquiry by the Office of the Inspector General for the Department of Justice should fuel those concerns further.
The purpose of the Justice Department's investigation was to determine whether then–FBI Director James Comey spoke accurately in February 2016, when he testified before Congress that the FBI was unable to unlock Farook's phone. The report concludes that Comey was telling the truth at the time. But it also highlights a fair amount of foot-dragging. (The FBI waited til mid-February before looking for outside assistance in unlocking the phone.) The chief of the cryptographic unit, it concludes, did not want a third-party solution. The chief wanted to use the case to force Apple's compliance:
[Executive Assistant Director Amy Hess] became concerned that the [Cryptographic and Electronic Analysis Unit] Chief did not seem to want to find a technical solution, and that perhaps he knew of a solution but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple. According to EAD Hess, the problem with the Farook iPhone encryption was the "poster child" for the Going Dark challenge.
"Going Dark" is law enforcement jargon used to describe their inability to bypass encryption and cybersecurity tools to engage in surveillance or access data of targets of investigation.
The chief apparently became frustrated when the third-party solution undercut the legal challenge, reportedly asking another official: "Why did you do that for?"
Apple was put under enormous political pressure to comply with the FBI. Donald Trump, then still a presidential candidate, called for a boycott on Apple. Other GOP candidates demanded that Apple cooperate with the feds. Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R–N.C.) crafted terrible legislation that would require tech companies to follow the feds' demands that they weaken their cybersecurity. The bill failed, fortunately.
During that whole public fight, some FBI officials were deliberately trying to fail. All to sell a narrative that they had no choice but to make Apple weaken its own security—and yours as well.
Read the inspector general report here.