Encryption

The FBI Wants Access to a Mass Shooter's iPhone. Will They Demand a Back Door?

A deadly shooting on a Naval base in Florida may lead to a new battle against encryption.

|

When the dust from a suspected terrorist attack on U.S. soil eventually settles, the inevitable fight over access to encrypted communications can quickly commence. This is again the case with last month's shooting spree by Saudi Air Force flight school student Mohammed Saeed Alshamrani, who was being trained at the Naval Air Station in Pensacola, Florida.

Investigators are still determining the now-deceased Alshamrani's motivations, who is believed to have hyped himself up by hosting a party to watch videos of other atrocities and posting anti-US and anti-Israel content before killing three U.S. sailors and wounding eight other people. "Terrorism" seems a pretty good bet: Attorney General William Barr reported Monday that 17 other Saudi Air Force students at NAS Pensacola had pro-jihadi content on their social media accounts.

But to build a watertight case, law enforcement might need access to the shooter's suspected two iPhones, so the FBI is hoping to enlist Apple's help. Last week, the FBI sent a letter to Apple's general council asking for technical assistance after their efforts to simply guess the passcodes proved fruitless. The agency says it has court permission to search the phones, so it's not a question of warrantless access. And Apple appears eager to help, telling NBC News that the company has given the FBI "all of the data in our possession" when first approached at the time of the attack and "will continue to support them with the data we have available." Barr countered this characterization in his speech Monday, claiming that "Apple has not given us any substantive assistance" so far.

Perhaps the FBI and its many forensic offices may be able to work with Apple to find a fortuitous way into the iPhones in question. (Entering at least one of the phones may prove especially tricky, as it was apparently shot during the attack.) Or maybe the FBI will again tap one of the many shadowy organizations that specialize in granting access to secure devices, like the Israel-based NSO Group Technologies, which is believed to have cracked the San Bernardino shooter's phone.

Or perhaps this present détente is just the calm before the revived Crypto War storm. When considering the backdrop that festoons this latest security incident, the curious case of the NAS Pensacola iPhones could have all the makings of a new public battle over law enforcement access to encryption.

Recall that the San Bernardino incident resolved with only a whimper. The government had hoped to secure a legal precedent in the courts that would facilitate future access to encrypted communications. By compelling Apple engineers to build government back doors into phone software, the law enforcement community would not only receive access to those particular devices, but possibly any device protected by strong encryption, whether with or without a warrant. (No wonder the FBI dragged its feet to crack into the devices on its own.)

Eventually, the FBI was able to get into the iPhone without conscripting Apple engineers as unwilling government hackers. The whole thing became moot. But it's likely that many in the law enforcement community have simply been biding their time until another opportunity presented itself.

The emotional high-stakes surrounding the attack in California only added more oomph to the government's case in the court of public opinion. Exploiting horrible events appears to be a key tactic in the government's ongoing campaign against encryption.

In 2015, emails obtained by the Washington Post from a top lawyer in the intelligence community explained that while "the legislative environment is very hostile" to the idea of outright crippling encryption, things could "turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement." A 2018 inspector general inquiry into the San Bernardino incident reported that the case was seen as a "poster child" for the so-called Going Dark problem thwarting law enforcement access to secure devices. So of course the agency played the San Bernardino shooting up.

Perhaps the specific game plan has changed with the rise of a new administration. But the overall goal of chipping away at strong security protocols remains the same under the tenure of Attorney General William Barr and FBI director Christopher Wray. Barr has blasted tamper-proof encryption protocols as "law-free zones" that are fundamentally opposed to the needs of law enforcement. In his press event Monday, Barr called on Apple to "find a solution so that we can better protect the lives of Americans and prevent future attacks." Wray echoes these contentions, characterizing security technologies as creating an "entirely unfettered space that's utterly beyond law enforcement for criminals to hide."

What they want is what's called a "back door" into encryption standards that will let governments decrypt data at their leisure. Law enforcement argues that such back doors are necessary tools to get evidence and carry out justice. But computer scientists point out that a government back door would undermine everyone's security because the bad guys could exploit it as well. Essentially, there may be no way to build a back door that wouldn't effectively ruin the whole point of encryption to begin with, which is to secure our computing.

The FBI has a history of exaggerating the Going Dark problem. Wray had previously claimed that his Bureau was locked out of some 8,000 or so devices in their investigations. But the real number is much smaller, probably around 1,000 or so. Plus, it's simply not the case that these thousand-some devices are related to terrorism or even plain old violent crime cases. The vast majority are probably drug-related.

Then there's the question of whether the information on the devices would have even been instrumental to solving the case. Obviously, law enforcement will want access to as much information as possible to build the best case. But maybe the locked device wouldn't have provided much evidence anyway.

Computer scientists routinely point out that law enforcement may be missing the forensics forest for the trees. We live in a virtual ocean of plaintext data, metadata, and tools that can piece together our online lives if assisted by the right analysis. Many times, law enforcement fails to tap this rich vein of available data simply because they do not know it exists, or they don't know how to access it, or they don't know how to analyze it.

Rather than quixotically trying to undermine everyone's security by installing insecure back doors into encryption protocols, the FBI should instead seek to harvest this kind of low hanging fruit and better train the nation's law enforcement on this kind of forensic analysis.

Hopefully Apple and the FBI will be able to get into these phones the old fashioned way and an encryption stand-down can be avoided. As a Pensacola resident and a security writer, I hope that justice is served without undermining strong encryption.

But if we don't have a stand-down now, we will almost certainly have one later. Today, not only are devices like iPhones protected by strong encryption by default, Facebook is also integrating strong encryption practices into their suite of platforms, which means more tragedies will likely involve some kind of encryption.

The government will not cease in its quest to put a back door into encryption technologies, and we must be ready to challenge them whenever it is attempted.

Advertisement

NEXT: Court Rejects Motion to Seal Litigation Finance Agreements

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Why not just outlaw Apple? Forbid any government employee from using any Apple product for any official purpose.
    Win-win. The socialists get to poke a huge (not just big) corporation, the know-nothings get to go back a couple generations in tech, and the stock market drops a hundred points to make Bernie and Warren happy.
    After all guys, it’s just a bunch of ones and zeros; how hard can it be?

    1. You would have to ban android phones as well. They have just as strong of encryption.

      1. The encryption may be just as strong, but Google has no problem handing over personal information. So far it has only been Apple willing to fight the FBI. Another difference is that Google keeps a copy of all date for their own marketing use, so when the government comes asking for it they have it all ready to hand over. Apple tries to make it so they don’t have access to private data, that way there is nothing to hans over to the government.

    2. Not seeing how your plan does anything. Its not government employees’ phones the FBI needs access to.

  2. And clearly we need a back door for the 5th Amendment. For the children.

    1. Don’t worry they’re working on that. First, they got a court decision for when a cop directly sees something on your computer but you manage to turn it off so they can’t get back in. Now, they’ve got a guy who’s been locked up for years on an indefinite contempt of court hold because a single (civilian) witness says they saw something illegal, and the courts seem to agree that’s a foregone conclusion as well so byebye 5th.

      1. Courts take witness testimony as hard evidence, that’s a joke to begin with. Not surprised the 5th is crushed.

  3. Eventually, the FBI was able to get into the iPhone without conscripting Apple engineers as unwilling government hackers. The whole thing became moot. But it’s likely that many in the law enforcement community have simply been biding their time until another opportunity presented itself.

    Of course they’ve been waiting for an opportunity to enforce their will on the peasantry. It’s not enough that they can pick your locks or overwhelm your defenses – your failure to display the proper obeisance by even having locks and defenses is an alarming display of lèse majesté . “Submit” ain’t just a button on the Reason comment board.

  4. Well, we do know just how trustworthy the FBI is – – – – – – – –

    1. I cant tell when reason is serious about privacy lately. They virtually ignored the FISA abuse issue, instead somehow blaming the GOP instead.

  5. Facebook is also integrating strong encryption practices

    Making it harder to break into the Facebook accounts of grandmas and terrorists.

    1. Facebook will maintain their backdoor so they can ban evil thoughts like deadnaming.

  6. Get a legitimate warrant from a legitimate court, not one of those mail order FISA type warrants. Have Apple unlock and provide the data. Apple gets to keep and protect their Intellectual Property, Americans get to keep and protect their constitutional freedoms. Law enforcement gets to exist within the bounds of the constitution.

    1. The problem is that the government wants their own set of keys to a backdoor that Apple hasn’t even installed. Apple has no problem handing over date in their possession to the government when presented with a warrant. However Apple does not keep a copy of data stored only on your personal iPhone, and there is not a backdoor for them to open. Google on the other hand makes money on your data, so there are many copies floating around. That is why Google is mostly free. Apple is in the hardware business and charges you a fee to store your data.

      1. Google on the other hand makes money on your data, so there are many copies floating around. That is why Google is mostly free. Apple is in the hardware business and charges you a fee to store your data.

        This is a bit of a false dichotomy or, alternatively, portraying a double-edged sword as only cutting one way. Apple can and does skim data off your phone. Pretty much the same data that Google does. They are more of a hardware company, so they don’t sell the same data around outside the company the same way but, at the same time, they can more directly control the hardware on your phone than Google can. Not that either one should be trusted with much of anything, but this makes it sound like Google’s spying on you and Apple’s not. Which is untrue.

        1. I guess the point I am trying to make is that Apple seems to be the only company putting up a fight when it comes to giving the government access to personal data, as far as I know Google and FaceBook hand the data over to the government.

  7. It would have been so much easier not to bring in a bunch of Saudis for flight training. Then we wouldn’t need to worry about cracking iPhones.

    1. 17 trainees had jihadi shit on their phones? I’d question why we still have bases over there.

      1. About damn time we pulled our bases out of Florida.

      2. The petrodollar.

        1. I didn’t realize that Florida had that much oil.

          1. We have politicians, too. Much snake oil produced and peddled here.
            But please don’t pull the bases. We need the taxes from all those part timers to keep us from needing an income tax.

    2. They found child porn on all their socia media accounts.

      But I’m confused about the “case” they are making. The dude is dead and the 17 shipped out. What fucking case?

      1. Present that evidence to the Saudis and they might get their heads lopped off.

  8. As with so many other Constitutional exceptions for the children/war on drugs/war on terror/war on sex trafficking/climate change/partridges in pear trees, the camel is always looking for a crack to get its nose in the tent. At what point does this become the “long train of abuses and usurpations, pursuing invariably the same object, evinc[ing] a design to reduce them under absolute despotism” that Jefferson spoke of in the Declaration of Independence?

    1. At what point does did this become…

      FTFY

    2. About 3 months into the Washington administration.

  9. Apple should unlock the phones this time (not hand over encryption key).
    Dudes aren’t US citizens

    1. Apple does not have the keys to unlock an iPhone, they purposely have made their product so that even they cannot get into them.

    2. 1. Why does their nationality matter?

      2. Apple is arguing that they can’t unlock the phones. They don’t have the encryption key. And that’s a good security design.

      1. 2. Apple is arguing that they can’t unlock the phones. They don’t have the encryption key. And that’s a good security design.

        Not can’t unlock the phones, can’t necessarily grant access to any/all requested data. By their own admission, some possibly significant portion of the data is not encrypted and/or Apple has the keys. (Mac) Mail is encrypted in transit but distinctly not on their servers. iCloud backups may or may not be encrypted on their servers.

        This was a point of contention when a spate of celebrity nudes got leaked recently. The phones backed up to iCloud and, even if the user had deleted the files locally, access to the data in iCloud wasn’t encrypted in any way specific to the user or device. The encryption was promised by Apple to be end-to-end and, technically, it was but, design-wise, that didn’t mean dick.

        1. I think the celebrity nudes were accessed using passwords obtained in a phishing attack.

  10. /not sarc
    If your okay with stealing money from Snowden for breech of a nondisclouser agreement, would you also be okay with holding the people at the nsa etc. Accountable for the perjury and treason they committed?

    1. Just shut the fuck up reverend. I’m sick of your jawing.

    2. And tell god to get hint. Obviously we didn’t care much for his son.

    3. My bad ment to post this at the cyber law fare post

  11. “Posting anti-Israel and anti-Us content”…come on Reason, terrorism is not cancelled or problematic, its woke. The website and magazine leader and soundboard of the democratic socialist political party is named after terrorists.

  12. The Saudi Royal Air Force officer who fatally shot three people at Pensacola, Florida, Naval Air Station hosted a dinner party for a trio of countrymen in the days leading up to the attack — during which they watched mass shooting videos

    What else happened at this “dinner party”? Drinking alcohol? Worse?

    1. Look, at least he didn’t hijack planes and take out skyscrapers like Saudis used to do 19 years ago. Learn to appreciate incremental improvement, and you foster more of it.

  13. Will They Demand a Back Door?

    Last time I made that demand, I got smacked across the face.

  14. “will the demand a back door?”

    Who works for who? Last time I looked, the FBI etc. work for us.

    I’m no fan of Apple, but long term, I worry more about the FBI.

  15. I couldn’t care less what “law enforcement” wants. people will always be able to encrypt stuff if they take the time to learn to do it. The stupid is just in expecting someone else (like a big corp) to be trusted to do it for you. That said, I also fully support anyone and everyone refusing to give in to the demands of the pigs. Give them the finger and just go around them.

  16. Why not? As long as the volunteer armed forces and lawmen are willing to give up their weapons and encryption, only the first and second amendments stand in the way of forcing us to do the same…
    Better to let McAfee hack the phone, like he offered to do when the Sharia law observers killed all those bureaucrats in the gun control State.

  17. You clingers should hand over your encryption keys to your betters. They know more than you and can help you achieve apotheosis.

  18. If the Government were truly serious in their interest only being to prevent terror attacks, they would loudly and only ask that Apple or a private “hacking” firm unlock that particular device, with warrants in hand, and NOT be shown how to do it. The fact that the Government continually demands that they be given the tools to do it themselves shows that they are interested in far more than preventing terror attacks – so fuck ’em

  19. You can compare the price of iPhone with honor 9x Price and analyze the security breach of smartphones.

Please to post comments

Comments are closed.