Reason.com

Free Minds & Free Markets

The FBI Might Not Need Apple's Decryption Help

The FBI says a mysterious "outside party" has found a way to unlock San Bernardino shooter Syed Farook’s iPhone without assistance from Apple.

matsuyuki/Flickrmatsuyuki/FlickrWell, that was odd. On Monday, the U.S. government suddenly pressed pause in its encryption battle with Apple—a case that stands to make or break a precedent for building a government "back door" into secure technologies. FBI lawyers requested that a court hearing originally scheduled for today be postponed until after April 5. The reason? An unknown "outside party demonstrated to the FBI a possible method for unlocking [San Bernardino shooter Syed Rizwan] Farook’s iPhone" that would "eliminate the need for the assistance from Apple." 

On Wednesday, it was revealed that Israeli mobile forensic software provider Cellebrite was likely the firm enlisted to help the FBI unlock Farook’s iPhone. According to Reuters, the firm is split into two companies: one that provides forensic systems to law enforcement and intelligence agencies like the FBI and another that provides technology for mobile retailers. If the FBI’s version of events is correct, Cellebrite contacted the FBI "out of the blue" just before the agency was heading into a difficult court case. Talk about good luck.

Until now, the FBI has been pushing for Apple engineers to purposefully break certain iPhone security features so federal agents can access data on Farook's phone. Virtually all of Silicon Valley stands with Apple, viewing the order to build a "back door" for government access as a major threat to strong cybersecurity and a worrying overreach of state power. But the FBI has argued that all this clucking about "network security, encryption, back doors, and privacy" is a mere "diversion" from the just cause of prosecuting terrorists. 

FBI's Legal Reasoning Is Shaky

The FBI's initial legal argument for conscripting apple's engineers was based on a broad interpretation of the All Writs Act of 1789 (AWA). That centuries-old law says U.S. courts may issue all legal orders "necessary and appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law." Traditionally, the AWA has allowed courts to facilitate lawful legal procedures when the precise means needed was not on the books. Subsequent legal interpretations forbid the government from using the AWA to compel an entity "far removed" from a situation to act or compelling actions that pose an "unreasonable burden" or "adversely affect" a party's "basic interests."

Apple responded that the AWA is nowhere near as expansive as the FBI would like it to be. Besides, the FBI's demands are expressly prohibited under the AWA anyway, as complying would cause Apple to suffer "unreasonable burdens" that would "adversely affect its basic interests." What's more, the AWA is superseded by the Communications Assistance for Law Enforcement Act (CALEA). This 1994 law explicitly prohibits law enforcement from compelling companies to "decrypt, or ensure the government’s ability to decrypt, any communication unless… the carrier possesses the information necessary to decrypt the information" (i.e. the private key) or for the government to "dictate to providers or electronic communications services… any specific equipment design or software configuration."

On March 10, the FBI fired back. While Apple portrays the AWA as "dusty and forgotten," the feds feel that the old girl is "a vital part of our legal system that is regularly invoked in a variety of contexts." And as Apple is one of the largest and most cash-rich companies in the world, it shouldn't be a big deal to comply with the government’s modest request.

Last week, Apple’s attorneys filed its response to the FBI response. In it, Apple asserted that "the Founders would be appalled" by the FBI's use of the All Writs Act "an all-powerful magic wand."

Furthermore, Apple takes strong objection to the FBI’s claim that it only seeks access to one specific device rather than a precedent for future cases. The filing points to comments by FBI Director Comey at his recent congressional testimony that this case "will be instructive for other courts"—suggesting that the agency did indeed expect a beneficial precedent.

So Much for That Precedent

But Monday’s shock announcement made all of this legal sparring irrelevant—at least for now.

Throughout this entire brouhaha, many have speculated that the FBI was not solely interested in the data that might be on Farook’s work iPhone. After all, Farook did not even go through the trouble of attempting to destroy this phone, which was issued to him through his work and possibly monitored by his employer—how important could info on it be? Yet as a means for law enforcement to establish a legal precedent to get around secure encryption, this situation is ripe for opportunity. 

Of course, should precedent to be established in the opposite direction—should the courts side with Apple’s arguably more comprehensive case against the government—the FBI would have one less means by which to access secure technologies. The agency would have to slink back to Congress, empty-handed, and re-start the ignoble process of pushing an unpopular statute through an already-gridlocked body. 

This is not to say that the legal fight ends here. After all, the order was only stayed, not terminated. If this cracker-jack hack of the FBI's falls short, the FBI may very well revisit the issue after its April 5 status report.

Additionally, it’s important to keep in mind that while the fight between Apple and the FBI over the San Bernardino shooter’s phone is the most high-profile, it is hardly the only such case. Apple alone is fighting at least 12 similar orders to break secure technologies for law enforcement. The San Bernardino case just happens to be the most emotionally compelling of these because of its ties to terrorism. The vast majority of the government’s other issues with encrypted data—few though they may be—deal with investigations regarding the wildly unpopular War on Drugs.

Vulnerabilities and Vigilance

Not much is known about the FBI's new "method for unlocking Farook’s iPhone." Perhaps it's employing methods proposed by a handful of technologists to get around the iPhone's security without conscripting Apple engineers as hacker slaves. 

Another possibility is that the FBI will execute one of the federal government’s cache of "zero day vulnerabilities" to crack the iPhone. Zero days are software bugs that are unknown to all but the discoverer. Ideally, such vulnerabilities would be quickly reported to relevant parties so that bugs get patched and all of us can enjoy a more secure computing environment. But zero days are frequently employed by nation states and malicious hackers to exploit their monopolies on security vulnerability.

Technologists will be watching very closely to determine whether and to what extent the FBI may be engaging in this dangerous zero-day trade.

The FBI, for its part, says that it is "cautiously optimistic" about this serendipitous new method to access data from Farook’s infamous iPhone without conscripting Apple. We should all be cautiously vigilant about the FBI’s next move in its war against secure technologies.

Photo Credit: matsuyuki/Flickr

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  • Playa Manhattan.||

    An unknown "outside party demonstrated to the FBI a possible method for unlocking [San Bernardino shooter Syed Rizwan] Farook’s iPhone" that would "eliminate the need for the assistance from Apple."

    Unknown? I know who it is.

  • Diane Reynolds (Paul.)||

    Didn't McaFee publicly offer to help the FBI crack Apple's security?

  • Rhywun||

    Yes, via "social" means. In other words, educated guessing i.e. bullshit.

  • Rhywun||

    Why would a "mysterious outside party" contact the FBI rather than help Apple plug the supposed security hole?? (Lots of security bugs are solved with hackers' help.) That is like asking for jail time.

    I'm not buying this story for a second.

  • ||

    According to Reuters, the firm is split into two companies: one that provides forensic systems to law enforcement and intelligence agencies like the FBI and another that provides technology for mobile retailers. If the FBI’s version of events is correct, Cellebrite contacted the FBI "out of the blue" just before the agency was heading into a difficult court case. Talk about good luck.

    Why would a mysterious outside party contact the FBI? I'll give you a hint: it's green, it folds, and it isn't the Hulk doing his laundry.

  • dschwar||

    So a test case for importing Cuban tobacco?

  • Berha123||

    yes

  • Gandydancer||

    No.

  • Diane Reynolds (Paul.)||

    Having lived in the tech world longer than I care to recall, I suspect there's no shortage of people who would take interest in this challenge and offer up their services.

  • A Cynic's Guide to Zen||

    On Wednesday, it was revealed that Israeli mobile forensic software provider Cellebrite was likely the firm enlisted to help the FBI unlock Farook’s iPhone.

    I see why we pay them the big bucks.

  • toolkien||

    I think most people felt the FBI would eventually get what they wanted, but they wanted acquiescence from Apple, to show Apple may be noblemen, but they still owe fealty to The Crown. Their Majesty won't forget the insolence. Microsoft got a star chamber from the Justice Department to oversee/approve their business activities, if Apple doesn't have the same already, they soon will.

  • Diane Reynolds (Paul.)||

    I saw this earlier and was going to post a link, glad it got covered. So the only question left is, does the FBI continue to pursue the case to set a precedent, or do they just go get what they need from the phone, using whatever technique available to them?

    I certainly wasn't surprised at any of this, and least surprised about the one method of simply overriding the 'bad password' count by creating memory maps and resetting the counter to zero. Very difficult to do in practice, but theoretically very possible.

  • Gandydancer||

    Not possible, for the FBI.. There was no known-to-FBI way to access to that memory from outside the phone. The actual method proposed was to replace the firmware so that the count increment was defeated. And Apple had to write and sign the new firmware software, plus arrange for their servers to ok it, or the phone wouldn't accept it..

  • Gandydancer||

    I fogot to say: The AWA can't be used to force Apple's cooperation if there is another way, so the FBI had no choice but drop their request.

  • ||

    My guess (and I don't want to hear any damn facts that mess up my guess so hush) is that the phone was never encrypted or even password locked. Its battery was dead and it took this long for some agent's 12 year old kid to say "Umm dad, if you plug it in it will work."

  • BigT||

    Why not simply cut off the terrorist's fingers and see if those work?

    Dumb FBI!

  • Gandydancer||

    Dumb BigT. This phone didn't use fingerprint tech.

  • BYODB||

    I'm sure they'll conveniently 'discover' a treasure trove of NSA provided intel on his phone so that next time this comes up they have a 'precedent' of it being a useful tool in their belt.

  • XM||

    The question is - would you rather have the FBI obtain a warrant and formally request a company to open one of their device, or just send it to a third party willing to work on their behalf?

    The phone belongs to the government, so they can do whatever they want to do with it. And once the hacker gives them backdoor access, none of us would know a thing about it.

  • Reverendcaptain||

    Seems to me this is simply a case of the FBI looking for a way to get out of a situation they can't win. They never anticipated the public backlash against their efforts to force Apple to provide the keys to unlock this and other iPhones and rather than saying sorry, they're just pretending that they don't need it anymore.

    TL;DR FBI is saving face.

  • Gandydancer||

    The FBI didn't attempt "to force Apple to provide the keys to unlock this and other iPhones". The author of this article is either a determined and lazy ignoramus or a liar. No "backdoor" was involved. The tool which the FBI wanted to force Apple to agree to make could have been used by Apple to open other phones of the same design if they received another court order to do so, but the FBI didn't ask for the tool.

    The Israeli company's tool may allow the FBI to break into any such phone. I understand they held the FBI up for a lot of money, though. But now the secret is out that it can be done without Apple's cooperation.

  • ||

    What's the over/under on bombs lobbed at Israel when it's announced they have opened the phone and gotten the FBI info on s verbal communication navy's and possible ble plots?

  • ||

    On several contacts and possible bomb plots.

    Sorry, the iPad keyboard is a little iffy sometimes this early in the morning.

  • Gandydancer||

    Andrea O'Sullivan is a determinedly lazy ignoramus. Too lazy to read any of the filings, apparently. The case never "st[ood] to make or break a precedent for building a government "back door" into secure technologies" because the proposed method never involved any "back door". It involved getting Apple to disable the security on the front door, and required Apple's help on doing that to any subsequent phone. God, I despise incompetent "journalists".

  • jordanrock77||

    The library on the Apple devices consists of the important files and folder, the folders with those files may be lost anytime. Apple Devices Data Recovery will help the Apple users to recover them back on the library and this is a good process.

GET REASON MAGAZINE

Get Reason's print or digital edition before it’s posted online