Reason.com

Free Minds & Free Markets

Locked Texas Shooter’s iPhone Reignites Encryption Debate

Another possible standoff where officials want to compromise everybody's data security.

locked phoneDave Bredeson / DreamstimeWell, here we go again: the FBI has once more found itself locked out of the smartphone of a dead mass shooter, this time Texas church massacre suspect Devin Kelley. Unless the feds find some kind of workaround to allow access without undermining the core encryption protections afforded by consumer devices, this incident could ignite another battle between the FBI and the tech community over the tensions between user security and law enforcement access.

The issue is a tender one. In the spring of 2016, the FBI and Apple engaged in a fraught standoff over the encryption question following the 2015 terrorist attack at San Bernardino. The battle played out both in the public and the courts, with the FBI arguing that Apple had a duty to compel its engineers to intentionally break security features in order to access data on the locked devices of deceased shooters Syed Rizwan Farook and Tashfeen Malik. Apple stood firm, refusing to compromise any of its devices and instead seeking to find alternative means to assist law enforcement.

This intense showdown did not present a cathartic ending. The legal issues underpinning the debacle were never resolved in court. Rather, the brouhaha was rendered moot when an outside party swooped in to hack the phone for the FBI for a cool $900,000.

The most recent shooting at a Texas church contains all of the elements to create yet another battle royale between law enforcement and security professionals.

The FBI agent in charge of the investigation, Christopher Combs, has already started grumbling about encryption, griping that "law enforcement is increasingly not able to get into these phones." In an interview with Politico Pro, Department of Justice Deputy Attorney General Rod Rosenstein, who has developed quite a reputation as an encryption critic, recently characterized the desire for strong, unbreakable encryption as "unreasonable."

The agency has confirmed that the device is an iPhone. But officials reportedly have yet to reach out to Apple for assistance, preferring instead to explore alternative means to access the phone's data.

That's problematic. The iPhone's security features are set up in such a way that the first 48 hours after an incident are critical. If the FBI had reached out to Apple within this time frame, its engineers could have assisted law enforcement to exploit this window of opportunities. But since the FBI neglected to reach out, they may have inadvertently foiled their own options.

For example, Apple's Touch ID feature allows individuals to unlock their device by scanning their fingerprint. If Kelley's iPhone had the Apple Touch ID feature enabled, law enforcement could have used the dead man's fingerprints to easily open the phone. That is, unless the device has been powered off and restarted, or 48 hours have passed—in which case, the user's private passcode would be needed. And you can't exactly ask a dead man to tell you his passcode.

If a feckless Android user like myself was one of the first in law enforcement to handle the device, they could easily seal off that route by immediately restarting the device. After all, it's a natural first step that frustrated smartphone users turn to when flummoxed by their technology. But in this case, it could mean the difference between easy access to critical clues, or a drawn-out legal battle that risks undermining the nation's data security.

Even if they didn't turn off the device, the critical two-day window has come and gone. One really hopes that the FBI did not allow pride or prejudice to prevent a simple request for Apple's assistance.

But it wouldn't be the first time the agency has flubbed such a route. Recall that during the San Bernardino debacle, the FBI instructed municipal officials to remotely reset Farook's iCloud password, thereby eliminating the option to access automatic iCloud backups. A quick call to a knowledgeable Apple representative could have swiftly cleared that all up.

Hopefully, law enforcement will find some way to get the data they need without another public brawl with the tech community. But I'm not all that optimistic. Opportunists in the FBI may find the chance to advance their anti-encryption agenda in the face of another tragedy to be too tantalizing to turn down.

There are important differences in the facts of the cases in San Bernardino and Sutherland Springs. Kelley appears to have been a lone wolf, unconnected to a broader terrorist network like Farook and Malik. Investigators may not have as much of a need to scour through Kelley's communications for associates like they did for the Islamic terrorist network apparently involved with the San Bernardino shooting.

Yet the passion and emotion surrounding such high-profile massacres often blur these kinds of distinctions. Authorities could decide to use this as another test case in the court of public opinion or a real court to gain the ability to compel code from security professionals. At the very least, it could be used as another rhetorical data point to promote legislative efforts to secure these new powers.

It is easy to sympathize with the FBI's plight. Their agents investigate horrific crimes, and hope to bring justice for victims' loved ones. I can only imagine their frustration in finding a potential lead blocked by the hard laws of mathematics. Most in the security community feel a similar empathy.

But there is simply no getting around the fact that compromising encryption ultimately makes everyone less safe. Not only is it in many cases simply mathematically unworkable, it is downright undesirable.

Rather than exposing millions of innocents to increased risk of digital predation, law enforcement should seek one-off methods to break into specific devices in an investigation, as they did with the San Bernardino case. This approach, of course, will require a more productive relationship with the technology community than was evidenced in the last go-around of the Crypto Wars.

There is a deep irony to the encryption debate. We are all stewing in a veritable ocean of accessible, unencrypted data. This includes metadata, geolocation tracking, social media posts, cloud data, and ISP logs, among many other expanded digital sets of typical forensic evidence.

How much progress could law enforcement make if they focused more resources on mining these rich new sets of data, rather than antagonizing the poor security engineers that keep us all safe online? The FBI should work with the technology community to seize these opportunities. They might just find that the evidence they needed was there for the easy taking all along.

Photo Credit: Dave Bredeson / Dreamstime

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  • MMalik||

    "The iPhone's security features are set up in such a way that the first 48 hours after an incident are critical. If the FBI had reached out to Apple within this time frame, its engineers could have assisted law enforcement to exploit this window of opportunities. But since the FBI neglected to reach out, they may have inadvertently foiled their own options."

    I'm not inclined to give them that much benefit of the doubt. This exact same issue came up in the San Bernadino case (where the Feds actively broke the iCloud link that could have enabled them to get what they professed to want without compromising anyone else's privacy). It's simply not possible that the FBI is unaware of this window of opportunity; the obvious inference is that they chose not to take advantage of it because they'd rather cultivate an anti-privacy talking point than do their jobs.

  • ||

    Not to mention that, just as with the San Bernadino case, AGs and public defenders across the country have iPhones lined up in evidence waiting for one of these cases to break so that they can punch someone in the face, slam dunk over them, and call 'No foul!'

  • jogibew||

    I'm making over $7k a month working part time. I kept hearing other people tell me how much money they can make online so I decided to look into it. Well, it was all true and has totally changed my life.

    This is what I do... www.netcash10.com

  • Fist of Etiquette||

    In this case, what do they expect to find? That the shooter was working with a sleeper cell network of radicalizing atheists?

  • SQRLSY One||

    Yeah man really... Every once in a while, one individual lone person goes totally bonkers. It isn't possible for us to really understand why... Nor can we prevent it, w/o taking away everyone's freedoms, to a large extent.

    Obviously, all the knowledge in the world is not going to allow the FBI to bring back the 26 dead people.

    So other than general Nosenheimer and Buttinski shit, WTF does the FBI really expect to learn, of any real value, here?

  • Jerryskids||

    The FBI should work with the technology community to seize these opportunities.

    Rape isn't about sex, it's about power. Getting fucked by the government is no different.

  • loveconstitution1789||

    Its just more knee-jerk fervor to weaken encryption.

    Who cares what was on this shooter's phone? I don't. I would rather have secure phones from the government and Apple's prying eyes.

  • Mitsima||

    "The FBI should work with the technology community to seize these opportunities."

    LoLz. Men with guns and immunity don't work _with_ people, tovarich.

  • Rhywun||

    I wonder what they found on the Vegas guy's phone. Remember him...?

  • loveconstitution1789||

    Who?

    Gun control didn't work based on the Vegas shooter's actions, so its time to move on.

  • dantheserene||

    This is a perfect case for the FBI to exploit. They don't really need the information on that phone, but it's an opportunity to use a tragedy to increase their power.

  • loveconstitution1789||

    Never let a tragedy go to waste.

  • Woodstock93||

    It might also be noted that Apple reached out to the FBI on their own the moment they read the story. The Feds never took them up on the offer. Since then Apple has again offered to help but still no response.

  • Stormy Dragon||

    The funny part is going to be how many of the "banning bump stocks is a slippery slope to banning all guns" types will be perfectly okay with federally mandated broken encryption because TERRARISM!

  • ||

    Equally funny will be the "You can't have a phone without encryption." types who have no problem with the government legislating bump stocks.

  • Curt||

    "There are important differences in the facts of the cases in San Bernardino and Sutherland Springs. Kelly appears to have been a lone wolf, unconnected to a broader terrorist network like Farook and Malik. Investigators may not have as much of a need to scour through Kelly's communications for associates like they did for the Islamic terrorist network apparently involved with the San Bernardino shooting.

    Yet the passion and emotion surrounding such high-profile massacres often blur these kinds of distinctions"

    This is no mere "distinction". This is absolutely all the difference in the world. In San Bernandino the argument was that it was crucial to potentially prevent another similar attack and that is why we should smile and give up our privacy. This time, there's no pretense. It's simply: fuck you, you have no rights.

  • Curt||

    "The FBI agent in charge of the investigation, Christopher Combs, has already started grumbling about encryption, griping that "law enforcement is increasingly not able to get into these phones." "

    Yeah! It's not like it was back in the 90's! Back then, you could easily get at all of the information that was stored in someone's phone.

    I for one think that it's simply ludicrous that the quality of encryption on phones has increased along with the value of the information stored on them. In fact, I think that all criminal suspects should have all details from their phone routed directly to the FBI. And since we don't know who might be a criminal suspect in the future, it should simply be everyone. Frankly, it's the only reasonable approach that I can imagine.

  • the_tanstaaflizer||

    "How much progress could law enforcement make if they focused more resources on mining these rich new sets of data" ...?

    There's an agency tasked with that job. It's called the National Security Agency. It regularly datamines the hell out of everyone's information, and - guess what? They're just as incompetent as the rest of the Federal Bureaucracy. Try reading current news articles on how the NSA has been hacked, "anti-bad-guy" software tools stolen and then turned into ransomware, etc., etc.

    No. Stop supporting the idea of chasing through peoples' electronic data after crimes and pay attention to the plethora of hard evidence that exists already in these kinds of crimes. We don't need access to the shooter's phone, in this particular case, anyway. He's dead. As is the cognitive content of this article.

  • Rhywun||

    Yeah, WTF? The "technology community" should refuse to assist the state in any way.

  • Greg_Cherryson||

    How about having some principles? The 4th Amendment, as the Framers understood it, protected all "private papers", unconditionally. This was the jurisprudence of Entick v. Carrington, upheld over a hundred years later in Boyd v. United States. It didn't matter if the "papers" were encrypted or not, because they were off limits anyway.

    All the present discussion revolving around backdoors, forced decryption, the foregone conclusion doctrine, the testimonial or non-testimonial nature of compelled statements etc. is done within the severely corrupted environment of the Constitutional protections, eroded beyond all recognition. The situation is ripe for the Supreme Court to revisit Boyd v. United States and either reaffirm it, or officially state that the Constitution is toilet paper, in the name of very broadly-defined "legitimate government interests".

  • Longtobefree||

    Well, in this case, there is no chance of getting a warrant; who would they serve it on, the dead guy?
    Technology aside, if I choose to keep my personal papers using some type of code, is even a warrant based on probable cause sufficient to "require" me to cough up the key?
    Maybe someone should introduce legislation as the FBI requests, but with the provision that if any of their data storage is breached in any way, everyone they have a file on gets ten million dollars in damage. The funds to come from the agency budget, and from each agent, jointly and severally. Future budgets to be assessed as required, and the FBI can re-form after everyone has been paid in full.

  • nohakhan||

    Furniture Moving Company
    Furniture is one of the things that we can do a lot of effort and time in order to carry out transportation from one place to another, to any place in the Kingdom or anywhere outside the Kingdom. The transport works from services that seem to us easy and simple but ultimately Of the services that lead to exposure to problems is very difficult to be solved from the breakage, scratching, damage and loss, the company tops excellence of the most important and bestاثاث مستعمل
    شركة شراء اثاث مستعمل بالرياض

  • Tom Dial||

    Encryption is not going away. It is far too useful, even necessary, for commerce and the entire range of business activity. Those able to use publicly available and free cryptographic software on suitable hardware (and possibly to violate the law in some jurisdictions) will be able to encrypt their data relatively secure from technical means for the foreseeable future, subject to possible major advancements in computing hardware or mathematics.

    That is not to say that entire cryptographic systems will be secure. Aside from software errors and use of various means of compulsion, some illegal, there are numerous methods to compromise keys and enable decryption. A keylogger delivered in a phish email is one, and the method the FBI tried to force on Apple in the San Bernardino case (which was not a back door in the normal sense) is another. These often are specific to the case at hand, however, and the FBI may be pushing to support passage of legislation to ensure that warrants can be executed against commercial cryptographic systems.

  • nohakhan||

    Saudi Furniture Company

    When one of us thinks about moving to a new home, he looks like he is carrying his furniture and possessions on his back, thinking about how to move the furniture to the new place, the potential damage, the fear of precious possessions, sensitive parts and breakable objects, and the packaging, Has been solved with companies specializing in the transfer of furniture either to a new home or to storage until the completion of maintenance of the house or travel and so on.شركة تركيب اثاث ايكيا بالرياض
    شركة تركيب ستائر بالرياض

  • nohakhan||

    Saudi Furniture Company

    When one of us thinks about moving to a new home, he looks like he is carrying his furniture and possessions on his back, thinking about how to move the furniture to the new place, the potential damage, the fear of precious possessions, sensitive parts and breakable objects, and the packaging, Has been solved with companies specializing in the transfer of furniture either to a new home or to storage until the completion of maintenance of the house or travel and so on.شركة تنظيف مكيفات بالرياض
    شركة تركيب غرف نوم بالرياض

  • nohakhan||

    Saudi Furniture Company

    When one of us thinks about moving to a new home, he looks like he is carrying his furniture and possessions on his back, thinking about how to move the furniture to the new place, the potential damage, the fear of precious possessions, sensitive parts and breakable objects, and the packaging, Has been solved with companies specializing in the transfer of furniture either to a new home or to storage until the completion of maintenance of the house or travel and so on.شركة تركيب باركية بالرياض

GET REASON MAGAZINE

Get Reason's print or digital edition before it’s posted online