from the flow-my-angry-tears dept

Hell Hath No Fury Like A Federal Law Enforcement Agency That Keeps Finding Some Way To Break Into IPhones

by

Nothing has made the FBI more irritated than its ability to break into phones it swears (often in court!) it cannot possibly get into without the device maker's assistance. The agency doesn't want third-party vendors to offer solutions and it doesn't seem to want its own technical staff to find ways to get stuff from encrypted devices. It wants the government to tell companies like Apple to do what they're told. It will accept any solution that involves a mandate, whether it's from a federal court or our nation's legislators. It will accept nothing else.

The FBI and DOJ's foul mood over its phone-cracking success and its courtroom failures came to a head recently. A joint press conference announcing not-so-breaking news about the contents of the Pensacola air base shooter's phones contained a whole lot of off-target griping about a company whose only crime was selling consumer products. Here's Rianna Pfefferkorn for TechCruch:

You’d think the FBI’s success at a tricky task (remember, one of the phones had been shot) would be good news for the Bureau. Yet an unmistakable note of bitterness tinged the laudatory remarks at the press conference for the technicians who made it happen. Despite the Bureau’s impressive achievement, and despite the gobs of data Apple had provided, Barr and Wray devoted much of their remarks to maligning Apple, with Wray going so far as to say the government “received effectively no help” from the company.

If the FBI's ultimate aim was to bury the lede -- that it could either break encryption or exfiltrate contents without cracking devices -- it succeeded. Everyone talked about Apple and how its unhelpfulness led to this petulant press conference where it was stated clearly and repeatedly that Apple was harming the nation's security by... um... temporarily delaying the discovery of evidence linking the shooter to the terrorist group that had already claimed responsibility for the attack months ago.

As Pfefferkorn points out, Bill Barr and Chris Wray's roughly concurrent tantrums allowed them to avoid discussing something that should have been much bigger news.

By reviving the old blame-Apple routine, the two officials managed to evade a number of questions that their press conference left unanswered. What exactly are the FBI’s capabilities when it comes to accessing locked, encrypted smartphones? Wray claimed the technique developed by FBI technicians is “of pretty limited application” beyond the Pensacola iPhones. How limited? What other phone-cracking techniques does the FBI have, and which handset models and which mobile OS versions do those techniques reliably work on? In what kinds of cases, for what kinds of crimes, are these tools being used?

After all of this, we don't know what the FBI is capable of and how often these previously unmentioned techniques are used to bypass or break device encryption. With the only suspect dead, it's obvious FBI agents didn't beat the passcode out of him. But that's all we really know.

The FBI can break into iPhones. But it won't celebrate that victory because -- without a federal government derived mandate -- it doesn't feel like a victory. This "sick of winning" attitude dates back to the FBI's efforts in the San Bernardino shooting where agency officials were upset a third party solved their access problem before they could talk a court into precedent compelling assistance from cell phone manufacturers.

By portraying this victory as a loss to a tech company, the FBI can avoid talking about its tools and techniques. It can bypass its oversight by glossing over this breakthrough as a very limited success that won't scale and possibly cannot be used against any other phones. It can also keep its secrets from our nation's courts, ensuring defendants are left in the dark about the true origin of evidence being used against them.

And that's if we're thinking positively. Here's where we're at if we bring to bear all the distrust and cynicism the government (at all levels) has earned:

The worst-case scenario would be that, between in-house and third-party tools, pretty much any law enforcement agency can now reliably crack into everybody’s phones, and yet nevertheless this turns out to be the year they finally get their legislative victory over encryption anyway. I can’t wait to see what else 2020 has in store.

USA! USA! USA!

We, the people, are going to get what's coming to us, even if we haven't earned it or asked for it. Encryption is public enemy number one, right behind device manufacturers and developers of encrypted communication services. If the first enemy is killed dead, the rest will be manageable. And the general public will be forced into sacrificing their personal security for jingoism-spouting opportunists who will never see the United States as safe enough to entrust citizens with their own decisions about the level of protection they want for their communications and data.