Gun Trafficking Investigation Shows The FBI Is Still Capable Of Accessing Communications On Encrypted Devices

from the so-dark-we-could-only-get-everything-we-needed dept

It’s been clear for some time that the FBI and DOJ’s overly dramatic calls for encryption backdoors are unwarranted. Law enforcement still has plenty of options to deal with device encryption and end-to-end encrypted messaging services. Multiple reports have shown encryption is rarely an obstacle to investigations. And for all the noise the FBI has made about its supposedly huge stockpile of locked devices, it still has yet to hand over an accurate count of devices in its possession, more than two years after it discovered it had been using an inflated figure to back its “going dark” hysteria for months.

An ongoing criminal case discussed by Thomas Forbes for Fortune provides more evidence law enforcement is not only finding ways to bypass device encryption, but access contents of end-to-end encrypted messages. This isn’t the indictment of Signal (a popular encrypted messaging service) it first appears to be, though. The access point was the iPhone in law enforcement’s possession which, despite still being locked, was subjected to a successful forensic extraction.

In the Signal chats obtained from one of [the suspect’s] phones, they discuss not just weapons trades but attempted murder too, according to documents filed by the Justice Department. There’s also some metadata in the screenshots, which indicates not only that Signal had been decrypted on the phone, but that the extraction was done in “partial AFU.” That latter acronym stands for “after first unlock” and describes an iPhone in a certain state: an iPhone that is locked but that has been unlocked once and not turned off. An iPhone in this state is more susceptible to having data inside extracted because encryption keys are stored in memory.

Seizing a phone in this vulnerable state allows investigators to obtain evidence from “locked” phones by using forensic tools like those sold by Cellebrite and Grayshift. Signal’s encryption works. But that encryption doesn’t matter — not if law enforcement has access to the device. Encryption protects against message interception but even the strongest forms of encryption can’t secure communications on a partially unlocked device. In this state, it’s as simple as hooking up a phone to an extraction device and letting the device do the work.

It’s not clear which forensic option was used, but it does show encryption isn’t making phones and communications “warrant-proof.” A locked device (rather than one in an “after first unlock”) is going to be tougher to crack, but it’s far from impossible. And if it is indeed impossible, a wealth of information can be recovered from cloud backups, unencrypted communications platforms, social media services, and any number of third parties that collect information and location data from cellphone users. In only the rarest cases will investigators have almost nothing to work with.

Even in those cases, there are options. Investigators can roll the dice on Fifth Amendment challenges and hope a court orders arrestees to unlock their devices. They can also seek consent to a search — something that’s never a one-and-done thing when law enforcement has both suspects and their devices in its possession.

This case shows multiple layers of encryption are mainly a hassle at this point. It’s enough to keep people’s devices secure in case of loss or theft, but it’s not much of an impediment to investigators with powerful forensic tools at their disposal.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Gun Trafficking Investigation Shows The FBI Is Still Capable Of Accessing Communications On Encrypted Devices”

Subscribe: RSS Leave a comment
Tanner Andrews (profile) says:

No need

My bank asked me if I used unline banking on my phone or computer.

They do not have to ask me. They see me every week, they know who I am. When I want money, I walk in, it is only a block or so from the office. No, of course I do not do on-line banking, my computer does not have the right printing equipment to spit out cash.

Things might be different at MegaBank/Merger United, so your mileage may vary. And maybe your phone has a system to spit out cash where mine does not, so you may not even need to walk over to the bank.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...