Lawmakers Ask FBI Why It Isn't Getting Busy Cracking Its Stockpile Of Seized Smartphones
from the nerd-harder,-g-men dept
Ever since the FBI began its “going dark” crusade, crucial questions have gone unanswered. Considering the budget and technical expertise the FBI has access to, why was it so necessary to get Apple to crack an iPhone’s encryption for the Bureau? Turns out it wasn’t. The FBI did have a solution, but the head of the division charged with cracking open the San Bernardino shooter’s phone didn’t want a technical solution. He wanted a courtroom solution.
The report that outed the FBI’s general disinterest in using outside contractors to crack encrypted devices is now being used against the FBI. Ten (bipartisan) legislators have signed a letter demanding answers from the agency about its anti-encryption efforts. The “going dark” narrative continues to be pushed by director Christopher Wray, despite recent reports showing at least two vendors have tools that can crack any encrypted iPhones. The tools are also much cheaper than the ~$1 million the FBI spent to open the shooter’s phone, which raises questions about the agency’s fiscal responsibilities to taxpayers.
The letter [PDF] highlights portions of the Inspector General’s report indicating the agency was less than motivated to find an outside solution while engaged in a legal battle with Apple. It also points to the thousands of devices the FBI says it can’t access, despite the ready availability of vendor tools designed to do what the FBI continues to claim is impossible.
These are the questions the legislators want answered — questions we’ve been asking for months:
Have you consulted with relevant third-party vendors to understand what tools are available to help the FBI access device content?
Do you agree that there are solutions available to help unlock or nearly every device on the market? If not, why are these solutions, particularly the ones discussed above, insufficient?
Why can’t the FBI unlock the 7,800 devices? Have you attempted to use tools developed by third-parties to unlock these devices?
Of these locked phones, how many are equipped with biometrics or how many have data available through a cloud service, which would provide additional means to access data or unlock phones?
For each device that you have not used a third-party tool to unlock, what is the rationale for not doing so?
These are all reasonable questions. But the FBI has been anything but reasonable when it comes to device encryption. Its director continues to insist — despite zero tech expert support — that safe and secure encryption backdoors are possible and that it’s willing to sacrifice the public’s security for “public safety.” The FBI’s disingenuous actions show it can’t be trusted to handle the encryption debate honestly. Hopefully, this letter will reset the “conversation” by giving stakeholders insight into the fight the FBI appears to be throwing in hopes of being bailed out by legislators or federal judges.
Filed Under: congress, encryption, fbi, going dark
Comments on “Lawmakers Ask FBI Why It Isn't Getting Busy Cracking Its Stockpile Of Seized Smartphones”
It’s almost like they want to be able to get at the contents of any phone when it connects to Stingray device. Hmm, maybe they do, as it avoids problems like warrants when they want to go fishing because an agent just knows someone is a criminal.
Re: Re:
Of course then there would be nothing keeping them from driving or flying around with stingrays while secretly scanning every device in range. From there it’s easy to use evidence laundering to build cases without revealing the true source.
Re: Re:
Nothing personal .. just business
"the FBI's general disinterest in using outside contractors"
More like “selective disinterest” when it came to not bothering to examine the Clinton Campaign’s email server hacked by the Russian government and spilled to Wikileaks, preferring to allow outside contractors to handle everything.
That decision helped spawn a rash of conspiracy theories about why John Podesta would not want to let his server get into the hands of the nation’s chief law enforcement agency, and, hardly a surprise, suspicions of child pornography jumped to the top of the list among the Hillary haters.
Re: "the FBI's general disinterest in using outside contractors"
Forget about the security aspects of her email server. Instead the mere existence of the email server is de facto attempt by Hillary to bypass 5 U.S.C. § 552 (Freedom of Information Act). So exactly what aspect of her job did she want to conceal from public scrutiny and why?
Re: Re: "the FBI's general disinterest in using outside contractors"
The same as the many many many senior Republican officials doing exactly the same thing for at least the same reasons. But Hillary!
Re: Re: "the FBI's general disinterest in using outside contractors"
The fact that State Dept. IT was an absolute morass? (If anything, that is what the whole "but her emails!" thing indicts, considering how many previous SecStates had maintained "side" email accounts…)
Re: Re: Re: "the FBI's general disinterest in using outside contractors"
Side ones that they insisted be allowed on the secret network without whitelisting? Nice apples to antimatter comparison there.
Re: Re: Re:2 "the FBI's general disinterest in using outside contractors"
Yes. Antimatter apples to antimatter apples?
Re: "the FBI's general disinterest in using outside contractors"
Look – over there – emails!!!!
Nice that Congress is coming down on the skeptical side on all this, but frankly, Christopher Wray doesn’t work for Congress. He works for the president. Congress’s direct actions on the FBI narrative without A Law are limited. The FBI director isn’t an investigator, he’s a politician. He’s there to be the president’s mouthpiece and policy enforcement hatchet man.
Are there enough Congressmen gullible enough to legally weaken or circumvent encryption technologies more than the NSA already does? I hope not. Reports that Congressmen have been using Telegram and other OTR protocols for communications have me hopeful that there’s enough support for strong encryption communications to overcome the more brain dead ones like Diane Feinstein and Richard Burr.
Seriously… I’d assume it’s gray and cloudy if Feinstein said the sky is blue she’s wrong so often. The Democrat’s Donald Trump.
Re: Re:
You are correct about one thing in this post and one thing only. The FBI director works for the president — he also works for the citizens of the US. As such it is Congress’ job to ensure that he works professionally and without dissembling to his ultimate bosses — us. The leverage Congress can bring to bear on the FBI is quite considerable which is why 10 Senators sending a letter requesting information from the Director is news. That they then publicized the letter lets the voters know that the Director is being called to account for the false narrative that he is pushing.
Your narrative about the NSA weakening encryption is also false. There have been numerous instances when NSA has suggested changes to cryptographic protocols… the debate at the time is always “NSA is trying to create a backdoor!!11!!” Eventually it comes out that the changes the NSA suggests protect against a form of attack not yet known to the general public. I assume that NSA knows about the attack and is trying to ensure that protocols aren’t created that will fall to them.
Re: Re: Re:
The calling to account will only happen if Congress takes further action when the director ignores the letter, or replies to different questions as a response.
Re: Re: Re:
Above all else, the FBI director works for the institutional interests of the FBI.
Re: Re: Re:
I agree with most of this, but…Some Spook agency, i think it was the CIA, insisted on a particular protocol in an RSA standard, which was much later shown to have a bad randomization component making cracking easy. It was only one of 5 options, and it wasn’t the preferred option, if i remember correctly. But its not all roses.
Re: Re: Re: Re:
It was the NSA funnily enough given the AC’s defense of the agency, who basically gave the RSA 10 million to push encryption that they knew was broken, and offered for ‘free’ an additional bit of code that made the problem worse.
Re: Re: Re:2 Re:
Technically, the NSA pushed a random number generator they knew was broken. The encryption protocol was fine…
Re: Re: Re: Re:
It was the NSA during the development of DES and later AES.
hold up...
“Nice that Congress is coming down on the skeptical side on all this,”
They are not coming down on anything, as usual, this is going to be more bluster to get people to think they care. They are still going to pass all the bills necessary to spy on you like you are under investigation 24/7.
Until something “Actually Happens” don’t count on congress caring about anything other than playing games that either make them look good in the public eye or get them campaign donations for them and theirs!
Re: 10 of 435 = bluster
Yup, “letters” from Congressmen are as cheap as toilet paper, but much less useful. Very naive to think such letters mean anything.
These 10 timid Congressmen are not serious — or they would be vigorously working within their very own, extremely powerful organization (Congress) to really change things.
truth is that all 3 current branches of the Federal government like the American surveillance state, find it extremely useful for practical rule, and are never going to seriously reduce it.
… your votes on Election Days are a huge joke (on you)
The more important statistic
of these 7,800 phones, after cracking and analysis…
how many actually had ANY useful intel on them???
I think we’ll be able to count that on ONE finger… the same one they give our rights every day…
Re: The more important statistic
The more phones they open,
the worse the statistics get.
So unopened phones enable more whining than opened, no-useful-information phones.
obviously because it is known that there isn’t any info on any of them relating to anything that is related to terrorism or any other crime or ‘bad’ thing. those that seized the phones have so many now they cant make up their minds which ones to keep for themselves but have been quick enough to tell the owners to ‘go swivel, you’re not getting them back!’
The FBI isn't interested in mere crime anymore
Remember, they just rebranded themselves as a counter terrorism agency.
Criminals have those pesky Miranda rights & due process rights.
Re: The FBI isn't interested in mere crime anymore
Indeed they do. They retain those same rights even when given labels like terrorist or enemy of the state. Anyone who claims otherwise is attacking the constitution and the foundation for the government in the first place.
Because the more items we can add to the McGuffin Box pile increases the growing fear that something important was missed & it will be the fault of not giving us more power.
Reminder: The FBI's mission is no longer "Law Enforcement"
But rather National Security. That was on Comey’s watch, so think about it every time he talks about his love for and loyalty to the mission. (Comey may be Trump’s enemy, but that doesn’t make him a friend to the public.)
The FBI’s interest is in preserving the current hierarchy of institutions, mostly preserving the FBI’s position in the current hierarchy of institutions.
So any new and additional tools the FBI might accumulate will be used for that purpose. Lately, the FBI likes gas-lighting and entrapping disabled people for aiding and abetting imaginary terrorists doing imaginary terrorist plots, with the minor consequence of sending innocent people to prison for lengthy sentences.
While I can’t speak for the FBI’s other programs (recommending to other Law Enforcement regarding Juggalos as a street gang?) I tend to want to assume at this point those programs would serve the public interest about as well.
Re: Reminder: The FBI's mission is no longer "Law Enforcement"
Imaginary crimes are the best ones. Ask the DEA. Mandatory minimum sentencing on imaginary drugs, weapons, money, and locations. Isn’t America great!
Same Problem as with terrorists and Russian election meddling
Once the problem is solved, how will the FBI justify demands for more resources?
Worse, once the FBI has nothing more to ask for, they will be asked questions about topics they’d rather not talk about. Their less-than-stellar performance on general crime will only be tolerated as long as they can push high-profile topics.
First they came for smartphones, and I did not speak out—
Because I was not a smartphone user.
Then they came for ‘pirated’ operating systems, and I did not speak out—
Because I was not a ‘pirate’.
Then they came for social network users, and I did not speak out—
Because I was not a social network user.
Then they came for anonymity, encryption, and free software—and there was no one left to speak for me.