Privacy

by Tim Cushing


Filed Under:
backdoors, encryption, ice, phones



ICE Leads The Nation In Encryption-Cracking Expenditures

from the [not-pictured:-the-Federal-Bureau-of-Sucking-At-Counting-Phones] dept

We don't hear much from anyone other than FBI officials about the "going dark" theory. The DOJ pitches in from time to time, but it's the FBI's baby. And it's an ugly baby. Earlier this year, the FBI admitted it couldn't count physical devices. The software it used to track uncrackable devices spat out inflated numbers, possibly tripling the number of phones the FBI claimed stood between it and justice. FBI officials like James Comey and Chris Wray said "7,800." The real number -- should it ever be delivered -- is expected to be less than 2,000.

The FBI also hasn't been honest about its efforts to crack these supposedly-uncrackable phones. Internal communications showed the agency slow-walked its search for a solution to the San Bernardino shooter's locked iPhone, hoping instead for a precedential federal court decision forcing device manufacturers to break encryption whenever presented with a warrant.

The FBI appears to have ignored multiple vendors offering solutions for its overstated "going dark" problem. At this point, it's public knowledge that at least two vendors have the ability to crack any iPhone. Israel's Cellebrite -- the company presumed to have broken into the San Bernardino phone for the FBI -- is one of them. The other is GrayShift, which sells a device called GrayKey, which allows law enforcement to bypass built-in protections to engage in brute force password cracking.

We don't know how often the FBI avails itself of these services. A pile of locked phones numbering in the thousands (but which thousands?!) suggests it is allowing the serviceable (vendor services) to be the enemy of the perfect (favorable court rulings and/or legislation).

Other federal agencies aren't waiting around for the next horrifying terrorist attack to nudge Congress towards mandating encryption backdoors. They're spending tax dollars now to take advantage of vulnerabilities that may be patched out of existence in the near future, if they haven't been addressed already. Thomas Brewster of Forbes has spent some time sifting through government records to see who's buying and how much they're spending. The FBI isn't on the list. The DEA is. But the Daddy Warbucks of federal law enforcement agencies is none other than the one voted Most In Need Of Immediate Abolishment.

According to government contract records on FPDS.gov, ICE acquired the services of GrayShift earlier this month. And it’s spent more than any other government department on GrayShift tech, with a single order of $384,000. Other branches of the Trump government, from the Drug Enforcement Administration to the Food and Drug Administration, have splashed between $15,000 and $30,000 on different models of the GrayKey, which requires physical access to an Apple device before it can break through the passcode.

ICE wants everything on the menu. In addition to spending big on cellphone-cracking devices, the agency has also thrown money at forensic tools from Cellebrite, social media tracking software, "intercept software" from a Nebraska-based vendor, and "computer support equipment" from foreign companies (one of them Russian) known for their ability to extract data from encrypted messaging services.

It would seem the agency involved in investigating the widest variety of crimes would be joining ICE in its encryption-breaking spending spree. But there's no trace of FBI expenditures to be found in these records. It may be the FBI has exempted itself from reporting this information under the theory that naming dollar amounts and/or vendors would allow wily criminals to escape its grasp. If so, it seems unlikely this refusal has a legal basis. The DEA and ICE have both allowed these records to be published and both agencies routinely engage in investigations that theoretically could be compromised by making spending data public. (The key is "theoretically." In reality, it's unlikely publishing contract data has any noticeable effect on criminal behavior.)

Moving past the FBI, there's reason to be concerned ICE is making purchases like these. Given its main concern is the speedy removal of undocumented immigrants, this tech seems to be more of a "want" than a "need." Most of the cases ICE deals with don't need to involve cracked phones and forensic searches. But because it has the tools on hand, it will make sure it gets our money's worth.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 25 Sep 2018 @ 4:46am

    Why do I get the impression that read everything on you phone, laptop and tablet, and in your social media accounts is the new papers please that law enforcement dreams of.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Sep 2018 @ 4:57am

    I
    Crack
    Encryption

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    icon
    Rizwan (profile), 25 Sep 2018 @ 5:21am

    Happy Independence Day Text

    it,s very easy to that it,s great and help full for every one.

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 25 Sep 2018 @ 6:05am

    The FBI also hasn't been honest

    The FBI also hasn't been honest about . . .

    I'm shocked! Shocked, I tell you that the FIB isn't honest.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    icon
    Veelead Solutions (profile), 25 Sep 2018 @ 6:14am

    SharePoint

    Thanks for sharing this useful information

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Sep 2018 @ 8:07am

    "ICE Leads The Nation In Encryption-Cracking Expenditures"

    But are they now able to decrypt things they were not able to decrypt in the past or are they buying snake oil?

    reply to this | link to this | view in chronology ]

    • icon
      JoeCool (profile), 25 Sep 2018 @ 9:22am

      Re:

      Both. That's the danger of buying everything available. Some of it works as advertised, some of it works but is redundant, and the rest is snake oil.

      reply to this | link to this | view in chronology ]

  • identicon
    Fat Chance, 25 Sep 2018 @ 9:56am

    Who, me?

    A family or other group sharing cars and devices, none of which requiring a password or anything else to use, operate, etc.

    Various agencies tracking vehicles and devices, but not people.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Sep 2018 @ 10:52am

    from all the headlines, it is hard to make out - is this being raised because LE is cracking phones (well, duh) or because ICE spent $384,000 to gain the technology to crack phones?

    ...if it is the latter, um, yeah. these days $384,000 is a drop in the bucket in enterprise level software world.

    i'm rather interested in what the heck the DEA and FDA got for $15K to $30K.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 25 Sep 2018 @ 3:22pm

    ICE is no-one's first choice when they go into Law Enforcement

    I'm pretty sure ICE pulls from a... different... pool of recruits than does the NSA or FBI.

    I wonder if the latter two only spent money on the stuff they figured worked, whereas ICE couldn't tell the Shinola. Given that ICE is currently one of Trump's favorite investments, they might also be able to afford frivolous expenses.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Close
Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.