from the what-a-compelling-argument-for-broken-encryption dept
The FBI held a very performative press conference to announce it had finally gained access to communications and data originating from the Pensacola Naval Air Station shooter. The coup, apparently, is that the FBI was able to — after months of fighting iPhone encryption — um… nail down attribution. Here’s CNN’s report on the FBI’s press conference:
The Saudi military trainee who killed three US sailors and wounded several others in a terror attack last year on a military base in Pensacola, Florida, was in touch with a suspected al Qaeda operative, according to multiple US officials briefed on the matter.
US investigators uncovered the al Qaeda connection after the FBI broke through the encryption protecting the Saudi attacker’s iPhones, the officials said.
So, the FBI discovered that a shooter who al Qaeda claimed to be one of theirs was actually one of theirs. I’m sure the FBI found a few more leads to investigate — potentially targeting US persons involved with the terrorist group — but it’s far from the wealth of evidence the agency continually asserted was definitely present on the phones agents weren’t able to access.
It’s big news in a smaller way.
If Alshamrani was directed or trained by al Qaeda, it would mark the first time since 9/11 that a foreign terrorist organization had done so in a deadly attack in the US, according to New America, a think tank.
That’s an 18-year gap between foreign terrorist group-directed attacks on US soil. Not much to write home about, but the FBI seems to feel we all should be writing about it. Hopefully, this isn’t the FBI’s linchpin argument, because something that happens once every other decade is hardly worth the broad undermining of encryption the agency seeks.
CNN’s report says something the FBI doesn’t actually say: the “FBI broke through the encryption” statement. Chris Wray’s remarks at the press conference don’t actually state that the FBI broke the phones’ encryption. (And nothing is said about the iPhone that was damaged by a bullet, which possibly rendered it completely useless.)
On the topic of innovation—I want to thank and congratulate the men and women at the FBI who devoted months of hard work to accessing these devices. They successfully tackled a problem that required tenacity, creativity, and technical expertise. Those qualities are valuable in any organization—so I know how fortunate we are, and how fortunate the American people are, that we have so many people with those qualities at the Bureau. That’s why we work to recruit the kind of people we do.
The magnitude of the challenge they faced is hard to overstate.
Unfortunately, the technique that we developed is not a fix for our broader Apple problem—it’s of pretty limited application. But it has made a huge difference in this investigation.
This doesn’t clarify anything. This just says the FBI was finally able to access some of the contents, which means it could have found a way to exfiltrate or recover some data without actually breaking encryption.
What I’ve excised in this quote shows that this press conference wasn’t about announcing these findings. It was an anti-encryption pep rally pretending to be a dry announcement about an ongoing investigation. The FBI’s ulterior motives made their way to the forefront, starting with this:
We received effectively no help from Apple.
Wrong. The FBI received all the help Apple could give it. Apple was compliant with turning over all data and communications it could access. What it didn’t do was offer to break the encryption on the seized devices. And while Wray may talk about delays and (no, seriously) agents “toiling through the pandemic,” it was the FBI that sat on this investigation, waiting a month before asking Apple for assistance.
Then there’s this statement, in which Wray says everyone’s been misinformed about encryption-breaking tools sold by a handful of vendors.
We canvassed every partner, and every company, that might have had a solution to access these phones. None did, despite what some claimed in the media.
“What some claimed in the media” is a fucking disingenuous statement. This is what was claimed by vendors offering tools that bypassed Apple’s built-in protections to provide access to iPhone contents. The media didn’t spin this. If vendors over-promised and under-delivered, that’s on them, not the journalists reporting on the latest in encryption-breaking tech.
This is twice as disingenuous when you remember the FBI refused to seek outside options in the San Bernardino shooter case because it really would rather have had legal precedent. While the FBI and DOJ went after Apple in court, vendors tried to offer their assistance. When the FBI finally decided to work with a still-undisclosed vendor to obtain the (useless) contents of the shooter’s iPhone, FBI officials were upset this had derailed their attempt to obtain judicial blessing for compelled decryption. This is pure spin and it was delivered by the head of the FBI solely to portray Apple as an enemy of the rule of law and the public’s safety.
Flow my collective tears, the federal policeman said.
Public servants, already swamped with important things to do to protect the American people—and toiling through a pandemic, with all the risk and hardship that entails—had to spend all that time just to access evidence we got court-authorized search warrants for months ago. Our engineers and computer scientists working to access these phones were also needed on other, pressing, national security and criminal investigations.
But the delay getting into these devices didn’t just divert our personnel from other important work. It’s also seriously hampered this investigation.
Finally getting our hands on the evidence al-Shamrani tried to keep from us is great. But we really needed it months ago, back in December, when the court issued its warrants.
Needed it for what? Confirming what al Qaeda said after the shooting? If that’s all there is, it really isn’t worth undermining the security of millions of encryption users, including those who work at the FBI. And it sure as hell didn’t stop the FBI from performing an investigation. Wray states the FBI interviewed 500 people and obtained all the evidence it could from sources other than the locked iPhones. The investigation continued and personnel still worked round-the-clock “through a pandemic” to put this case together. Apple’s contribution (or lack thereof) is only a footnote, but Wray insists it’s the headline.
Don’t be swayed by Wray’s cheap shots. This press conference was held to directly (in Apple’s case) and indirectly smear every US company that offers encryption to their users. If the FBI had held an intellectually honest press conference, it simply would have noted it found evidence linking the Pensacola shooter to al Qaeda and left it at that. (It also might have explained why it still hasn’t updated its count of encrypted devices in its possession.) Instead, Wray grabbed a bunch of nails and hung his agency on the cross, punctuating every hammer strike with oblique assertions that a refusal to create encryption backdoors may result in another foreign-directed terrorist strike on the homeland sometime in the next twenty years. When the facts alone aren’t compelling, the rhetoric has to make up the difference. And all we have here is a lot of anti-encryption filler.
Filed Under: al qaeda, chris wray, encryption, fbi, iphone, pensacolar, phones, terrorism