Pages

Tuesday, 27 March 2018

Inquiry finds FBI sued Apple to unlock phone without considering all options

The Office of the Inspector General has issued its report on the circumstances surrounding the FBI’s 2016 lawsuit attempting to force Apple to unlock an iPhone as part of a criminal investigation. While it stops short of saying the FBI was untruthful in its justification of going to court, the report is unsparing of the bureaucracy and clashing political motives that ultimately undermined that justification.

The official narrative, briefly summarized, is that the FBI wanted to get into a locked iPhone allegedly used in the San Bernardino bombing in late 2015. Then-director Comey explained on February 9 that the Bureau did not have the capability to unlock the phone, and that as Apple was refusing to help voluntarily, a lawsuit would be filed compelling it to assist.

But then, a month later, a miracle occurred: a third party had come forward with a working method to unlock the phone and the lawsuit would not be necessary after all.

Though this mooted the court proceedings, which were dropped, it only delayed the inevitable and escalating battle between tech and law enforcement — specifically the “going dark” problem of pervasive encryption. Privacy advocates saw the suit as a transparent (but abortive) attempt to set a precedent greatly expanding the extent to which tech companies would be required to help law enforcement. Apple of course fought tooth and nail.

In 2016 the OIG was contacted by Amy Hess, a former FBI Executive Assistant Director, who basically said that the process wasn’t nearly so clean as the Bureau made it out to be. In the course of its inquiries the Inspector General did find that to be the case, though although the FBI’s claims were not technically inaccurate or misleading, they also proved simply to be incorrect — and it is implied that they may have been allowed to be incorrect in order to further the “going dark” narrative.

The full report is quite readable (if you can mentally juggle the numerous acronyms) but the findings are essentially as follows.

Although Comey stated on February 9 that the FBI did not have the capability to unlock the phone and would seek legal remedy, the inquiry found that the Bureau had not exhausted all the avenues available to it, including some rather obvious ones.

Comey at a hearing in 2017.

For instance, one senior engineer was tasked with asking trusted vendors if they had anything that could help — two days after Comey already said the FBI had no options left. Not only that, but there was official friction over whether classified tools generally reserved for national security purposes should be considered for this lesser, though obviously serious, criminal case.

In the first case, it turned out that yes, a vendor did have a solution “90 percent” done, and was happy to finish it up over the next month. How could the director have said that the FBI didn’t have the resources to do this, when it had not even asked its usual outside sources for help?

In the second, it’s still unclear whether there in fact exist classified tools that could have been brought to bear on the device in question. Testimony is conflicting on this point, with some officials saying that there was a “line in the sand” drawn between classified and unclassified tools, and another saying it was just a matter of preference. Regardless, those involved were less than forthcoming even within the Bureau, and even internal leadership was left wondering if there were solutions they hadn’t considered.

Hess, who brought the initial complaint to the OIG, was primarily concerned not that there was confusion in the ranks — it’s a huge organization and communication can be difficult — but that the search for a solution was deliberately allowed to fail in order that the case could act as a precedent advantageous to the FBI and other law enforcement agencies. Comey was known to be very concerned with the “going dark” issue and would likely have pursued such a case with vigor.

So the court case, Hess implied, was the real goal, and the meetings early in 2016 were formalities, nothing more than a paper trail to back up Comey’s statements. When a solution was actually found, because an engineer had taken initiative to ask around, officials hoping for a win in court were dismayed:

She became concerned that the CEAU Chief did not seem to want to find a technical solution, and that perhaps he knew of a solution but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple. According to EAD Hess, the problem with the Farook iPhone encryption was the “poster child” case for the Going Dark challenge.

The CEAU Chief told the OIG that, after the outside vendor came forward, he became frustrated that the case against Apple could no longer go forward, and he vented his frustration to the ROU Chief. He acknowledged that during this conversation between the two, he expressed disappointment that the ROU Chief had engaged an outside vendor to assist with the Farook iPhone, asking the ROU Chief, “Why did you do that for?”

While this doesn’t really imply a pattern of deception, it does suggest a willingness and ability on the part of FBI leadership to manipulate the situation to its advantage. A judge saying the likes of Apple must do everything possible to unlock an iPhone, and all forward ramifications of that, would be a tremendous coup for the Bureau and a major blow to user privacy.

The OIG ultimately recommends that the FBI “improve communication and coordination” so that this type of thing doesn’t happen (and it is reportedly doing so). Ironically, if the FBI had communicated to itself a bit better, the court case likely would have continued under pretenses that only its own leadership would know were false.


Inquiry finds FBI sued Apple to unlock phone without considering all options was first posted on https://techcrunch.com/gadgets/

No comments:

Post a Comment