Wednesday, March 23, 2016
FBI's
"Outside Party" Revealed as Bureau Angles to Keep New Hack Secret
FBI is getting help from an Israeli software
company in effort to unlock San Bernardino phone
The Verge notes
that the company "has a sole-source contract with the FBI that it signed
in 2013 specifically to help with mobile forensics and data extraction, exactly
the task presented by the San Bernardino case." (Photo: iphonedigital/flickr/cc)
The FBI wants to classify its new
"alternate" method of unlocking the suspected San Bernardino
shooter's iPhone, keeping it secret even from Apple itself, according to new
reporting.
The Guardian confirmed with government officials on
Wednesday that the technique does enable the FBI to get into Syed Farook's
iPhone. That means the agency can back off from its legal battle with Apple,
which has accrued widespread support from consumers and privacy advocates in
its refusal to create decryption software.
The FBI made its announcement on Monday, a day before it
was due in court to continue seeking an order to force Apple to unlock Farook's
phone, which Apple has said would weaken its users' privacy rights.
However, "the government now has to be
very cautious about when to use the method, which was provided by an 'outside
party', according to court filings," the Guardian's Danny
Yadron writes.
And according to additional reporting by Reuters on
Wednesday, the "outside party" is an Israeli software company called
Cellebrite, which creates, among other things, "a forensics system used by
law enforcement, military and intelligence that retrieves data hidden inside
mobile devices."
As The Verge notes, Cellebrite's involvement in the case is
not a total surprise. The company has "a sole-source contract with the FBI that
it signed in 2013 specifically to help with mobile forensics and data
extraction, exactly the task presented by the San Bernardino case," writes
Ashley Carman.
Carman explains:
[E]xperts
speculate the attack is based on a NAND
mirroring technique, which involves essentially copying the flash
memory of the device so it can be restored after a lockscreen wipe. US Representative
Darrel Issa directly asked FBI Director James Comey about the possibility of
using this technique during a House Judiciary hearing last
month. The bureau is now well aware of its existence, and there’s no reason to
believe it won’t work on the iPhone 5C in
question. Notably, this method will run into problems on phones with a Secure
Enclave, ruling out any phones beyond the 5S.
Apple's attorneys said Monday they would
request the FBI inform them of the security flaw they discovered and how they
were able to exploit it.
As Bloomberg explains, the FBI may in fact be subject to a
little-known process called the "equities review," which was created
by the Obama administration to determine if security flaws should be disclosed.
"I do think it should be subjected to an
equities review," Chris Inglis, former National Security Agency (NSA)
deputy director, told Bloomberg. "The government cannot choose
sides in the tension between individual and collective security so the equities
process should be run to put both on a level playing field."
Nate Cardozo, staff attorney at the digital
rights group Electronic Frontier Foundation, added, "The equities process
is supposed to apply to anytime the government discovers, learns of, buys or
uses vulnerabilities of any kind. If it's anything where they're attacking the
phone in software, it would be subject to the equities review."
At any rate, as civil liberties
advocates said this week, the showdown between Apple and the FBI is far from
over. Alex Abdo, an attorney with the ACLU's Speech, Privacy, and Technology
Project, wrote in ablog post published Tuesday that
"[e]ven if the FBI gets access to the San Bernardino phone using the new
method it is exploring, it is inevitable that the FBI will come knocking
again," particularly as Apple and other tech companies begin to bolster
their existing security systems in response to consumer demand.
The FBI's sudden discovery of the new hacking
method also strains trust in the agency's technical expertise, Abdo writes,
adding, "We have already explained that a key
premise of the government's argument—that it would lose the data if it tried to
guess the passcode too many times—was false. And now the FBI is acknowledging
that its previous statements that only Apple could help may also have been
wrong."
Surveillance blogger Marcy Wheeler also noted that the Department of Justice
(DOJ) has claimed at least 19 times that the only way it could get into
Farook's phone was with Apple's help, a claim which security experts
consistently disputed. And as digital rights group Fight for the Future said
Wednesday, the DOJ never named Cellebrite as an option in its previous court
filings.
Fight for the Future campaign director Evan
Greer said the latest developments indicate that the FBI is backing down
because it is losing public trust and is increasingly unlikely to set the
precedent that Apple unlock an iPhone on the bureau's command. "The FBI’s
last minute excuse is about as believable as an undergrad who comes down with
the flu the night before their paper is due," Greer said. "They
should come clean immediately, and admit that they mislead the court and the
public, to avoid further damaging what’s left of their credibility."
This work is licensed under a Creative
Commons Attribution-Share Alike 3.0 License
Donations can be sent
to the Baltimore Nonviolence Center, 325 E. 25th St., Baltimore, MD
21218. Ph: 410-323-1607; Email: mobuszewski [at] verizon.net. Go to http://baltimorenonviolencecenter.blogspot.com/
"The master class
has always declared the wars; the subject class has always fought the battles.
The master class has had all to gain and nothing to lose, while the subject
class has had nothing to gain and everything to lose--especially their
lives." Eugene Victor Debs
No comments:
Post a Comment