The Federal Bureau of Investigation insisted that it was helpless.
The bureau told a judge in February that Apple has the “exclusive technical means” to try to unlock the contents of San Bernardino shooter Syed Rizwan Farook’s iPhone — and that’s why it should be forced to do so.
But notably missing from the FBI’s argument was any mention of whether it had consulted spies and sleuths from the government’s intelligence community — particularly the National Security Agency.
The Twitterverse exploded with questions. Couldn’t the NSA break open the phone? If it could, why didn’t it?
I hear the @FBI made a sworn declaration that there are no alternative means to unlock the #Apple phone. Anyone have a cite? It's important.
— Edward Snowden (@Snowden) February 18, 2016
Reporters, if you talk to DOJ or the FBI about Apple, please ask them why the FBI hasn't sought the NSA's help. https://t.co/RBnn99BChK
— Christopher Soghoian (@csoghoian) February 22, 2016
Apple itself raised those questions in a court filing. “The government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks,” the company’s attorneys wrote.
The NSA, after all, has long targeted digital encryption systems for exploitation, and, as The Intercept revealed in 2015, the CIA and NSA have been working for nearly a decade specifically to find ways to hack into Apple devices. Those agencies could presumably help the FBI do what it wants to do to Farook’s iPhone: place a modified version of Apple’s iOS operating system on the device that allows rapid, unlimited attempts to guess Farook’s encryption passcode.
Peter Thomson, a former federal prosecutor who worked on special assignment at the NSA, told The Intercept, “I know of no case law that would put the burden on the FBI to go to the intelligence community,” adding, “I don’t think the NSA has to share what it can and can’t do.”
“Apple is being quite creative with its argument. Assuming first that the NSA can get into the phone — then [asking it to help] is pushing the envelope into the classified world,” Thomson said.
FBI Director James Comey, when asked directly during a House Judiciary Committee hearing on Tuesday if the bureau had tried to get help from “agencies such as the NSA,” replied, “Yes is the answer. We’ve talked to anybody who will talk to us about it.”
He later said: “We don’t have the capabilities that people sometimes on TV imagine us to have. If we could have done this quietly and privately, we would have done it.”
But his lack of specificity — What did the NSA say when contacted by the FBI? Who is “we”? — did not really clear things up.
So why didn’t the NSA help? Here are a few possibilities:
1. The NSA tried to help, but it couldn’t.
This seems unlikely, but it’s possible. For instance, it’s conceivable the agency isn’t able to forge Apple’s cryptographic signature, which is required to install a modified operating system on an iPhone.
Dan Guido, CEO of the security research firm Trail of Bits, explained in a blog post: “Before any firmware image is loaded by an iPhone, the device first checks whether the firmware has a valid signature from Apple. This signature check is why the FBI cannot load new software onto an iPhone on their own — the FBI does not have the secret keys that Apple uses to sign firmware.”
2. The NSA could help, but doesn’t want to.
“They don’t want to acknowledge they have the capability at all,” said Chris Soghoian, principal technologist at the American Civil Liberties Union. “It’s giving the NSA’s adversaries false confidence. If you’re Angela Merkel and you have an iPhone, you’re feeling pretty good right now.”
Similarly, if Apple knew the NSA had found a vulnerability, it would presumably try to fix it.
Austin Berglas, a former FBI agent now at K2 Intelligence, told BuzzFeed the NSA might fear its help could end up being exposed in court. “There are capabilities that the U.S. government has, that are used for intelligence collecting only and that wouldn’t be used for a criminal matter because they would have to come up in open court.”
But Farook’s phone is unlikely to yield any useful evidence — and particularly unlikely to spark new legal proceedings.
3. The NSA isn’t allowed to help.
The NSA’s mandate is to gather foreign intelligence while protecting U.S. secrets in the interests of national security.
But Liza Goitein, co-director of the Liberty and National Security Program at the Brennan Center for Justice, said that’s never stopped the NSA from investigating at home before. “The NSA … has a very broad interpretation of what’s foreign intelligence — broad enough to collect American phone records,” she said.
And Thomson, the former prosecutor, told The Intercept, “I’m not aware of any law that would prohibit the NSA from providing technical assistance.”
In fact, the NSA has already helped with the San Bernardino case. Adm. Mike Rogers, the NSA’s chief, told Yahoo News that his agency successfully gathered metadata records for Farook’s phone — but not content.
Indeed, the separation between outward-facing and inward-facing intelligence agencies has blurred considerably over the past 15 years. Less than three years after 9/11, then-FBI Director Robert S. Mueller said the bureau was in a much better position to prevent terrorist attacks “because we coordinate much more closely and regularly with the CIA and NSA … because the legal wall between intelligence and law enforcement information has been eliminated.”
4. The FBI doesn’t want the NSA’s help.
The most cynical explanation for why the NSA hasn’t helped is that the FBI hasn’t really tried to get it to. “If they ask the NSA for help,” said Soghoian of the ACLU, “they don’t get the precedent they want.”
Though Comey told Congress that the FBI has “talked to anybody who will talk to us about it,” there’s little question that the FBI would rather force technology companies to develop these kinds of tools so that law enforcers across the country can use them, rather than have to ask the NSA for help on a case-by-case basis.
And while the FBI insists that the San Bernardino case isn’t about “sending a message” or establishing a legal precedent, law enforcers across the country have said this case could fundamentally change the way they investigate crime. Apple is currently fighting 12 other court cases where it’s resisting orders to unlock a phone — some of them very early generations of iPhones with operating systems that are much less secure.
The House Judiciary Committee’s ranking Democrat, Rep. John Conyers, expressed concerns earlier this week that the government is exploiting the tragedy in San Bernardino to push its agenda on encryption while sidestepping congressional debate.
“I would be deeply disappointed if it turns out that the government is found to be exploiting a national tragedy to pursue a change in the law,” he said during a hearing on Tuesday.
The methods mentioned require long term possession of the phone and possible permanent destruction. The FBI wants the ability to use software, remotely. No need for expense, time or possession of the phone.
As far as targeting “innocents,” the federal government has been seizing bank accounts from citizens who have mistakenly made deposits for sums that exceed government established limits. In many cases, the money is seized and never returned. In some, it’s returned after very lengthy court battles. …compensation for loss of funds, bank charges and lawyer fees? I have no idea.
An easy riddle to solve. Number 4. No-one expects anything of value to be found on the phone. Comey doesn’t care if that particular phone gets cracked or not; he just wants his legal precedent.
i say a little of 2 and mostly 4, let’s not pretend that these agencies suddenly stopped guarding their rice bowls. 9-11 grew us another teet in the form of homeland security precisely because these enforcement agencies constantly squabble over the resources we’re compelled to lavish them with.
in all cases the prize here is permanent power for a global elite, the group that best ingratiates themselves, who delivers the decisive tool of oppression, will sit comfortably beneath the throne.
I used to think it was outrageous when the Federal Government went in front of a judge and lied their asses off.
Now I just shrug.
The ability to use other means of obtaining the phone data was obscured when the Icloud password was changed. It limited Apple’s options. It would appear like Apple’s security is head and shoulders above other corporations. Oddly this issue hasn’t developed in other non Apple systems. It illuminates a much greater issue? As for lines between intelligence and the FBI they have been blurred since the patriot Act.
I’m sorry but I can’t really understand all this fuss about San Bernardino’s iPhone…. what’s the reason behind all this while it was shown that NSA can access iPhone ? http://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-reportedly-has-total-access-to-your-iphone/#1e5b82b41604
Could anyone help me understand?
I understand the readership here may slant to the paranoid (myself included), however, if the FBI ever needs to look into my encrypted phone to help solve a capital crime, I’m more than happy to let them do it. If they need to look into your phone to solve a multiple homicide, I support that as well. What do you people have that is so valuable to you that information about a potentially networked terrorist act is less important? I have every freedom I want and don’t need Apple’s tech to protect me because I don’t do anything about which the FBI would give two shi*ts. Get over yourselves and your so called freedom arguments… innocent people were murdered.
Whether the NSA has the ability is not relevant to the real issue. If this is an Apple & FBI show to give criminals a false comfort level isn’t relevant to the real issue. The real issue I see is that the average person (here at least) thinks their privacy is more important than learning the full motives of a murderer. Ergo… the average person must be doing some really horrible things! Well, good thing the FBI will never be able to hack your phone.
One reason you might oppose this is that it is a classic Devils Bargain. You give up something you have but don’t value very much (like your soul) in return for something ephemeral or non-existant (like safety from terrorism).
The FBI has been caught doing lots of naughty things to people over the years, civil rights leaders, anti-war protesters, people like Martin Luther King. This unchecked power gives them the ability to neutralize or marginalize people in a way that can’t be traced back to them.
The fact that you personally aren’t worth two shi*ts really isn’t the point.
I love the stupidity behind this comment. Companies use your personal information to profile you and build a case against you. Let’s say you’ve been looking at websites about smoking and alchohol. Few weeks later, you apply for health insurance but can’t work out why your application gets denied. See the problem?
Like John Mcafee said. “all it takes is a hardware and a software engineer thirty minutes to break into a phone.”
He actually said 3 weeks.. and was obviously just grandstanding in a pathetic attempt to draw attention to his failed “Cyber Party” bid for president. The guy is a joke. Maybe there are white hat hackers out there that could do this but John Mcafee doesn’t know them.
Ok. American politics and government is being overrun by Big Business. Apple ARE Big Business. Ergo, Apple ARE a part of the government mechanism of America. The NSA is a government-organised spying and controlling mechanism. Ergo, Apple have an interest in the NSA. But Apple also need to sell units to a disgruntled populace. Ergo, Apple pretend to be “doing it for the kids”, who dumbly buy their products because their vanity can’t survive without taking the nth selfie of themselves and watching Maroon 5 on YooToob. This ensures the entire population of the Western World and beyond continues to buy a Surveillance State’s stupid-arsed wet-dream of a product.
In short – the devices are already compromised, you idiots.
Great!
No organization, including the NSA, is a monolith so we shouldn’t stereotype everyone that works there. In fact the loyal NSA employees may be the best way to restore this agency.
100% of all NSA officials take a supreme loyalty oath to follow the U.S. Constitution – which includes the 4th Amendment as written.
Remember it was NSA hero Edward Snowden that defended the constitutional rights of Americans the most – in spite of the judges and justices dereliction of duty to “check” the other branches for judicial review.
The loyal NSA officials are the good guys, not all of them are disloyal to their oath of office.
I grew up in South Phila. Moved to Manhattan. Not everyone who worked for the Italian, Irish, Russian or Asian mafia was evil. Many were decent people, just doing a job – supporting a family. They followed strict codes many took oaths too. They had “rules” they needed to follow. Though like the NSA they were violating laws. Unlike the NSA they were not so much violating the constitutional or “human rights” of ‘everyone’ (as many possible on the planet). They were not sponsoring global attacks & wars either. Their footprint was local mostly – very limited in comparison.. Your argument does not fail it stinks. Other than the whistle blowers, you cite one example (chuckle) where are all these good you speak of? I KNOW! I KNOW! They are spineless cowards too scared to take a stand. Cowards hiding behind the MEME, “I am just doing my job”. Like most I’ve had many opportunities to work with corrupt or violent corporations & people. However, I intentionally choose not to. Not all cops are evil, I ‘attest’ in absolute terms, most of my family are cops. But where are the good ones speaking out against the bad, standing up for us. My family or not, their jobs are at risk if they do. Therefore like your brave NSA foot soldiers they are cowards. It is what it is – you can spin it how you like. Though compared to the NSA the crimes of police are localized and often not as dangerous to us all.
The naivete of your post is incredible. Of course there are some good people working for the NSA, people who are genuinely concerned about the rights of others. But they constitute a minority, and anyone who has worked within the MIC can confirm this. Mostly they identify with the more Rambo-esque aspects of their agency’s image and agenda, mostly they are politically conservative, and mostly they see no inconsistency between Christianity and acts of murder.
As for the oath of allegiance to the Constitution, in my experience for most it is analogous to the user agreements you check off to install software: they sign, never having read, much less thought about, the contents of that document. Maybe they should be forced to take a class on the Constitution, with passing it being a precondition to their being hired. But in that case the Agency would be reduced to a few hundred lower level employees. It is certain that their leadership would be incapable of sufficient comprehension to pass.
Shine the light on these FBI STASI roaches. Organized stalking of innocent civilians to justify their dark budget for minion contractors. The use of RF weapons for covert slow-kill (DEW’s).
5. The NSA does not want to disclose its powers and methods to possible disclosure in court or to read more judges into the clan.
The “NSA is Mysteriously Absent” from everything, Jenna. .. even the Select Senate Intelligence Oversight committee.
*’when you say goodbye, they say hello’ (h/t Beatles, magical mystery tour.)
What you are seeing is the bad guys looking to get legal cover for what they have been doing since yr dot.
There is nothing that the NSA has not broken.
This is all PR for the masses.
Really, the government is going to create TOR for democracy? You are having a laugh.
Thank you. I wish more folks understood this.
I firmly favor option 2 here. When you trust Apple to control whether your “secure” phone is hacked or not, you’re trusting everyone willing to PAY them sufficiently and who can do the needed PR control (via official secrecy and draconian penalties for releasing ‘classified trade secrets’) to keep the hack from being known. Apple’s whole crusade has some kind of value … just not to the consumer.
5. NSA has broken into the phone and can break into any phone, but is pretending otherwise, as their technology instantly becomes worthless if people find out about it. Thus this FBI feint, which is mainly to create confidence in the phones and keep people talking and spilling their secrets. So the NSA wins either way. If FBI loses, they win now, and if FBI wins, they win down the road.
Perhaps the NSA used the FBI as a proxy to get access to the key’s.
You forgot one: 5. The NSA has Apple’s keys, has cracked the phone and the FBI has information it wants to act on, but can’t without giving away NSA’s capability. The only way to move forward on whatever info they have is to get Apple to duplicate what NSA did.
My thought exactly. Somewhere in the many Snowden documents related articles there are examples of how the NSA retrieved information from Google (I think) using NSLs, when in fact it already possessed the information beforehand, and just needed to obtain it “legally” bwfore it could act on it.
If I’m not mistaken, that also was a NSA+FBI collaboration.
Obvious comment: I would be deeply surprised if it turns out that the government is NOT found to be exploiting a national tragedy to pursue a change in the law.
Of course they are nt teaming up together because everyone in the world knows that for all the good they do, they are also abusive predatory arrogant trespassers who share the registered patented trademark, “JUST TRUST US” ® · ®
Besides, it the fbi loses, nsa is next at bat. if they lose, 3rd up will be cia. cleanup will be the telcos themselves who already have blanket immunity from stealing anything they want.
WHAT A CON GAME ON AMERICA AND THE WORLD.
The whole drama of this Apple-FBI fight reminds me of the contrived wrestling matches.
Encryption of Apple devices is basically an encryption routine that operates on each device quite independent of the password. The password only triggers the encryption routine to run. But the routine itself does not use the password to scramble the contents of the device. You can test it yourself. Just change the password and see how quickly the device is back in operation – almost instantaneously. Had the contents been modified due to a change in password then it would have taken the device tens of minutes if not an hour to respond to the respond to the next command. Encrypted folder managers like cryptkeeper take quite a lot of time to encrypt any file even with pretty fast processors, but in comparison Apple devices take next to nothing even when the password is changed. So, the contents are encrypted in a way that the device was manufactured, not at all related to the password. This actually makes it easy to change passwords quickly, so the owner does not have to wait for an hour in case he changes his password, or the device crashes due to loss of power in the middle of encrypting the contents. This also makes it easy for hackers to hack, and I am sure FBI knows how to. All they want is a way to do it quickly; otherwise, it can take a bit of time and some software and hardware expertise.
It should be a simple exercise to open the device, clone the entire system and get into the program through an assembly language editor (eg. debug in DOS) and look for the INT commands (interrupts) that asks for keyboard entry. You can follow the path in the assembled file and see where it goes when the match with the password is correct – you really don’t have to even know the password. After that all you have to do is edit the assembled file so that the program flow goes straight to that line number whatever text may be entered in the keyboard. I have myself been out of touch with these kind of tricks for many decades now, but I am sure all hackers are pretty much aware of this and more.
It’s not just Apple that does this. Change the password in any device, and if the device is back in action the very next moment then you can be sure it can be hacked – may not be easily, but definitely nevertheless.
So this is all drama between Apple and FBI. I am sure NSA is maintaining a discreet silence since they have the resources to do the trick. FBI is usually sadled with budget crunch and so need an easy fix.
If you really want to hide any information from prying eyes then use an encrypted folder manager like cryptkeeper that unlocks with an eight word or longer passphrase that Micah Lee had written about how to create by using diceware. You need to encrypt the contents of the file that uses your password, not just encrypt the device that works quite independently of your password once it is decrypted.
-H
my reading about all this is that encryptian is a different animal than the password which is just a gateway with an event tripper. i have read that serious hardware encryptian is largely unbreakable.
If Apple is capable of doing something, what makes you think some other agency or company isn’t capable of doing the same thing?
My understanding is that the encryption is effectively unbreakable, but that the user’s six-digit pass code provides access to the key. Of course, a six-digit pass code can be obtained by brute force in milliseconds, so Apple has added more protection by automatically wiping all data after a few unsuccessful tries. That seems to mean that brute force is not an option.
However, with physical control of the device and with all the resources at the FBI’s disposal, I can’t see why they can’t just open the box, make 1,000,000 virtual clones, and then try each six-digit number on its own clone. The one that lets them in is the winner.
There’s no need to decrypt anything. They just need to bypass the “self-destruct” mechanism.
There’s also a (remote-possibility?) option 5: the NSA, and perhaps even Apple themselves, have already helped the FBI in private and the FBI silently got what it wanted, while Apple and the FBI play a continuing dispute out in public to scare smaller (e.g. free-) software authors from making anything encrypted lest they get into such a legal mess.
Perhaps they’re not targeting the next San Bernardino, so much as the next Snowden or GnuPG.
The film “Conspiracy Theory” was our introduction to that scenario. When people wake up and realize that the nsa is recording all your keystrokes, speech-to-texting all your calls, analyzing your movements and facial expressions when you are in front of any camera, and logging all your whereabouts, the entire system will backfire because the people will rise up and ask,
“Since you know so much about us, alert me for the best marriage match. And about my boss….”.
Next stop, Stepford Wives. Don’t worry be happy?
I’m going to go with Option 2.
There are competing interests between the FBI and NSA. The NSA could have zero day exploits against Apple products that may be exposed if shared with the FBI. So when Hayden comes out in support of encryption, my inner cynic says it isn’t because he is suddenly principled but because in his view a backdoor in the security feature would help level the playing field for NSA adversaries.
Thanks Jenna. The issue of WHY the FBI would not just contact the NSA was the first question in my head when this silly story broke 2 weeks ago. Really – thanks so much.
Breaking Apple’s encryption is child’s play for the NSA. The FBI is working on getting access to everything, all the time, independent of others.
The additional benefit to the government, win or lose the case, is creating a false impression in the public that commercial encryption is secure. It is not. There is no means of electronic communications the US government has not compromised.
Surely the FBI has revived COINTELPRO in all but name.
or… the whole thing is ONE GIANT BLUFF. To ward of hackers crackers and attackers into believing they are wasting their time at great risk.
The IRS is using a system that was hacked to protect victims of a hack—and it was just hacked.
Oh the FB friggin’ I – the bozos who spent Billions on a system that couldn’t search for “flight” & “school” in the same query.
I sincerely believe the NSA has been absent since long before 9/11.
And the bigger question might be why is the FBI finally getting around to offering immunity to the dood who replaced the government email server at Hillary’s place with her private email server, which is the modus operandi of a foreign agent?
Your first sentence doesn’t make sense.
Your second sentence is not far behind.
FBI: Can you crack this iPhone?
NSA: Not worth our time. It’s too much fun listening to Angela Merkel. You won’t believe what she just said about Donald Trump!
FBI: Please!
NSA: OK. Just tell the Town of San Bernadino to change the password. It’s their phone.
FBI: Now it’s stopped uploading data to the cloud.
NSA: I can’t believe you actually did that. Suckers!
FBI: Meanies. We’ll tell the courts to outlaw encryption. You’ll be out of business.
1 yr later… employment consultants leave Initech, head to NSA offices in DC.
Bobs: So, what is it you would say you do here?
NSA: We’re people persons goddamnit! We deal directly with the people!
Bobs: Uh huh. About those iPhone and Apple OS data reports, how many times a week would you say you run those?
Lumberg: Yeah, I’m gonna need you to go ahead and not work on those anymore this weekend, or ever… Mmkay? Great.
… or has the NSA already cracked it? …
I think the most suspicious aspect of this case, worth repeating, is how the FBI changed the iCloud password on the account, so that the iPhone wouldn’t automatically backup all its data to the cloud, where Apple could easily have accessed it with no need to build any software tools to crack open all iPhones.
I wish there was some way to question the FBI about precisely who made that decision, when it was made, and what their rationale was for doing it – as it seems to amount to deliberate sabotage of their own investigation in order to push forward their agenda of forcing Apple to make software that will allow them to break into any iPhones they want.
I’d also be curious to know if any police agencies had Stingray systems (cell-site simulators capable of tracking any phone) operational in the San Bernardino area at the time of the shooting. Yes, they definitely have such systems, and have used them without warrants many times, see this May 2015 article from ArsTechnica:
http://arstechnica.com/tech-policy/2015/05/county-sheriff-has-used-stingray-over-300-times-with-no-warrant/
“County sheriff has used stingray over 300 times with no warrant
San Bernardino Sheriff’s Department doesn’t tell judges it’s using spy device.”
“The documents sent to Ars by the SBSD’s county attorneys also show that since acquiring a stingray in late 2012, the agency has used it 303 times between January 1, 2014 and May 7, 2015.”
“Further, the SBSD, like other departments nationwide, maintains a questionable non-disclosure agreement (NDA) with the FBI that indicates that the agency will work with local prosecuting authority to dismiss cases rather than reveal information in court about Stingrays.”
Some more questions should be asked about that issue, too.
I think the most suspicious aspect of this case, worth repeating, is how the FBI changed the iCloud password on the account, so that the iPhone wouldn’t automatically backup all its data to the cloud, where Apple could easily have accessed it with no need to build any software tools to crack open all iPhones.
Marcy Wheeler has a piece on that:
https://www.salon.com/2016/03/03/the_fbis_shady_iphone_evasions_why_its_claims_about_the_san_bernardino_attack_make_no_sense_at_all/
Marcy Wheeler rocks!
quote“There was a mistake made in that 24 hours after the attack.””unquote
Hahaahaha! Mistake. right.
If this was a mistake watch for a squadron of flying pigs to appear over the West coast at noon.
NSA needs POTUS order to help FBI in this specific case, and no need of Apple’s help.
In 2016, most smart criminals already have stopped using all forms of electronic communications anyway.
Even the 9/11 terrorists never used electronic communications according to the Washington Post and New York Times – so this wouldn’t have prevented 9/11.
Once you remove real criminals and real terrorists from the equation, the FBI will mostly be targeting innocent Americans and punishing them for legal constitutional activities like freedom of speech, freedom of association and freedom to petition their government.
The same thing happened Martin Luther King, Jr – a Baptist minister that also preached James Madison’s model of government. It will harm innocent people the most.