SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
FBI's "Outside Party" Revealed as Bureau Angles to Keep New Hack Secret
FBI is getting help from an Israeli software company in effort to unlock San Bernardino phone
Mar 23, 2016
The FBI wants to classify its new "alternate" method of unlocking the suspected San Bernardino shooter's iPhone, keeping it secret even from Apple itself, according to new reporting.
The Guardian confirmed with government officials on Wednesday that the technique does enable the FBI to get into Syed Farook's iPhone. That means the agency can back off from its legal battle with Apple, which has accrued widespread support from consumers and privacy advocates in its refusal to create decryption software.
The FBI made its announcement on Monday, a day before it was due in court to continue seeking an order to force Apple to unlock Farook's phone, which Apple has said would weaken its users' privacy rights.
However, "the government now has to be very cautious about when to use the method, which was provided by an 'outside party', according to court filings," the Guardian's Danny Yadron writes.
And according to additional reporting by Reuters on Wednesday, the "outside party" is an Israeli software company called Cellebrite, which creates, among other things, "a forensics system used by law enforcement, military and intelligence that retrieves data hidden inside mobile devices."
As The Verge notes, Cellebrite's involvement in the case is not a total surprise. The company has "a sole-source contract with the FBI that it signed in 2013 specifically to help with mobile forensics and data extraction, exactly the task presented by the San Bernardino case," writes Ashley Carman.
Carman explains:
[E]xperts speculate the attack is based on a NAND mirroring technique, which involves essentially copying the flash memory of the device so it can be restored after a lockscreen wipe. US Representative Darrel Issa directly asked FBI Director James Comey about the possibility of using this technique during a House Judiciary hearing last month. The bureau is now well aware of its existence, and there's no reason to believe it won't work on the iPhone 5C in question. Notably, this method will run into problems on phones with a Secure Enclave, ruling out any phones beyond the 5S.
Apple's attorneys said Monday they would request the FBI inform them of the security flaw they discovered and how they were able to exploit it.
As Bloomberg explains, the FBI may in fact be subject to a little-known process called the "equities review," which was created by the Obama administration to determine if security flaws should be disclosed.
"I do think it should be subjected to an equities review," Chris Inglis, former National Security Agency (NSA) deputy director, told Bloomberg. "The government cannot choose sides in the tension between individual and collective security so the equities process should be run to put both on a level playing field."
Nate Cardozo, staff attorney at the digital rights group Electronic Frontier Foundation, added, "The equities process is supposed to apply to anytime the government discovers, learns of, buys or uses vulnerabilities of any kind. If it's anything where they're attacking the phone in software, it would be subject to the equities review."
At any rate, as civil liberties advocates said this week, the showdown between Apple and the FBI is far from over. Alex Abdo, an attorney with the ACLU's Speech, Privacy, and Technology Project, wrote in a blog post published Tuesday that "[e]ven if the FBI gets access to the San Bernardino phone using the new method it is exploring, it is inevitable that the FBI will come knocking again," particularly as Apple and other tech companies begin to bolster their existing security systems in response to consumer demand.
The FBI's sudden discovery of the new hacking method also strains trust in the agency's technical expertise, Abdo writes, adding, "We have already explained that a key premise of the government's argument--that it would lose the data if it tried to guess the passcode too many times--was false. And now the FBI is acknowledging that its previous statements that only Apple could help may also have been wrong."
Surveillance blogger Marcy Wheeler also noted that the Department of Justice (DOJ) has claimed at least 19 times that the only way it could get into Farook's phone was with Apple's help, a claim which security experts consistently disputed. And as digital rights group Fight for the Future said Wednesday, the DOJ never named Cellebrite as an option in its previous court filings.
Fight for the Future campaign director Evan Greer said the latest developments indicate that the FBI is backing down because it is losing public trust and is increasingly unlikely to set the precedent that Apple unlock an iPhone on the bureau's command. "The FBI's last minute excuse is about as believable as an undergrad who comes down with the flu the night before their paper is due," Greer said. "They should come clean immediately, and admit that they mislead the court and the public, to avoid further damaging what's left of their credibility."
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission has always been simple: To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It's never been this bad out there. And it's never been this hard to keep us going. At the very moment Common Dreams is most needed, the threats we face are intensifying. We need your support now more than ever. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Will you donate now to make sure Common Dreams not only survives but thrives? —Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
The FBI wants to classify its new "alternate" method of unlocking the suspected San Bernardino shooter's iPhone, keeping it secret even from Apple itself, according to new reporting.
The Guardian confirmed with government officials on Wednesday that the technique does enable the FBI to get into Syed Farook's iPhone. That means the agency can back off from its legal battle with Apple, which has accrued widespread support from consumers and privacy advocates in its refusal to create decryption software.
The FBI made its announcement on Monday, a day before it was due in court to continue seeking an order to force Apple to unlock Farook's phone, which Apple has said would weaken its users' privacy rights.
However, "the government now has to be very cautious about when to use the method, which was provided by an 'outside party', according to court filings," the Guardian's Danny Yadron writes.
And according to additional reporting by Reuters on Wednesday, the "outside party" is an Israeli software company called Cellebrite, which creates, among other things, "a forensics system used by law enforcement, military and intelligence that retrieves data hidden inside mobile devices."
As The Verge notes, Cellebrite's involvement in the case is not a total surprise. The company has "a sole-source contract with the FBI that it signed in 2013 specifically to help with mobile forensics and data extraction, exactly the task presented by the San Bernardino case," writes Ashley Carman.
Carman explains:
[E]xperts speculate the attack is based on a NAND mirroring technique, which involves essentially copying the flash memory of the device so it can be restored after a lockscreen wipe. US Representative Darrel Issa directly asked FBI Director James Comey about the possibility of using this technique during a House Judiciary hearing last month. The bureau is now well aware of its existence, and there's no reason to believe it won't work on the iPhone 5C in question. Notably, this method will run into problems on phones with a Secure Enclave, ruling out any phones beyond the 5S.
Apple's attorneys said Monday they would request the FBI inform them of the security flaw they discovered and how they were able to exploit it.
As Bloomberg explains, the FBI may in fact be subject to a little-known process called the "equities review," which was created by the Obama administration to determine if security flaws should be disclosed.
"I do think it should be subjected to an equities review," Chris Inglis, former National Security Agency (NSA) deputy director, told Bloomberg. "The government cannot choose sides in the tension between individual and collective security so the equities process should be run to put both on a level playing field."
Nate Cardozo, staff attorney at the digital rights group Electronic Frontier Foundation, added, "The equities process is supposed to apply to anytime the government discovers, learns of, buys or uses vulnerabilities of any kind. If it's anything where they're attacking the phone in software, it would be subject to the equities review."
At any rate, as civil liberties advocates said this week, the showdown between Apple and the FBI is far from over. Alex Abdo, an attorney with the ACLU's Speech, Privacy, and Technology Project, wrote in a blog post published Tuesday that "[e]ven if the FBI gets access to the San Bernardino phone using the new method it is exploring, it is inevitable that the FBI will come knocking again," particularly as Apple and other tech companies begin to bolster their existing security systems in response to consumer demand.
The FBI's sudden discovery of the new hacking method also strains trust in the agency's technical expertise, Abdo writes, adding, "We have already explained that a key premise of the government's argument--that it would lose the data if it tried to guess the passcode too many times--was false. And now the FBI is acknowledging that its previous statements that only Apple could help may also have been wrong."
Surveillance blogger Marcy Wheeler also noted that the Department of Justice (DOJ) has claimed at least 19 times that the only way it could get into Farook's phone was with Apple's help, a claim which security experts consistently disputed. And as digital rights group Fight for the Future said Wednesday, the DOJ never named Cellebrite as an option in its previous court filings.
Fight for the Future campaign director Evan Greer said the latest developments indicate that the FBI is backing down because it is losing public trust and is increasingly unlikely to set the precedent that Apple unlock an iPhone on the bureau's command. "The FBI's last minute excuse is about as believable as an undergrad who comes down with the flu the night before their paper is due," Greer said. "They should come clean immediately, and admit that they mislead the court and the public, to avoid further damaging what's left of their credibility."
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
The FBI wants to classify its new "alternate" method of unlocking the suspected San Bernardino shooter's iPhone, keeping it secret even from Apple itself, according to new reporting.
The Guardian confirmed with government officials on Wednesday that the technique does enable the FBI to get into Syed Farook's iPhone. That means the agency can back off from its legal battle with Apple, which has accrued widespread support from consumers and privacy advocates in its refusal to create decryption software.
The FBI made its announcement on Monday, a day before it was due in court to continue seeking an order to force Apple to unlock Farook's phone, which Apple has said would weaken its users' privacy rights.
However, "the government now has to be very cautious about when to use the method, which was provided by an 'outside party', according to court filings," the Guardian's Danny Yadron writes.
And according to additional reporting by Reuters on Wednesday, the "outside party" is an Israeli software company called Cellebrite, which creates, among other things, "a forensics system used by law enforcement, military and intelligence that retrieves data hidden inside mobile devices."
As The Verge notes, Cellebrite's involvement in the case is not a total surprise. The company has "a sole-source contract with the FBI that it signed in 2013 specifically to help with mobile forensics and data extraction, exactly the task presented by the San Bernardino case," writes Ashley Carman.
Carman explains:
[E]xperts speculate the attack is based on a NAND mirroring technique, which involves essentially copying the flash memory of the device so it can be restored after a lockscreen wipe. US Representative Darrel Issa directly asked FBI Director James Comey about the possibility of using this technique during a House Judiciary hearing last month. The bureau is now well aware of its existence, and there's no reason to believe it won't work on the iPhone 5C in question. Notably, this method will run into problems on phones with a Secure Enclave, ruling out any phones beyond the 5S.
Apple's attorneys said Monday they would request the FBI inform them of the security flaw they discovered and how they were able to exploit it.
As Bloomberg explains, the FBI may in fact be subject to a little-known process called the "equities review," which was created by the Obama administration to determine if security flaws should be disclosed.
"I do think it should be subjected to an equities review," Chris Inglis, former National Security Agency (NSA) deputy director, told Bloomberg. "The government cannot choose sides in the tension between individual and collective security so the equities process should be run to put both on a level playing field."
Nate Cardozo, staff attorney at the digital rights group Electronic Frontier Foundation, added, "The equities process is supposed to apply to anytime the government discovers, learns of, buys or uses vulnerabilities of any kind. If it's anything where they're attacking the phone in software, it would be subject to the equities review."
At any rate, as civil liberties advocates said this week, the showdown between Apple and the FBI is far from over. Alex Abdo, an attorney with the ACLU's Speech, Privacy, and Technology Project, wrote in a blog post published Tuesday that "[e]ven if the FBI gets access to the San Bernardino phone using the new method it is exploring, it is inevitable that the FBI will come knocking again," particularly as Apple and other tech companies begin to bolster their existing security systems in response to consumer demand.
The FBI's sudden discovery of the new hacking method also strains trust in the agency's technical expertise, Abdo writes, adding, "We have already explained that a key premise of the government's argument--that it would lose the data if it tried to guess the passcode too many times--was false. And now the FBI is acknowledging that its previous statements that only Apple could help may also have been wrong."
Surveillance blogger Marcy Wheeler also noted that the Department of Justice (DOJ) has claimed at least 19 times that the only way it could get into Farook's phone was with Apple's help, a claim which security experts consistently disputed. And as digital rights group Fight for the Future said Wednesday, the DOJ never named Cellebrite as an option in its previous court filings.
Fight for the Future campaign director Evan Greer said the latest developments indicate that the FBI is backing down because it is losing public trust and is increasingly unlikely to set the precedent that Apple unlock an iPhone on the bureau's command. "The FBI's last minute excuse is about as believable as an undergrad who comes down with the flu the night before their paper is due," Greer said. "They should come clean immediately, and admit that they mislead the court and the public, to avoid further damaging what's left of their credibility."
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.