FBI vs. iPhone Encryption, Round Two: Pensacola Shooter

Devlin Barrett, reporting for The Washington Post:

The FBI is pressing Apple for help opening iPhones that belonged to the Saudi military student who killed three people last month at a naval base in Pensacola, Fla., signaling a potential revival of the fight between the federal government and Silicon Valley over encryption technology.

On Monday, the FBI’s general counsel Dana Boente wrote a letter to Apple’s top lawyer, Katherine Adams, seeking the tech giant’s assistance.

“Even though the shooter is dead, the FBI, out of an abundance of caution, has secured court authorization to search the contents of the phones in order to exhaust all leads in this high priority national security investigation,” Boente wrote. “Unfortunately, FBI has been unable to access the contents of the phones,” the letter said, even after asking private technology experts if they could help agents crack them. “None of those reachouts has shown us a path forward.” […]

In a statement, Apple said it had already helped FBI agents on the Pensacola case by sharing relevant data in its cloud storage. Apple and other companies have said that encryption on phones is an important safeguard protecting millions of consumers against hackers and other criminals.

There are two entirely separate issues here, and the FBI either doesn’t understand them or (more likely, I think, but I’m not sure) is willfully conflating them.

The first issue is Apple offering law enforcement whatever information they can, when appropriate. In this case, they’ve apparently done so: providing the FBI with whatever they can from the suspect’s iCloud account.

The second is Apple being technically incapable of complying with additional law enforcement requests. Apple does not have a way to get at the contents of a locked, encrypted iPhone. Also true of iPads and the boot drives of Macs with a T2 security chip and File Vault enabled. That’s how these encryption systems are designed. If Apple had a way in, anyone could have a way in. That’s a backdoor, and backdoors are inherent security vulnerabilities.

Most people don’t understand anything at all about encryption (which is to be expected), and reasonably assume that surely Apple can “get into” any device that it makes. It used to be that way, in fact, in the early years of iPhones, and it was a disaster for security — a thief who had your iPhone also had access to whatever data was on your iPhone.

It’s fine that most people don’t understand anything about encryption, but experts at the FBI surely do, and my suspicion all along with the San Bernardino case was that the FBI was trying to turn the public’s ignorance of encryption — both how it works and how owning truly encrypted devices benefits them, even if they don’t know it — against Apple.

Honestly, I don’t think this has anything to do with the Pensacola shooter. I think this is part of a campaign to drum up public support for making true encryption illegal. And if it really is about the Pensacola shooter, the FBI’s leadership doesn’t understand how encryption works, which is disgraceful.

The San Bernardino case, you may recall, did not turn out well for the FBI.

Wednesday, 8 January 2020