Ten members of the US Congress have asked the FBI to explain its battles with Apple, after doubts were raised over the extent to which criminals use encryption to "go dark" and evade law enforcement authorities.
Criminals using encryption to evade law enforcement – "going dark" – is the foundation of the FBI's calls for a special legislative mathematics and not-backdoors that means good guys can access bad guys' messages, without compromising everyone else.
But a recent Department of Justice Office of the Inspector General report cast doubt on just how often crims "go dark". The report, by the Justice Office of the Inspector General (OIG), included statements that “appear to indicate that the FBI was more interested in forcing Apple to comply than getting into the device”.
Now 10 members of Congress have written (PDF) to FBI director Christopher Wray asking for answers.
In their letter posted Friday, April 13, the group said they are "troubled" by the report, which was penned in the wake of the November 2015 attack by San Bernadino shooter Syed Farook. During its investigation into the incident, the FBI conducted a very public battle with Cupertino over access to Farook's encrypted iPhone. The FBI took Apple to court demanding a special iOS buildto crack the iPhone 5c, something Apple defended on the basis that it would set a bad legal precedent.
In March 2016, the Feds said they'd cracked the phone and withdrew the lawsuit, and later, then-FBI director James Comey said a third party banked more than a million dollars to crack the phone (which in the end didn't really help the case).
The OIG report suggested the FBI's Remote Operations Unit (ROU) might have access to a third-party vendor's crack for the iPhone, but investigators in the San Bernardino case didn't ask, and the ten Congressman would like to know why.
They're also concerned at hints that there's a degree of turf-warring within the FBI, between the ROU and the Cryptographic and Electronic Analysis Unit (CEAU), which was frustrated that the ROU's vendor contact jinxed its lawsuit: “The CEAU Chief told the OIG that … he became frustrated that the case against Apple could no longer go forward, and he vented his frustration to the ROU Chief.”
The letter says the timeline detailed in the OIG report “undermines statements that the FBI made … that only the device manufacturer could provide a solution”, and raises the possibility that “the FBI has not been forthcoming about the extent of the 'Going Dark' problem”.
They also highlight that rather than the more-than-a-million Comey discussed in 2016, Cellbrite claims it can unlock an iPhone for about US$1,500.
The group add that the FBI's claim that it was unable to crack 7,800 devices last year seems “highly questionable”, now the existence of third-party unlocking tools is common knowledge.
The letter asks the following questions of Wray:
- Have you consulted with relevant third-party vendors to understand what tools are available to help the FBI access device content?
- Do you agree that there are solutions available to help unlock or decrypt nearly every device on the market? If not, why are these solutions, particularly [Cellbrite and GrayShift], insufficient?
- Why can't the FBI unlock the 7,800 devices? Have you attempted to use tools developed by third-parties to unlock these devices?
- Of these locked phones, how many are equipped with biometrics or how many have data available through a cloud service, which would provide additional means to access data or unlock phones?
- For each device that you have not used a third-party tool to unlock, what is the rationale for not doing so?
The signatories to the letter are Democrats Zoe Lofgren, Jerrold Nadler, Ted Leiu, Jared Polis and Suzan DelBene; and Republicans Darrell Issa, Jim Sensenbrenner, Ted Poe, Matt Gaetz, and Jim Jordan.