“Noteworthy” Ron Wyden Interview on Apple vs FBI: Ask NSA, Ask NSA, Ask NSA

This interview Ron Wyden did with Oregon Public Radio includes a lot of what you might expect from him, including an argument that weakening encryption makes us less safe, including possibly exposing kids (because their location gets identified) to pedophiles.

But the most interesting part of this interview are the three times Ron Wyden made it clear, in his inimitable fashion, that someone better ask NSA whether they can decrypt this phone. To me, the interview sounds like this:

Let me tell you what I think is noteworthy here. This is a fight between FBI and Apple. I think it’s noteworthy that nobody has heard from the NSA on this. [around 2:00]

And I want to come back to the fact that the NSA has not been heard from on this and I think that that is noteworthy. [before 7:25]

[After finally being asked what he had heard from NSA] I’m on the intelligence committee, so I’m bound, I take an oath, to not get into classified matters so I’m just going to, uh, leave that there with respect to the NSA. [at 8:30]

We’ve had experts like Susan Landau and Richard Clarke insist that NSA can get into this phone. Jim Comey, in testimony before HJC, sort of dodged by claiming that NSA doesn’t have the ability to get into a phone with this particular configuration.

But Ron Wyden sure seems to think the NSA might have more to say about that.

Golly, I can’t imagine what he thinks the NSA might have to offer about this phone.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

9 replies
  1. SpaceLifeForm says:

    http://arstechnica.com/security/2016/03/to-bypass-code-signing-checks-malware-gang-steals-lots-of-certificates/

    “Signing malware with code-signing certificates is becoming more common, as seen in this investigation and the other attacks we have discussed,” Symantec researcher Jon DiMaggio wrote in Tuesday’s blog post. “Attackers are taking the time and effort to steal certificates because it is becoming necessary to gain a foothold on a targeted computer. Attempts to sign malware with code-signing certificates have become more common as the Internet and security systems have moved towards a more trust and reputation oriented model. This means that untrusted software may not be allowed to run unless it is signed.”

    Sounds like the FBiOS problem.

    Except that it may not really be a problem if you trust RSA and CAs.
    Which i hope I have made clear, I do not trust RSA. The FBI is
    phishing the legal system. The NSA most assuredly can get
    the info off of the iPhone 5c in question. This is all about setting
    precedent.

    Ron Wyden sees the big picture and has for years now.

    The attack on Apple (with more to follow later if FBiOS happens),
    is fascism at it’s peak. The fascists are “all in”.

    • martin says:

      quote”This is all about setting
      precedent.”

      While it would, I think there’s more to this. See below..

      quote”Ron Wyden sees the big picture and has for years now.”unquote
      Yeah. I bet he could fill a few libraries with what he knows.

      quote”The attack on Apple (with more to follow later if FBiOS happens),
      is fascism at it’s peak. The fascists are “all in”.”unquote

      Jim Garrison would shake your hand. However, if the FBI wins, and Trump get’s elected, we haven’t seen anything yet.

      Btw, speaking of maggots… I’ve got $25 that says before this election campaign crap is over, Trumps supporters will be wearing armbands with a Trump logo on them, and someone is going to get killed at one of his rallys. What I don’t understand is.. why he hasn’t been arrested for inciting violence. I mean, even a blind cave man can see it.

      • wayoutwest says:

        You might want to volunteer with the Soros Soldiers and become the first martyr for the Party cause and prove that your projections about Trump’s followers violent tendencies are not just political hype from a frightened/threatened status quo and its minions.

  2. earlofhuntingdon says:

    Well, if NSA just smashes through the Apple encryption, and the govt admits it publicly, it might make moot the govt’s entire legal and PR campaign against the encryption-friendly standards promoted by Apple and its peers. It would also be a public admission that the govt has an awesome, unaccountable power that could readily insinuate itself into the daily lives of hundreds of millions of people. Which gets us quickly into Lord Acton and Orwell country.

  3. lefty665 says:

    Wm Binney has some experience with NSA, and, among others, has suggested it’s not too hard to get into this phone.
    .
    Binney’s suggestion was to clone the phone, set up as many virtual copies as desired and go after the password, in this case 10 times per virtual phone, until it unlocks.
    .
    You might even infer that this isn’t the first time the spooks have run into a device that allows a limited number of bad password guesses.
    .
    Another question is whether the FBI is just playing dumb in this case or whether it’s once again truly without a clue.

    • Anon says:

      I find it highly unlikely that they are dumb. As others have noted here the precedent that they are asking for goes way way beyond this phone or even this company. If their legal precedent is accepted then they would have the ability to get any court, including perhaps the secret FISA court, to order any person or company to do more or less anything.
      .
      Thus they would be able to forceably make other individuals party to their investigations and, in effect, put them on the hook to make sure that they succeed. If you consider the Lavabit case, they were only able to get a court order for the keys or for him to shut down. Now they would be able to force someone like him to literally make keys, change his infrastructure, and in effect spy on his clients for them.
      .
      Whether they can get into this phone or not does not matter. Whether they can get the law they want, without letting Congress get involved… That’s another matter.

  4. Evangelista says:

    What I see as most ‘noteworthy’ about the FBI-San Bernardino County/Farouk iphone matter is that the FBI started out with a San Bernardino County iphone issued to a county employee that would normally be, or be expected to be, accessible by San Bernardino County, and that would have, in normal course of daily iphone procedure, backed its data content up to the icloud overnight. But, before the first night, when the backup would have automatically occurred, the FBI “changed the password” on the phone, which made (or to make) the iphone not backup. Would the FBI not have known that iphones back up to the icloud overnight? When it is a ‘feature’ and so is advertised? Would the FBI have not known that if the password was changed, so the icloud account would not have access, the iphone would not, could not, backup to the icloud?

    The quick-and-dirty way to lock up the San Bernardino County employee Farouk’s company issued iphone, so data on it could not ‘escape’ to San Bernardino county was to change the password. That is what the FBI did.

    The personal phones of the FBI alleged ‘terrorists’ were, allegedly, ‘destroyed’, allegedly by the two ‘terrorists’. Apparently even the meta-data that the phone companies would have had in storage were somehow also destroyed, or ‘became unavailable’. Destroying phones can be done, destroying their chips can be done, but how does one destroy meta-data on servers,, in server-storage per law?

    To destroy the ‘terrorists” metadata one would have to have access to the servers, or to linked in servers, which would ‘launder’ the metadata going to commercial servers, which data would be the link-servers’, instead of the phone’s.

    What would the FBI need from the phones aside from the metadata? What would the FBI need from the SBC owned iphone, that it did not get before it “destroyed” the iphone (or bricked it)?

    More important, to an independent investigation, why does the FBI need to get the ‘lost’ data from the iphone so badly that it has created a media and legal storm trying?

    The SBC iphone, as many have pointed out, should have no personal data on it. Why might it have, if it should not have?

    Consider a scenario: The ‘terrorists’ are innocents (it should not be hard to imagine them this, since our law requires us to) and they are being pursued by a flotilla of hostile police vehicles. They try to call for help, using their personal phones. They get a ‘no signal’ message, because the FBI has cut off their access (see the “Oregon Stand-Off” video made inside the pursued vehicle in that case, if your imagination needs a boost).

    What to do next, logically? Try using the company phone, of course.

    Did the FBI brick the SBC iphone before it thought to check to see if the ‘terrorist’ suspects got a call through to someone on that phone? Is there a record somewhere that the FBI fears might come back and bite them in the ass? Is there a possibility of a record in the bricked iphone that might lead the FBI to where a potentially FBI-incriminating message might have been sent, to where it might be still?

    It is another fishy element in another fishy case perpetrated by a Fishy Bureau of Investigation.

    • martin says:

      quote”Did the FBI brick the SBC iphone before it thought to check to see if the ‘terrorist’ suspects got a call through to someone on that phone? Is there a record somewhere that the FBI fears might come back and bite them in the ass? Is there a possibility of a record in the bricked iphone that might lead the FBI to where a potentially FBI-incriminating message might have been sent, to where it might be still?”unquote

      Someone give this man a prize. I’ve got $26 that says the “terrorists” were being set up by the FBI(where have we seen this before)..but they went rogue. I submit, there is something on that phone that may prove it.

      quote”It is another fishy element in another fishy case perpetrated by a Fishy Bureau of Investigation.”unquote
      I’ll file that under Great Moments in Massive Understatements.

  5. lefty665 says:

    Seems more likely the FBI screwed up (again) by telling San Berdo to change the password. Somebody (likely DoJ) then decided to try to turn that screw up into a feature in their campaign to compel Apple et al to provide access to everything all the time. No paranoia needed, just an appreciation of FBI incompetence compounded by unprincipled DoJ opportunism.
    .
    Be glad Obama was most interested in scoring political points on the Repubs or we’d have Lynch for the SC instead of an old white guy from Hahvard (I’m anxiously waiting for bmaz to weigh in on Garland re criminal justice, gov’t powers, abortion, &???).
    .
    Back to the OP, unlocking a simple passcode on an electronic device is surely a legacy exploit at NSA, not a secret. That’s why so many people are willing to discuss it. Apple and DoJ both know that, so the rest is Kabuki theater to market pretend security or to justify destroying what shreds of privacy are left, depending on which side you’re on. Wonder if the magistrate is in on the joke?

Comments are closed.