“Circumventing” Encryption Is Different than “Weakening” or “Altering” It

I’m still catching up to the Questions for the Record that ODNI submitted to the Senate Intelligence Committee after its June hearing on 702. So I’d like to look more closely at something from the QFRs first reported by Zack Whittaker on encryption.

It has to do with a response to a Ron Wyden question about whether 702 provides authority to “circumvent or weaken” encryption.

Whittaker notes what I pointed out here — because of the way 702 works, “the court is never going to review the individual directives which is where the specific technical assistance gets laid out (unless a provider is permitted to challenge those directives).” That’s the headline point of his piece, one I agree with.

The US government does not need the approval of its secret surveillance court to ask a tech company to build an encryption backdoor.

Whittaker also notes that this language falls far short of denying (or confirming) whether it has asked for a back door. Meaning, it’s possible they asked a provider for a back door, and the provider complied without being forced to.

That said, I wanted to point out the limits to this claim from Whittaker.

In its answers, the government said it has “not to date” needed to ask the FISC to issue an order to compel a company to backdoor or weaken its encryption.

It is true that the government says it has not asked an ECSP to “alter the encryption provided by a service or product it offers.”

But that answer is non-responsive to the totality of Wyden’s question, which asks if the government ordered a provider to “circumvent or weaken” encryption. The government only addresses the latter question, whether the government has altered (presumably by weakening) encryption. It hasn’t answered, at all, whether it has ordered a provider to “circumvent” encryption.

That’s an important point regardless. These QFRs are always carefully crafted, particularly in responses to Wyden (or the few other people who actually exercise oversight).

I think it’s particularly important given something that happened with iOS in the last year: rather than just answering, yes or no, before a phone trusts a computer (meaning it will share its contents with iTunes and therefore potentially with Apple), iOS 11 now requires you to enter your password before a phone will trust a computer.

A different and more significant change is requiring the passcode to “trust” a new computer. Currently, when the police wish to search a phone, they unlock it either with the fingerprint reader, by convincing the suspect to unlock the phone (e.g. to look up a phone number), or they simply seize the phone while it is unlocked. None of these avenues directly implicate suspects’ constitutional rights. Once the unlocked phone is obtained, officials connect the device to a computer running forensics software, or even just iTunes, direct the device to “trust” the new computer when prompted, and download a backup that contains almost all of the relevant information stored on the phone. Requiring the passcode in order to sync the device with a new machine means that, even with an unlocked device, a party that wants access is now limited to searching the phone manually for visible items and can only perform that search while the phone remains unlocked.

I had already been thinking trusted backups provided a way the government could, through Apple, obtain contents from phones that would otherwise be hard to decrypt (I believe it would require altering iTunes, not the encryption itself). Such an approach would be particularly useful for NatSec investigations, where collecting contents wasn’t so much about solving an already committed crime (which is what all the iPhones the government hasn’t been able to break into were collected for), but to prevent one or otherwise collect prospective data.

I don’t even know if this is technically feasible. Nor do I know whether someone would be better sticking with iOS 10 and just rigorously refusing to trust a given computer or upgrading to iOS 11 and never entering that password.

But I do know this passage on encryption is — with respect to whether the government has ever ordered a company to circumvent encryption — a non-denial.

And I have learned that non-denials, especially in response to Wyden, generally should be closely scrutinized.

15 replies
  1. earlofhuntingdon says:

    Certainly, never having had to ask for permission to obtain a result is not the same as not obtaining that result from a third party. The very framing is an obfuscation.

    Do you understand that “backdoor” as used in the quote is a synonym for “weaken” rather than for “circumvent”?

    • emptywheel says:

      Good question. I’m not really disputing Whittaker as much as noting the non-answer to the circumvent part.

        • SpaceLifeForm says:

          Marcy, I know you were following this today.
          Just want to note that @matthew_d_green gets it.
          The key is the keys.

          No need for re-architecting of provider network.

  2. gezzerx says:

    To: ODNI

    Half a truth is often a great lie.
    Benjamin Franklin

    Words may show a man’s wit but actions his meaning.
    Benjamin Franklin

  3. SpaceLifeForm says:

    Believe some clues were inadvertently revealed yesterday. Believe the entire CNN story was a troll operation. Believe Futerfas bit. And I certainly can believe Jr just ignored the email. But the story is not a nothingburger.

    Parse the Futerfas statement carefully.
    And while reading it, and re-reading it, ask yourself if Futerfas may have revealed info that he learned from the House Intel Comm, which was a closed classified session.

    Has anyone confirmed that the alleged two sources for CNN that both had the date wrong were actually from House Intel Comm? Or staffers? Not to my knowledge.

    And then did Futerfas provide a copy of the email to WAPO? Possible explanation. Or did someone (likely different than the two CNN sources) leak to WAPO?

    Why is Futerfas so convinced that the sources for the CNN story were really House Intel Comm people?

    But, most importantly, I believe Futerfas may have inadventently revealed and/or confirmed some ‘stuff’ that he probably should not have.

    He could have just refuted the article via the date being wrong and left it at that.

    But he did not.

    Not going to talk about the ‘stuff’. If you have been reading here long enough, you can guess what the ‘stuff’ can be.

    I’ll just sort of sum it up with an old phrase:

    Loose lips might sink ships


    “The email was never read or responded to — and the House Intelligence Committee knows this,” he [Futerfas] said. “It is profoundly disappointing that members of the House Intelligence Committee would deliberately leak a document, with the misleading suggestion that the information was not public, when they know that there is not a scintilla of evidence that Mr. Trump Jr. read or responded to the email.”

    • lefty665 says:

      The leak while the committee was still in session was interesting. The distribution list including to unusual email addresses was too, especially in the context of the assertion that Junior had neither accessed or answered it. The other recipients might find that facilitated coordination of testimony (Gosh, I didn’t even know I got that, was that in my in box?). They also learned that Junior turned over spam and junk emails, including “a ton of unsolicited emails like this on a variety of topics.” That statement might give notice there were other email issues lurking, perhaps including things like data locations and decryption keys.

      • SpaceLifeForm says:

        “The email was never read or responded to — and the House Intelligence Committee knows this”

        ‘Knows” – How do they know?

        It certainly can not be “known” *based on testimony*. As in ‘known for a fact’, ‘truth’.

        But it can be “known” via other means.

  4. greengiant says:

    So that is why and how Customs and Border Patrol ask for phones, take them to a back room, and then come back with the phone. Before it was just a guess.

    • SpaceLifeForm says:

      Clone/dump does take a few minutes. Same happens at your local cell provider. They always go in back room to ‘work on problem’.

      (the problem they cause in the first place)

      • SpaceLifeForm says:

        But temporary loss of custody of phone was not what was I was referring to regarding inadvertent reveal. What I am trying to point out is ‘stuff’ *from* the hearing was revealed.

        Remember, it was a closed classified session.

        My point was about the email discussion in session, not loading spyware on a phone or dumping all the contacts. Do not believe they need physical posession of phone (albeit temporary) for that.

  5. earlofhuntingdon says:

    So Donny Trump Sr watches four to eight hours of television a day. I guess his parents were absentees. His staff say its for “self-preservation” and to give him “ammunition” for his tweets.

    Has even John Kelly told him there might be more to the job than watching tv? Like, maybe, being president instead of talking about it on twitter? Trump should be impeached just for his lack of time management skills, which rival those of an errant middle schooler. Melania must keep Barron away from daddy just so he won’t pick up any more bad habits.

    • earlofhuntingdon says:

      Add two hours a day to dress his hair and dentures, and to roll out the ladder to tie that tie, and Two Big Macs Donny works what, 3-4 hours a day?  The average travel trailer living Amazon warehouse worker puts that in before her non-existent coffee break.  (I guess Bezos forgets who else is based in Seattle.)

      Now we know where Grassley got his booze, women and movies description, except that he applied it to the wrong people.  Even if Donny can’t handle the booze, he makes up for it with the other two.

  6. pdaly says:

    Wondering if this is relevant: My iPhone was suddenly very adamant about prompting me to enter my Apple ID and pw after completing an update (I think this was a version of iOS 9). I’d be trying to write a text or make a phone call and the ‘enter your Apple ID’ prompt would appear on my screen. I ignored it, but it was like swatting away at a pesky fly hour after hour. The prompt wanted me to connect to iTunes or iCloud (I believe I have managed to avoid setting up an iCloud).
    It was odd, because previous iOS versions were not so aggressively persistent.

    Now, with the latest iOS, I get only occasional prompts to set up Apple iPay or iCloud.

  7. pdaly says:

    I thought the iPhone is encrypted out of the box–that’s why we have to enter a pw.

    So in previous iOS versions if we trust a computer would you assume any phone back up on the computer was also encrypted? Now that one has to enter one’s pw before trusting a computer are we/(is iOS) potentially downloading an unencrypted copy of the phone to the computer?

Comments are closed.