Terrorism

1 2 3 94

Bob Graham Says FBI Aggressively Deceived on Sarasota 9/11 Investigation

James Clapper has suggested that the 28 pages of the Joint Congressional Inquiry may be declassified by June. I’m skeptical the pages will be entirely declassified, but look forward to them.

Meanwhile, former Senate Intelligence Chair has begun to press for an accounting on the Sarasota cell of apparent 9/11 supporters. In an interview with NPR, he stated clearly that FBI lied (um, misstated) what they knew about the Sarasota cell and called for the investigations to be reopened without the tight time limits imposed on the original commissions.

I think it’s been more than a cover up. I think it’s what I call aggressive deception: instances in which the FBI has publicly released statements which I know from personal experience were untrue. They stated that in this Sarasota situation they had completed the investigation, that the investigation determined that there were no connections between the hijackers and the prominent Saudi family and that they had turned over all of this information to the Congressional Inquiry and the 9/11 Citizen’s [sic] Commission. I know for a fact that none of those three statements are true.

[snip]

It’s more than a cover-up. The FBI misstated what is in their own records relative to the situation in Sarasota.

Of course, the FBI went even further with its aggressive deception on the anthrax attack.

Nevertheless (or perhaps, “as a result”), Robert Mueller will probably have the new FBI headquarters named after him, based on the bogus premise that his FBI didn’t engage in some of the same kinds of deceits as J Edgar Hoover’s FBI did.

Are the Economic Pins to the Saudi-US Relationship Still in Place?

As I noted the other day, 60 Minutes renewed attention on the 28 pages implicating Saudi, surely to set up the announcement that the White House is conducting a declassification review of the section of the Joint Congressional Inquiry that implicates one of our closest allies in that attack. I went on to argue that the suppression of those pages for 15 years, even as the Saudis continued to support anti-American terrorism, indicts those who’ve been complicit.

Sadly, this whole orchestrated move toward declassifying the 28 pages may well be a charade — a threat to the Saudis designed to make them change their ways. At this point, after tolerating Saudi double dealing for so long, those 28 pages indict Americans just as badly as they indict the Saudis.

To illustrate just how much of a charade the attention on the President voluntarily conducting a declassification review of the Saudi section of the Joint Inquiry, in the wake of that hullaballoo, the NYT reported on the financial threats the Saudis made that (the article suggests) are one of the things, though not the only thing, that has led Obama to lobby against a bill permitting the Saudis to be held accountable in court.

Saudi Arabia has told the Obama administration and members of Congress that it will sell off hundreds of billions of dollars worth of American assets held by the kingdom if Congress passes a bill that would allow the Saudi government to be held responsible in American courts for any role in the Sept. 11, 2001, attacks.

The Obama administration has lobbied Congress to block the bill’s passage, according to administration officials and congressional aides from both parties, and the Saudi threats have been the subject of intense discussions in recent weeks between lawmakers and officials from the State Department and the Pentagon. The officials have warned senators of diplomatic and economic fallout from the legislation.

Adel al Jubeir, the Saudi foreign minister, delivered the kingdom’s message personally last month during a trip to Washington, telling lawmakers that Saudi Arabia would be forced to sell up to $750 billion in treasury securities and other assets in the United States before they could be in danger of being frozen by American courts.

Several outside economists are skeptical that the Saudis will follow through, saying that say such a sell-off would be difficult to execute and would end up crippling the kingdom’s economy. But the threat is another sign of the escalating tensions between Saudi Arabia and the United States.

The administration, which argues that the legislation would put Americans at legal risk overseas, has been lobbying so intently against the bill that some lawmakers and families of Sept. 11 victims are infuriated.

So on the one hand, Obama is making a big show of declassifying the 28 pages. On the other hand, he is lobbying (privately until this NYT report) to ensure that nothing legal will come of the release of those pages.

It feels kind of like Obama’s treatment of torture, allowing very limited exposure of what happened, all while ensuring there will be no legal accountability (legal accountability, I’d add, that would threaten to expose others higher up in the US executive branch; and  note that while the Administration is permitting a lawsuit of James Mitchell and Bruce Jesson, I’m skeptical this well get very far either).

Against this background, the Saudis are trying to negotiate an oil freeze to bring up prices, but apparently have delayed doing so, ostensibly because of rising animosity with Iran but also, analysts suggest, to hurt US capacity.

Failure to reach a global deal would signal the resumption of a battle for market share between key producers and likely halt a recent recovery in prices.

“If there is no deal today, it will be more than just Iran that Saudi Arabia will be targeting. If there is no freeze, that would directly affect North American production going forward, perhaps something Saudis might like to see,” said Natixis oil analyst Abhishek Deshpande.

Of course, our investment in fracking has always been, in significant part, about undercutting the power over the Saudis. The Saudis have been especially concerned about losing their privileged relationship with us since the Iranian deal, and since then the Saudis have been playing a game of chicken with oil production, daring other opponents to outlast it (which South American producers have been unable to do).

So a lot of this is financial.

But the fact that it is financial — and the fact that NYT’s analysts are skeptical that the Saudis could manage to screw us over, financially — suggests there’s something more.

Obama also doesn’t want the Saudis sued for liability reasons. He says, overseas.

Except this charade has been going on far too long for liability to exist only overseas.

The FBI’s Asinine Attempt to Retroactively Justify Cracking Farook’s Phone

“Hold on honey,” said Syed Rizwan Farook, who had just murdered 14 of his co-workers, “let me go get my work phone in case they call me during our getaway”

That’s the logic the FBI is now peddling to reporters who are copping onto what was clear from the start: that there was never going to be anything of interest on Farook’s phone. After all, they’re suggesting geolocation data on the phone (some of which would be available from Verizon) might explain the 18 minutes of the day of the attack the FBI has yet to piece together.

For instance, geolocation data found on the phone might yet yield clues into the movements of the shooters in the days and weeks before the attack, officials said. The bureau is also trying to figure out what the shooters did in an 18-minute period following the shooting.

Farook drove a SUV to the attack and was killed in the same SUV. To suggest his work phone, which was found in a Lexus at his house, might have useful geolocation data about the day of the attack would suggest he made a special trip to the car to leave his phone in it and turned it off afterwards (if we really believe it was off and not just drained when the FBI found it the day after the attack).

Hold on honey, let me go place my work phone in the Lexus.

Similarly, it is nonsensical to suggest the phone would yield evidence of ties with foreign terrorists.

The FBI has found no links to foreign terrorists on the iPhone of a San Bernardino, Calif., terrorist but is still hoping that an ongoing analysis could advance its investigation into the mass shooting in December, U.S. law enforcement officials said.

They’ve had the metadata from the phone since December 6, at the latest. That’s what would show ties with foreign terrorists, if Farook had been so stupid as to plot a terrorist attack against his colleagues on his work phone, to which his employer had significant access.

Finally, reporters should stop repeating the FBI’s claim that Farook turned off his backups.

In particular, the bureau wanted to know if there was data on the phone that was not backed up in Apple’s servers. Farook had stopped backing up the phone to those servers in October, six weeks before the attack.

The government has actually never said that in sworn declarations. Rather, their forensics guy, Christopher Pluhar, asserted only that Farook may have turned them off.

Importantly, the most recent backup is dated October 19, 2015, which indicates to me that Farook may have disabled the automatic iCloud backup feature associated with the SUBJECT DEVICE. I believe this because I have been told by SBCDPH that it was turned on when it was given to him, and the backups prior to October 19, 2015 were with almost weekly regularity. [my emphasis]

But if he did, he was a damned incompetent terrorist, because — as Jonathan Zdziarski, who is quoted in this article, pointed out — at the same screen he would have used to turn off the iCloud backup, he could have also deleted all his prior backups, which we know he didn’t do.

  • Find my iPhone is still active on the phone (search by serial number), so why would a terrorist use a phone he knew was tracking him? Obviously he wouldn’t. The Find-my-iPhone feature is on the same settings screen as the iCloud backup feature, so if he had disabled backups, he would have definitely known the phone was being tracked. But the argument that Farook intentionally disabled iCloud backup does not hold water, since he would have turned off Find-my-iPhone as well.
  • In addition to leaving Find-my-iPhone on, the option to delete all prior backups (which include iMessage history and other content) is also on the same settings screen as the option to disable iCloud backups. If Farook was trying to cover up evidence of leads, he would have also deleted the existing backups that were there. By leaving the iCloud backup data, we know that Farook likely did not use the device to talk to any leads prior to October 19.

We also know from a supplemental Pluhar declaration that Farook had not activated the remote-wipe function, which he also would have done if he were a smart terrorist trying to cover his tracks.

Finally, Apple’s Privacy Manager, as Erik Neuwenschander demonstrated, Pluhar didn’t know what the fuck he was talking about with regards to backups.

Agent Pluhar also makes incorrect claims in paragraph 10(b). Agent Pluhar claims that exemplar iPhones that were used as restore targets for the iCloud backups on the subject device “showed that … iCloud back-ups for ‘Mail,’ ‘Photos,’ and ‘Notes’ were all turned off on the subject device.” This is false because it is not possible. Agent Pluhar was likely looking at the wrong screen on the device. Specifically, he was not looking at the settings that govern the iCloud backups. It is the iCloud backup screen that governs what is backed up to iCloud. That screen has no “on” and “off” options for “Mail,” “Photos,” or “Notes.

Zdziarski offers another possible explanation for the lack of backups on Farook’s phone, so there are other possible explanations.

iCloud backups could have ceased for a number of reasons, including a software update that was released on October 21, just two days after the last backup, or due to iCloud storage filling up.

The point is, we don’t know, and it’s not even clear Pluhar would know how to check. So given all that other evidence suggesting Farook may not have turned off his backups, journalists probably should not claim, as fact, he did.

Of course, that claim is really just a subset of the larger set of the bullshit FBI has fed us about the phone. It’d really be nice if people stopped taking their bullshit claims seriously, as so few of the past ones have held up.

The CIA Doesn’t Want You To Know that ISI Supports Terror, But DIA Does

The National Security Archive just got a number of documents on the funding of the Haqqani network, showing it gets (or got) funding from Gulf donations, the Taliban in the tribal lands, and Pakistan’s ISI. A particularly interesting DIA cable describes how a guy named Qabool Khan, on orders of the Haqqani, got a job — thanks to Hamid Karzai’s brother Mahmoud’s influence — running security for the US Salerno and Chapman bases. Along with intelligence about Americans on the base, of the $800 he made for each guard at the base, Khan sent $300 back to the Haqqanis.

This DIA cable, however, has generated more attention. It alleges that Pakistan’s ISI gave the Haqqanis $200,000 to carry out the attack on the Chapman base in Khost that killed seven CIA officers.

Screen Shot 2016-04-15 at 11.51.53 AM

Reuters reported it here, saying this about the accuracy of the report.

A spokesman for Pakistan’s embassy in Washington did not have any immediate comment.

Because the document is heavily censored, it is not clear whether it represents an intelligence agency consensus or fragmentary reporting. One line, which has been crossed out, says: “This is an information report, not finally evaluated intelligence.”

More amusing is this piece from Joby Warrick who, after all, wrote an entire book about the attack filled with very detailed descriptions that could only have come from top CIA people. His anonymous source(s) — whose particular agency affiliation he does not identify, which clearly matters here — cast doubt on the report, and either they or Warrick himself questions the claim that Arghawan might be involved in the plot because he died.

But is the claim credible? The new version of events has prominent skeptics, starting with the U.S. intelligence community, which was both targeted by the attack and also spent many months piecing together the evidence on how and why it happened.

[snip]

One U.S. intelligence official who studied the newly released document described its contents on Thursday as an “unverified and uncorroborated report”— essentially raw intelligence of the kind that routinely lands on the desk of U.S. analysts and diplomats in overseas posts. The redacted report says nothing about the source of the information, including whether the person was regarded as reliable or how the allegations were eventually assessed.

“The document clearly states that it contains unevaluated information,” said the official, who insisted on anonymity because much of the investigation into the bombing remains classified.

“The Haqqanis are brutal terrorists who continue to target innocent people, including Americans,” the official said. “Nonetheless, the general consensus is that the 30 December attack was primarily an al-Qaeda plot and did not involve the Haqqani network.”

[snip]

Arghawan was in fact the man assigned by the CIA to pick up Balawi at the Pakistan border and drive him to Khost for the meeting. But his involvement in any plot would appear doubtful, as he was killed along with seven Americans when Balawi detonated his bomb.

Call me crazy, but I can imagine how an extra $100,000 might motivate someone to kill an accomplice, even setting aside the possibility that those who plotted this attack would want as few live witnesses as possible. Note, too, that Bob Baer pointed to the use of a driver (that is, Arghawan) as a key failure of tradecraft.

An old operative I used to work with in Beirut said he would have picked up Balawi himself and debriefed him in his car, arguing that any agent worth his salt would never expose the identity of a valued asset to a foreigner like the Afghan driver. I pointed out that if he’d been there and done it that way, he’d probably be dead now. “It’s better than what happened,” he said.

But all the discussion about the credibility (or not) of this report doesn’t consider something: that this just got released under FOIA! It is a cinch to withhold information, especially raw intelligence, under FOIA. Indeed, the paragraph, like the cable as a whole, is classified Secret/NoForn. But here, the State Department not only went to DIA to facilitate this release, but the censors made an affirmative decision this piece of data should not be withheld.

Whether or not its true (and I’d be surprised if DIA wanted inaccurate information implicating ISI released, unless they just wanted to burn this source), it is the case that DIA, possibly with the involvement of State, released information revealing that DIA obtained intelligence that those in charge of Chapman (that is, the CIA) were employing at least one and probably two Haqqani agents. (Remember, too, that CIA reportedly got warning about this attack but still failed to prevent it.)

I’d also add that alleged ISI involvement in the attack would raise really interesting questions about whether ISI wanted the particular CIA attendees, including key Osama bin Laden targeter Jennifer Matthews, at the meeting killed, rather than just a strike at CIA drone targeters generally. Indeed, the possibility that ISI facilitated the attack, luring in the CIA with promises of the location of Ayman al-Zawahiri, particularly when we know that ISI wanted the Haqqanis protected, is particularly intriguing.

In any case, I’m sure the ISI is reading the reporting on this cable with some interest.

The 28 Pages

On Sunday, President Obama said this about about Hillary’s email scandal: “There’s classified & then there’s classified.”

Perhaps that’s what has led him to decide, after 15 years, the 28 pages on the Saudis’ role in 9/11 can finally be released (or at least reviewed for declassification; given the way the 60 Minutes script ignored evidence about Bandar bin Sultan, I suspect they’ll still protect him).

The ostensible precipitating factor was a 60 Minutes show that, as I understand, didn’t expose anything we haven’t known for a decade (for comparison see this declaration Bob Graham submitted last year in a suit against the Saudis). But given the way 60 Minutes have become a house organ for the Intelligence Community, and given the way Nancy Pelosi had a statement (emphasizing her long role in Intelligence oversight, such as it exists) endorsing the disclosure all ready to go,

“As the former Ranking Democrat on the House Intelligence Committee and top the House Democrat on the Joint Congressional investigation looking into the 9/11 attacks, I agree with former Senator Bob Graham that these documents should be declassified and made public, and that the Bush Administration’s refusal to do so was a mistake,” Pelosi said in a statement. “I have always advocated for providing as much transparency as possible to the American people consistent with protecting our national security.”

I gotta believe this was all orchestrated.

After pretending the Saudis have been good faith partners for 15 years, in spite of abundant evidence evidence they have always continued to support terrorism as a tool in their bid for power, it seems, the Intelligence Committee has finally decided it was convenient to be able to discuss the Saudi role in 9/11.

Mind you, if the IC was really serious about discussing what bad partners the Saudis have always been, they should also declassify the other abundant evidence that the Saudis have been playing two sides with us.

But that would discomfort a good many Americans, I suspect.

CIA Officers Didn’t Carry Out Waterboarding

A lot of people are pointing to John Brennan’s assurances that CIA won’t ever torture again as if it means anything (usually ignoring Brennan’s motivation from institutional preservation, not efficacy or morality or legality).

CIA Director John Brennan told NBC News in an exclusive interview that his agency will not engage in harsh “enhanced interrogation” practices, including waterboarding, which critics call torture — even if ordered to by a future president.

“I will not agree to carry out some of these tactics and techniques I’ve heard bandied about because this institution needs to endure,” Brennan said.

[snip]

When asked specifically about waterboarding Brennan could not have been clearer.

“Absolutely, I would not agree to having any CIA officer carrying out waterboarding again,” he said.

There are a lot of reasons this doesn’t mean anything, starting with the fact that President Trump could easily fire Brennan and replace him with someone pro torture.

But it’s funny, too, because Brennan’s assurances about waterboarding would hold true even for the period when CIA was waterboarding detainees. Because CIA officers didn’t do the waterboarding.

As a reminder, at least four detainees were known to be waterboarded under the Gloves Come Off Memorandum of Notification. The first, Ibn Sheikh al-Libi, was waterboarded by Egyptian intelligence, though with Americans present.

The others were waterboarded as part of torture led by Mitchell and Jessen, who were not CIA officers, but instead contractors. CIA officers were definitely involved in that torture (as they were present for our outsourced Egyptian torture). But the torture was technically done by contractors.

Don’t get me wrong: CIA officers did engage in a whole lot of torture directly.

But Brennan’s squirmy language should only emphasize the fact that even when CIA was in the business of waterboarding, CIA officers didn’t do the waterboarding. So Brennan’s guarantees that CIA officers won’t do so in the future are pretty meaningless guarantees.

Wednesday Morning: Wicked Weary World

Let’s have a brunch-time salute to Belgium, which produced this fine young artist Loic Nottet. Too bad there’s not much well-produced content in YouTube yet by this youngster. He has incredible upper range reach with great potential because of the power behind his voice. Hope to hear more by him soon; he’s a sweet antidote to bitter wickedness.

All in the family
Hope you’ve read Marcy’s piece already this morning on the relevance of nuclear family units to terrorism. In addition to suicide bombers El Bakraoui brothers Marcy mentioned, it’s worth examining the other links between the November 13 attacks in Paris and the attacks in Belgium yesterday. Note the familial relationships and their first-degree network:

Brahim Abdelslam — older brother of Salah, blew himself up in Paris during the November 15 attacks. (Dead)
Salah Abdelslam — captured last Friday March 18, has admitted he ‘had planned to target Brussels.’ His location was flagged by an unusual number of pizzas delivered to an apartment where power and water had been shut off. (In custody)

Abaid Aberkan — characterized as a relation of the Abdelslams, carried Brahim’s casket at the funeral last week. (NOT a terror suspect Edit: Le Monde indicates Aberkan was arrested during Friday’s raid, but name spelled ‘Abid.’) (In custody)
Aberkan’s mother — renter/owner of Molenbeek apartment in which Salah was hiding when captured last week. (NOT a terror suspect)

Mohamed Belkaid — killed in a raid last Tuesday at an apartment in Forest district; Salah fled the apartment. (Dead)

Mohamed Abrini — A childhood friend and neighbor of Salah, his younger brother Suleymane died fighting in an Islamist militia under the direction of Abdelhamid Abaaoud. Abaaoud, the leader of the Paris attacks, died on November 18 during a police raid. Abrini had traveled with both of the Abdelslam brothers the week before the attacks in Paris. He is now on the run and sought in relation to yesterday’s attack. (Suspect)

Najim Laachraoui — traveled with Salah and Belkaid last September, under the name Soufiane Kayal. His DNA was found in three different locations: on explosives in Paris, and at two other hide-outs used by attackers. He is now sought in relation to yesterday’s attack. (Suspect)

Though we’ll hear arguments for increased internet surveillance, it’s easy to see that traditional police work could identify a terrorist network of family and friends in the same way members of an organized crime syndicate centered around a family are revealed. (Sources for the above: The Guardian and The Australian)

Other stuff going on…

  • ‘Flash Crash’ trader to be extradited to the U.S., rule British judges (France24)
  • Sextortionist Michael Ford, who ran a criminal enterprise from his work computer while employed at U.S. embassy, sentenced to four years and nine months in prison (Ars Technica) — BoingBoing notes the hypocrisy of a government demanding backdoors while failing to note such a massive misuse of its own network.
  • Another hospital held hostage by ransomware, this time in Kentucky (Krebs on Security) — STOP OPENING LINKS IN EMAIL at work, for starters. Isolating email systems from all other networked operations would be better.
  • 24 car models by 19 automakers vulnerable to keyless entry hack (WIRED–mind the ad-block hate) — Mostly foreign models affected due to the radio frequency used.

Better luck tomorrow, gang. See you in the morning.

How to Protect against Terrorism: Eliminate the Valuable Terrorist Technology, the Nuclear Family

In addition to catching the third Brussels airport bomber,Najim Laachraoui, a known Salah Abdelslam associate, authorities in Europe have also revealed that the other two airport bombers were brothers, Khalid and Ibrahim El Bakraoui.

 

Police sources earlier told NBC News that Khalid El Bakraoui, 27, and 30-year-old sibling Ibrahim blew themselves up. Both had been convicted of violent crimes in the past and had links to one of the Paris attackers.

The El Bakraouis join an increasingly long list of recent terrorists who partner within their nuclear family (the Boston Marathon attack, Charlie Hebdo attack, and Paris attack were all carried out by brothers, and the San Bernardino attack was carried out by spouses). As New America noted in November (that is before several more family launched attacks), 30% of the fighters they’ve identified had family ties to jihad.

One-third of Western fighters have a familial connection to jihad, whether through relatives currently fighting in Syria or Iraq, marriage, or some other link to jihadists from prior conflicts or attacks. Of those with a familial link, almost two-thirds have a relative fighting in this conflict and almost one-third are connected through marriage, many of them new marriages conducted after arriving in Syria.

There has been less attention (though there has been some) about the operational advantages organizing attacks among family members offers. Not only would there be far more face-to-face conversations in any case (which you’d need a physical bug to collect), but even electronic communications metadata might not attract any attention, except insofar as helping to geolocate the parties. It’d be hard to distinguish, from metadata, between brothers or spouses discussing taking care of their kids from the same family members plotting to blow something up.

Family ties then, along with a reportedly difficult Moroccan dialect, may function to provide as much security as any (limited, given the reports) use of encryption. And all that’s on top of the cell’s extensive use of burner phones.

Using Jim Comey, um, logic, we might consider eliminating this threat by eliminating the nuclear family. Sure, the overwhelming majority of people who use it are law-abiding people obtaining valuable benefit from nuclear family. Sure, for the most vulnerable, family ties provide the most valuable kind of support to keep someone healthy. But bad guys exploit it too, and we can’t have that.

I mean, perhaps there should be an honest public discussion about the proportional value the nuclear family gives to terrorists and to others. But why would we have that discussion for the nuclear family and not for encryption?

Update: as soon as I posted this I saw notice that Belgian press (and with them NBC, apparently) got the identity of the third hijacker wrong, so I’ve crossed out and/or taken out those references.

DOJ’s Pre-Ass-Handing Capitulation

In its February 16 application for an All Writs Act to force Apple to help crack Syed Rizwan Farook’s phone, DOJ asserted,

Apple has the exclusive technical means which would assist the government in completing its search, but has declined to provide that assistance voluntarily.

[snip]

2. The government requires Apple’s assistance to access the SUBJECT DEVICE to determine, among other things, who Farook and Malik may have communicated with to plan and carry out the IRC shootings, where Farook and Malik may have traveled to and from before and after the incident, and other pertinent information that would provide more information about their and others’ involvement in the deadly shooting.

[snip]

3. As an initial matter, the assistance sought can only be provided by Apple.

[snip]

4. Because iOS software must be cryptographically signed by Apple, only Apple is able to modify the iOS software to change the setting or prevent execution of the function.

[snip]

5. Apple’s assistance is necessary to effectuate the warrant.

[snip]

6. This indicates to the FBI that Farook may have disabled the automatic iCloud backup function to hide evidence, and demonstrates that there may be relevant, critical communications and data around the time of the shooting that has thus far not been accessed, may reside solely on the SUBJECT DEVICE, and cannot be accessed by any other means known to either the government or Apple.

FBI’s forensics guy Christopher Pluhar claimed,

7. I have explored other means of obtaining this information with employees of Apple and with technical experts at the FBI, and we have been unable to identify any other methods feasible for gaining access to the currently inaccessible data stored within the SUBJECT DEVICE.

On February 19, DOJ claimed,

8. The phone may contain critical communications and data prior to and around the time of the shooting that, thus far: (1) has not been accessed; (2) may reside solely on the phone; and (3) cannot be accessed by any other means known to either the government or Apple.

[snip]

9. Apple left the government with no option other than to apply to this Court for the Order issued on February 16, 2016.

[snip]

10. Accordingly, there may be critical communications and data prior to and around the time of the shooting that thus far has not been accessed, may reside solely on the SUBJECT DEVICE; and cannot be accessed by any other means known to either the government or Apple.

[snip]

11. Especially but not only because iPhones will only run software cryptographically signed by Apple, and because Apple restricts access to the source code of the software that creates these obstacles, no other party has the ability to assist the government in preventing these features from obstructing the search ordered by the Court pursuant to the warrant.

[snip]

12. Apple’s close relationship to the iPhone and its software, both legally and technically – which are the produce of Apple’s own design – makes compelling assistance from Apple a permissible and indispensable means of executing the warrant.

[snip]

13. Apple’s assistance is also necessary to effectuate the warrant.

[snip]

14. Moreover, as discussed above, Apple’s assistance is necessary because without the access to Apple’s software code and ability to cryptographically sign code for the SUBJECT DEVICE that only Apple has, the FBI cannot attempt to determine the passcode without fear of permanent loss of access to the data or excessive time delay. Indeed, after reviewing a number of other suggestions to obtain the data from the SUBJECT DEVICE with Apple, technicians from both Apple and the FBI agreed that they were unable to identify any other methods – besides that which is now ordered by this Court – that are feasible for gaining access to the currently inaccessible data on the SUBJECT DEVICE. There can thus be no question that Apple’s assistance is necessary, and that the Order was therefore properly issued.

Almost immediately after the government made these claims, a number of security researchers I follow not only described ways FBI might be able to get into the phone, but revealed that FBI had not returned calls with suggestions.

On February 25, Apple pointed out the government hadn’t exhausted possible of means of getting into the phone.

Moreover, the government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks. See Hanna Decl. Ex. DD at 34–36 [October 26, 2015 Transcript] (Judge Orenstein asking the government “to make a representation for purposes of the All Writs Act” as to whether the “entire Government,” including the “intelligence community,” did or did not have the capability to decrypt an iPhone, and the government responding that “federal prosecutors don’t have an obligation to consult the intelligence community in order to investigate crime”). As such, the government has not demonstrated that “there is no conceivable way” to extract data from the phone.

On March 1, members of Congress and House Judiciary Committee witness Susan Landau suggested there were other ways to get into the phone (indeed, Darrell Issa, who was one who made that point, is doing a bit of a victory lap). During the hearing, as Jim Comey insisted that if people had ways to get into the phone, they should call FBI, researchers noted they had done so and gotten no response.

Issa: Is the burden so high on you that you could not defeat this product, either through getting the source code and changing it or some other means? Are you testifying to that?

Comey: I see. We wouldn’t be litigating if we could. We have engaged all parts of the U.S. Government to see does anybody that has a way, short of asking Apple to do it, with a 5C running iOS 9 to do this, and we don not.

[snip]

a) Comey: I have reasonable confidence, in fact, I have high confidence that all elements of the US government have focused on this problem and have had great conversations with Apple. Apple has never suggested to us that there’s another way to do it other than what they’ve been asked to do in the All Writs Act.

[snip]

b) Comey [in response to Chu]: We’ve talked to anybody who will talk to us about it, and I welcome additional suggestions. Again, you have to be very specific: 5C running iOS 9, what are the capabilities against that phone. There are versions of different phone manufacturers and combinations of models and operating system that it is possible to break a phone without having to ask the manufacturer to do it. We have not found a way to break the 5C running iOS 9.

[snip]

c) Comey [in response to Bass]: There are actually 16 other members of the US intelligence community. It pains me to say this, because I — in a way, we benefit from the myth that is the product of maybe too much television. The only thing that’s true on television is we remain very attractive people, but we don’t have the capabilities that people sometimes on TV imagine us to have. If we could have done this quietly and privately we would have done it.

[snip]

Cicilline: I think this is a very important question for me. If, in fact — is it in fact the case that the government doesn’t have the ability, including the Department of Homeland Security Investigations, and all of the other intelligence agencies to do what it is that you claim is necessary to access this information?

d) Comey: Yes.

While Comey’s statements were not so absolutist as to suggest that only Apple could break into this phone, Comey repeatedly said the government could not do it.

On March 10, DOJ claimed,

15. The government and the community need to know what is on the terrorist’s phone, and the government needs Apple’s assistance to find out.

[snip]

16. Apple alone can remove those barriers so that the FBI can search the phone, and it can do so without undue burden.

[snip]

17. Without Apple’s assistance, the government cannot carry out the search of Farook’s iPhone authorized by the search warrant. Apple has ensured that its assistance is necessary by requiring its electronic signature to run any program on the iPhone. Even if the Court ordered Apple to provide the government with Apple’s cryptographic keys and source code, Apple itself has implied that the government could not disable the requisite features because it “would have insufficient knowledge of Apple’s software and design protocols to be effective.”

[snip]

18. Regardless, even if absolute necessity were required, the undisputed evidence is that the FBI cannot unlock Farook’s phone without Apple’s assistance.

[snip]

19. Apple deliberately established a security paradigm that keeps Apple intimately connected to its iPhones. This same paradigm makes Apple’s assistance necessary for executing the lawful warrant to search Farook’s iPhone.

On March 15, SSCI Member Ron Wyden thrice suggested someone should ask NSA if they could hack into this phone.

On March 21, DOJ wrote this:

Specifically, since recovering Farook’s iPhone on December 3, 2015, the FBI has continued to research methods to gain access to the data stored on it. The FBI did not cease its efforts after this litigation began. As the FBI continued to conduct its own research, and as a result of the worldwide publicity and attention on this case, others outside the U.S. government have continued to contact the U.S. government offering avenues of possible research.

On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone

You might think that FBI really did suddenly find a way to hack the phone, after insisting over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over they could only get into it with Apple’s help. Indeed, the described timing coincides remarkably well with the announcement that some Johns Hopkins researchers had found a flaw in iMessage’s encryption (which shouldn’t relate at all to breaking into such phones, though it is possible FBI is really after iMessages they think will be on the phone). Indeed, in describing the iMessage vulnerability, Johns Hopkins prof Matthew Green ties the discovery to the Apple fight.

Now before I go further, it’s worth noting that the security of a text messaging protocol may not seem like the most important problem in computer security. And under normal circumstances I might agree with you. But today the circumstances are anything but normal: encryption systems like iMessage are at the center of a critical national debate over the role of technology companies in assisting law enforcement.

A particularly unfortunate aspect of this controversy has been the repeated call for U.S. technology companies to add “backdoors” to end-to-end encryption systems such as iMessage. I’ve always felt that one of the most compelling arguments against this approach — an argument I’ve made along with other colleagues — is that we just don’t know how to construct such backdoors securely. But lately I’ve come to believe that this position doesn’t go far enough — in the sense that it is woefully optimistic. The fact of the matter is that forget backdoors: webarely know how to make encryption workat all. If anything, this work makes me much gloomier about the subject.

Plus, as Rayne noted to me earlier, Ellen Nakashima’s first report on this went up just after midnight on what would be the morning of March 21, suggesting she had an embargo (though that may be tied to Apple’s fix for the vulnerability). [Update: Correction — her story accidentally got posted then unposted earlier than that.]

But that would require ignoring the 19 plus times (ignoring Jim Comey’s March 1 testimony) that DOJ insisted the only way they could get into the phone was by having Apple’s help hacking it (though note most of those claims only considered the ways that Apple might crack the phone, not ways that, say, NSA might). You’d have to ignore the problems even within these statements. You’d have to ignore the conflicting sworn testimony from FBI’s witnesses (including Jim Comey).

It turns out FBI’s public argument went to shit fast. Considering the likelihood they screwed up with the forensics on this phone and that there’s absolutely nothing of interest on the phone, I take this as an easy retreat for them.

But that doesn’t mean this is over. Remember, FBI has already moved to unlock this iPhone, of similar vintage to Farook’s, which seems more central to an actual investigation (even if FBI won’t be able to scream terrorterrorterror). There are two more encrypted phones FBI has asked Apple to break open.

But for now, I take this as FBI’s attempt to take its claims back into the shadows, where it’s not so easy to expose the giant holes in their claims.

Updated with Comey testimony.

Tuesday Morning: Été Frappé

[graphic: Map of Belgian attacks 22MAR2016 for Le Monde via Eric Beziat]

[graphic: Map of Belgian attacks 22MAR2016 for Le Monde via Eric Beziat]

Whatever I was going to write today has been beaten into submission by current events.

Woke up to news about alleged terror attacks in Belgium — social media was a mess, a deluge of information with little organization. Best I can tell from French language news outlets including Le Monde, the first attack was at 8:00 a.m. local time at the Zaventem Airport just outside Brussels. The second attack occurred at the metro station Maelbeek at 9:11 a.m. Both attacks appeared use bombs, unlike the Paris attack this past year — two at the airport, one at the metro. Reports indicate 15 deaths and 55 seriously injured so far.

A third explosion reported in the city at a different location in the city of Brussels has been attributed to the controlled detonation of a suspicious package after the second attack.

In the time gap between the two attacks, one might suppose many law enforcement and military would have gone to the airport to respond to the first attack. Was there synchronization by planned schedule, or was there coordination by communication?

However, communications may have been difficult as telecom networks were quickly flooded. How soon were the telecom networks overloaded? Or were the networks throttled for observation? We may not ever know.

It’s worth reexamining what Marcy wrote about the communications found after Paris attack (here and here). It may be relevant if the same practices were used by the attackers in Brussels.

Important to note that Paris terror attack suspect Salah Abdeslam was arrested March 18 in a raid in Brussels. He is believed to have transported several of the attackers to the Stade de France just before the November 13 attack. Abdeslam may have been one of several suspects who fled from another earlier raid during which another suspect was killed.

Still working on the order issued late yesterday vacating today’s planned hearing on #AppleVsFBI. The order is here.

UPDATE — 9:30 a.m. EST — Marcy will be posting in a bit about the #AppleVsFBI hearing that wasn’t.

Another interesting story that broke in France today: French Supreme Court affirmed a previous lower court decision which ruled legal the wiretapping of former president Nicolas Sarkozy. Sarkozy has been under investigation for various forms of influence peddling since 2010, including receipt of campaign funds from Libya’s Muammar Gaddafi in 2007.

UPDATE — 1:00 p.m. EST/5:00 p.m. London/6:00 p.m. Brussels, Paris —

Now into the post-emergency recovery stage — all manner of political functionaries and talking heads have offered their two bits on this morning’s attacks. Three days of mourning have been declared in Belgium. Pictures of the alleged bombers at the airport taken by security video camera have now been published. The airport attackers detonated their weapons in the pre-security check-in area. 34 deaths have now been reported as a result of the attacks for which ISIS has now claimed responsibility. Across the Channel, the UK remains on alert for multiple attacks after last week’s raid in Brussels; UK travelers have been discouraged from traveling to Brussels.

Timeline (via Agence France-Presse)

22 mars Peu après 09h00/22 March Shortly after 9:00 a.m.
Explosion dans la station de métro Maelbeek.
Explosion in the Maelbeek metro station.

22 mars 08h00/22 March 8:00 a.m.
Deux explosions a l’aeroport. Possible kamikaze.
Two explosions at the airport. Possible suicide bomber.

21 mars/21 March
[Suspect] Najim Laachraoui, dont l’ADN a été retrouvé sur des explosifs, identifié et activement recherché.
Najim Laachraoui, whose DNA was found on explosives, identified and actively sought.

18 mars/18 March
Salah Abdeslam arête à Molenbeek.
Abdeslam Salah arrested in Molenbeek.

15 mars/15 March
Fusillade, quartier Forest – Mohammed Belkaid, lié aux auteurs de attentats de Paris du 13 novembre est tué. Empreintes de Salah Abdeslam retrouvées.
Shooting, Forest district – Mohamed Belkaid, linked to Paris attack planners of November 13, killed. Footprints of Salah Abdeslam found.

1 2 3 94
Emptywheel Twitterverse
bmaz @HeidiOBrien8 I bet exactly the opposite.
1hreplyretweetfavorite
bmaz @VBalasubramani @trabernlaw You guys have all the fun!
1hreplyretweetfavorite
emptywheel RT @thegrugq: This is a massive clusterfuck of a terrorist network. This is what happens w/o professionals, or effective hierarchy https://…
2hreplyretweetfavorite
emptywheel @Realharampolice I'm a lit PhD who always believed imperfect works were the best, so I'll take it.
2hreplyretweetfavorite
emptywheel @msbellows Hope it works out. Can't be easy.
2hreplyretweetfavorite
emptywheel @Realharampolice If there's a lot of new beautiful music I don't much care what else is in the vault.
2hreplyretweetfavorite
emptywheel @Realharampolice Beautiful music?
2hreplyretweetfavorite
JimWhiteGNV RT @GatorsSB: T6: @AmandaLorenz18 records her first-career GRAND SLAM! UF leads TAMU, 14-3. #Wow #GoGators https://t.co/IZIEm1OZo2
2hreplyretweetfavorite
JimWhiteGNV RT @GatorsBB: That feeling when you hit two bombs in the ninth to win 5-4... #Gators 💣💣 https://t.co/oB60aC1OQj
2hreplyretweetfavorite
bmaz Urgh. That said, hard to see how Osweiller has not already shown up Nick Foles. #GoDevils! https://t.co/wFjXOJi3kl
2hreplyretweetfavorite
bmaz @dpottzzz Errr, just know which school will always dominate AZ collegiate football. It is written (as, apparently, basketball now is).
2hreplyretweetfavorite
April 2016
S M T W T F S
« Mar    
 12
3456789
10111213141516
17181920212223
24252627282930