Last week, Jim Comey suggested the FBI paid more for the vulnerability that helped it break into Syen Rizwan Farook’s phone than he will be paid for the 7 years he’ll remain at FBI. The WSJ then did this math.
Speaking at the Aspen Security Forum in London, FBI Director James Comey didn’t cite a precise figure for how much the government paid for the solution to cracking the phone but said it was more than his salary for the seven-plus years remaining in his term at the FBI.
His annual salary is about $180,000 a year, so that comes to $1.26 million or more.
“[We] paid a lot’’ for the hacking tool, Mr. Comey said. “But it was worth it.’’
Over 600 outlets covered that story, claiming — without further confirmation — that FBI paid over $1 million for the hack, with many accounts settling on $1.3 million.
I noted at the time that 1) Jim Comey has a history of telling untruths when convenient and 2) he had an incentive to exaggerate the cost of this exploit, because it would pressure Congress to pass a bill, like the horrible Burr-Feinstein bill, that would force Apple and other providers to help law enforcement crack phones less expensively. I envisioned this kind of exchange at a Congressional hearing:
Credulous Congressperson: Wow. $1M. That’s a lot.
Comey: Yes, you’ll need to triple our budget or help me find a cheaper way.
Lonely sane Congressperson: But, uh, if we kill security won’t that be more expensive?
Comey: Let me tell you abt time I ran up some steps.
I then mused that, because Comey had officially acknowledged paying that kind of figure, it would make it a lot easier to FOIA the exact amount. By the time I tweeted that thought, of course, Jason Leopold had already submitted a FOIA for the amount.
Sure enough, the outcome I figured has already happened: without offering an explanation for the discrepancy, Mark Hosenball reported today that the figure was actually under $1 million, and FBI will be able to use it on other phones.
The FBI paid under $1 million for the technique used to unlock the iPhone used by one of the San Bernardino shooters – a figure smaller than the $1.3 million the agency’s chief initially indicated the hack cost, several U.S. government sources said on Thursday.
The Federal Bureau of Investigation will be able to use the technique to unlock other iPhone 5C models running iOS 9 – the specifications of the shooter’s phone – without additional payment to the contractor who provided it, these people added.
Just one FOIA submission later (and, probably, the calls of a bunch of outraged members of Congress wondering why FBI paid $1.3 million for a hack they claimed, in explaining why they would not submit the hack to the Vulnerabilities Equity Process that might require them to share it with Apple nine months after Apple patched it, they didn’t understand at all), and all of a sudden this hack is at least $300,000 less expensive (and I’m betting a lot more than that).
You see how effective a little aggressive FOIAing is at reining in waste, fraud, and abuse?
A pity it can’t reverse the impact of all those credulous reports repeating Comey’s claim.
During the first of a series of hearings in the last year in which Jim Comey (at this particular hearing, backed by Deputy Attorney General Sally Yates) pushed for back doors, they were forced to admit they didn’t actually have numbers proving encryption was a big problem for their investigations because they simply weren’t tracking that number.
On the issue on which Comey — and his co-witness at the SJC hearing, Deputy Attorney General Sally Yates — should have been experts, they were not. Over an hour and a quarter into the SJC hearing, Al Franken asked for actual data demonstrating how big of a problem encryption really is. Yates replied that the government doesn’t track this data because once an agency discovers they’re targeting a device with unbreakable encryption, they use other means of targeting. (Which seems to suggest the agencies have other means to pursue the targets, but Yates didn’t acknowledge that.) So the agencies simply don’t count how many times they run into encryption problems. “I don’t have good enough numbers yet,” Comey admitted when asked again at the later hearing about why FBI can’t demonstrate this need with real data.
In point of fact, a recent wiretap report shows that in the criminal context, at least, federal agencies do count such incidences, sometimes. But they don’t report the numbers in a timely fashion (5 of the 8 encrypted federal wiretaps reported in 2014 were from earlier years that were only then being reported), and agencies were eventually able to break most of the encrypted lines (also 5 of 8). Moreover, those 8 encrypted lines represented only 0.6 percent of all their wiretaps (8 of 1279). Reporting for encrypted state wiretaps were similarly tiny. Those numbers don’t reflect FISA wiretaps. But there, FBI often partners with NSA, which has even greater ability to crack encryption.
In any case, rather than documenting the instances where encryption thwarted the FBI, Comey instead asks us to just trust him.
Which is important background to an ancillary detail in this NYT story on how FBI tried a work-around for PGP in 2003 — its first attempt to do so — to go after some animal rights activists (AKA “eco-terrorists).
In early 2003, F.B.I. agents hit a roadblock in a secret investigation, called Operation Trail Mix. For months, agents had been intercepting phone calls and emails belonging to members of an animal welfare group that was believed to be sabotaging operations of a company that was using animals to test drugs. But encryption software had made the emails unreadable.
So investigators tried something new. They persuaded a judge to let them remotely, and secretly, install software on the group’s computers to help get around the encryption.
“This was the first time that the Department of Justice had ever approved such an intercept of this type,” an F.B.I. agent wrote in a 2005 document summing up the case.
DOJ didn’t include this encounter with encryption in the wiretap reports that mandate such reporting.
It is also unclear why the Justice Department, which is required to report every time it comes across encryption in a criminal wiretap case, did not do so in 2002 or 2003. The Justice Department and F.B.I. did not comment Wednesday.
It didn’t count that encounter with crypto even though FBI was discussing — as Bob Litt would 13 years later — exploiting fears of “terrorism” to get Congress to pass a law requiring back doors.
“The current terrorism prevention context may present the best opportunity to bring up the encryption issue,” an F.B.I. official said in a December 2002 email. A month later, a draft bill, called Patriot Act 2, revealed that the Justice Department was considering outlawing the use of encryption to conceal criminal activity. The bill did not pass.
Now, it may be that, as remained the case until last year, FBI simply doesn’t record that they encountered encryption and instead tries to get the information some other way. But by all appearances, encryption was tied to that wiretap.
Which suggests another option: that FBI isn’t tracking how often it encounters encryption because it doesn’t want to disclose that it is actually finding a way around it.
That’d be consistent with what they’ve permitted providers to report in their transparency reports. Right now, providers are not permitted to report on new collection (say, collection reflecting the compromise of Skype) for two years after it starts. The logic is that the government is effectively giving itself a two year window of exclusive exploitation before it will permit reporting that might lead people to figure out something new has been subjected to PRISM or other collection.
Why would we expect FBI to treat its own transparency any differently?
Update: This post has been updated to include more of the NYT article and a discussion of how encryption transparency may match provider transparency.
There’s a lot that doesn’t quite make sense in Ellen Nakashima’s explanation for how FBI broke into Syed Rizwan Farook’s iPhone.
The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.
The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.
At least one of the people who helped the FBI in the San Bernardino case falls into a third category, often considered ethically murky: researchers who sell flaws — for instance, to governments or to companies that make surveillance tools.
This last group, dubbed “gray hats,” can be controversial. Critics say they might be helping governments spy on their own citizens. Their tools, however, might also be used to track terrorists or hack an adversary spying on the United States. These researchers do not disclose the flaws to the companies responsible for the software, as the exploits’ value depends on the software remaining vulnerable.
Don’t get me wrong. I don’t doubt Nakashima is reporting what she learned; I know other reporters were working on a similar direction.
It’s just that the FBI’s currently operative story still makes no sense. For starters, why would the FBI pay someone selling zero days but not be willing to consider the solutions offered by (just as an example of one forensics person I know who offered to help) Jonathan Zdziarski?
And I still wonder why the government apparently unsealed the warrant in Farook’s case once before it unsealed it to compel Apple. Indeed, while Nakashima (and other reporters) says FBI “did not need the services of the Israeli firm Cellebrite,” I still think using them (or someone similar) as a middle-man might offer the best of all worlds: no official possession of this exploit, easy contracting, the ability to give (as FBI has been) conflicting stories without any of them being fully false. Just as an example, if Cellebrite told FBI it currently couldn’t crack the phone before FBI got an All Writs Act order obligating Apple, then FBI could fairly claim, as they did, that only Apple or FBI could open the phone (even if they hadn’t actually asked many other people who might be able to hack the phone). But if someone went to Cellebrite or even FBI with the exploit after that, then FBI would have a way of using the exploit without having it and therefore having to submit it to the Vulnerabilities Equities Process (though technically they should still have to). FBI would have a way of promising to keep the exploit hidden, which the vendor would require, because it would technically never be in possession of it.
There’s one more thing that is getting lost in this debate. Comey and others keep talking about the use of this for an intelligence function, as if to justify keeping this exploit secret. I know that’s the convenient part of using a terrorism case to raise the stakes of back dooring phones. But this is ultimately a law enforcement issue, not an intelligence one, no matter how much FBI wants to pretend we’re going to find out something going forward. And as such it should be subject to greater standards of disclosure than a pure use of an exploit for intelligence purposes would.
In other words, FBI is still playing word games.
In its February 16 application for an All Writs Act to force Apple to help crack Syed Rizwan Farook’s phone, DOJ asserted,
Apple has the exclusive technical means which would assist the government in completing its search, but has declined to provide that assistance voluntarily.
2. The government requires Apple’s assistance to access the SUBJECT DEVICE to determine, among other things, who Farook and Malik may have communicated with to plan and carry out the IRC shootings, where Farook and Malik may have traveled to and from before and after the incident, and other pertinent information that would provide more information about their and others’ involvement in the deadly shooting.
3. As an initial matter, the assistance sought can only be provided by Apple.
4. Because iOS software must be cryptographically signed by Apple, only Apple is able to modify the iOS software to change the setting or prevent execution of the function.
5. Apple’s assistance is necessary to effectuate the warrant.
6. This indicates to the FBI that Farook may have disabled the automatic iCloud backup function to hide evidence, and demonstrates that there may be relevant, critical communications and data around the time of the shooting that has thus far not been accessed, may reside solely on the SUBJECT DEVICE, and cannot be accessed by any other means known to either the government or Apple.
FBI’s forensics guy Christopher Pluhar claimed,
7. I have explored other means of obtaining this information with employees of Apple and with technical experts at the FBI, and we have been unable to identify any other methods feasible for gaining access to the currently inaccessible data stored within the SUBJECT DEVICE.
On February 19, DOJ claimed,
8. The phone may contain critical communications and data prior to and around the time of the shooting that, thus far: (1) has not been accessed; (2) may reside solely on the phone; and (3) cannot be accessed by any other means known to either the government or Apple.
9. Apple left the government with no option other than to apply to this Court for the Order issued on February 16, 2016.
10. Accordingly, there may be critical communications and data prior to and around the time of the shooting that thus far has not been accessed, may reside solely on the SUBJECT DEVICE; and cannot be accessed by any other means known to either the government or Apple.
11. Especially but not only because iPhones will only run software cryptographically signed by Apple, and because Apple restricts access to the source code of the software that creates these obstacles, no other party has the ability to assist the government in preventing these features from obstructing the search ordered by the Court pursuant to the warrant.
12. Apple’s close relationship to the iPhone and its software, both legally and technically – which are the produce of Apple’s own design – makes compelling assistance from Apple a permissible and indispensable means of executing the warrant.
13. Apple’s assistance is also necessary to effectuate the warrant.
14. Moreover, as discussed above, Apple’s assistance is necessary because without the access to Apple’s software code and ability to cryptographically sign code for the SUBJECT DEVICE that only Apple has, the FBI cannot attempt to determine the passcode without fear of permanent loss of access to the data or excessive time delay. Indeed, after reviewing a number of other suggestions to obtain the data from the SUBJECT DEVICE with Apple, technicians from both Apple and the FBI agreed that they were unable to identify any other methods – besides that which is now ordered by this Court – that are feasible for gaining access to the currently inaccessible data on the SUBJECT DEVICE. There can thus be no question that Apple’s assistance is necessary, and that the Order was therefore properly issued.
Almost immediately after the government made these claims, a number of security researchers I follow not only described ways FBI might be able to get into the phone, but revealed that FBI had not returned calls with suggestions.
On February 25, Apple pointed out the government hadn’t exhausted possible of means of getting into the phone.
Moreover, the government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks. See Hanna Decl. Ex. DD at 34–36 [October 26, 2015 Transcript] (Judge Orenstein asking the government “to make a representation for purposes of the All Writs Act” as to whether the “entire Government,” including the “intelligence community,” did or did not have the capability to decrypt an iPhone, and the government responding that “federal prosecutors don’t have an obligation to consult the intelligence community in order to investigate crime”). As such, the government has not demonstrated that “there is no conceivable way” to extract data from the phone.
On March 1, members of Congress and House Judiciary Committee witness Susan Landau suggested there were other ways to get into the phone (indeed, Darrell Issa, who was one who made that point, is doing a bit of a victory lap). During the hearing, as Jim Comey insisted that if people had ways to get into the phone, they should call FBI, researchers noted they had done so and gotten no response.
Issa: Is the burden so high on you that you could not defeat this product, either through getting the source code and changing it or some other means? Are you testifying to that?
Comey: I see. We wouldn’t be litigating if we could. We have engaged all parts of the U.S. Government to see does anybody that has a way, short of asking Apple to do it, with a 5C running iOS 9 to do this, and we don not.
a) Comey: I have reasonable confidence, in fact, I have high confidence that all elements of the US government have focused on this problem and have had great conversations with Apple. Apple has never suggested to us that there’s another way to do it other than what they’ve been asked to do in the All Writs Act.
b) Comey [in response to Chu]: We’ve talked to anybody who will talk to us about it, and I welcome additional suggestions. Again, you have to be very specific: 5C running iOS 9, what are the capabilities against that phone. There are versions of different phone manufacturers and combinations of models and operating system that it is possible to break a phone without having to ask the manufacturer to do it. We have not found a way to break the 5C running iOS 9.
c) Comey [in response to Bass]: There are actually 16 other members of the US intelligence community. It pains me to say this, because I — in a way, we benefit from the myth that is the product of maybe too much television. The only thing that’s true on television is we remain very attractive people, but we don’t have the capabilities that people sometimes on TV imagine us to have. If we could have done this quietly and privately we would have done it.
Cicilline: I think this is a very important question for me. If, in fact — is it in fact the case that the government doesn’t have the ability, including the Department of Homeland Security Investigations, and all of the other intelligence agencies to do what it is that you claim is necessary to access this information?
d) Comey: Yes.
While Comey’s statements were not so absolutist as to suggest that only Apple could break into this phone, Comey repeatedly said the government could not do it.
On March 10, DOJ claimed,
15. The government and the community need to know what is on the terrorist’s phone, and the government needs Apple’s assistance to find out.
16. Apple alone can remove those barriers so that the FBI can search the phone, and it can do so without undue burden.
17. Without Apple’s assistance, the government cannot carry out the search of Farook’s iPhone authorized by the search warrant. Apple has ensured that its assistance is necessary by requiring its electronic signature to run any program on the iPhone. Even if the Court ordered Apple to provide the government with Apple’s cryptographic keys and source code, Apple itself has implied that the government could not disable the requisite features because it “would have insufficient knowledge of Apple’s software and design protocols to be effective.”
18. Regardless, even if absolute necessity were required, the undisputed evidence is that the FBI cannot unlock Farook’s phone without Apple’s assistance.
19. Apple deliberately established a security paradigm that keeps Apple intimately connected to its iPhones. This same paradigm makes Apple’s assistance necessary for executing the lawful warrant to search Farook’s iPhone.
On March 15, SSCI Member Ron Wyden thrice suggested someone should ask NSA if they could hack into this phone.
On March 21, DOJ wrote this:
Specifically, since recovering Farook’s iPhone on December 3, 2015, the FBI has continued to research methods to gain access to the data stored on it. The FBI did not cease its efforts after this litigation began. As the FBI continued to conduct its own research, and as a result of the worldwide publicity and attention on this case, others outside the U.S. government have continued to contact the U.S. government offering avenues of possible research.
On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone
You might think that FBI really did suddenly find a way to hack the phone, after insisting over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over they could only get into it with Apple’s help. Indeed, the described timing coincides remarkably well with the announcement that some Johns Hopkins researchers had found a flaw in iMessage’s encryption (which shouldn’t relate at all to breaking into such phones, though it is possible FBI is really after iMessages they think will be on the phone). Indeed, in describing the iMessage vulnerability, Johns Hopkins prof Matthew Green ties the discovery to the Apple fight.
Now before I go further, it’s worth noting that the security of a text messaging protocol may not seem like the most important problem in computer security. And under normal circumstances I might agree with you. But today the circumstances are anything but normal: encryption systems like iMessage are at the center of a critical national debate over the role of technology companies in assisting law enforcement.
A particularly unfortunate aspect of this controversy has been the repeated call for U.S. technology companies to add “backdoors” to end-to-end encryption systems such as iMessage. I’ve always felt that one of the most compelling arguments against this approach — an argument I’ve made along with other colleagues — is that we just don’t know how to construct such backdoors securely. But lately I’ve come to believe that this position doesn’t go far enough — in the sense that it is woefully optimistic. The fact of the matter is that forget backdoors: webarely know how to make encryption workat all. If anything, this work makes me much gloomier about the subject.
Plus, as Rayne noted to me earlier, Ellen Nakashima’s first report on this went up just after midnight on what would be the morning of March 21, suggesting she had an embargo (though that may be tied to Apple’s fix for the vulnerability). [Update: Correction — her story accidentally got posted then unposted earlier than that.]
But that would require ignoring the 19 plus times (ignoring Jim Comey’s March 1 testimony) that DOJ insisted the only way they could get into the phone was by having Apple’s help hacking it (though note most of those claims only considered the ways that Apple might crack the phone, not ways that, say, NSA might). You’d have to ignore the problems even within these statements. You’d have to ignore the conflicting sworn testimony from FBI’s witnesses (including Jim Comey).
It turns out FBI’s public argument went to shit fast. Considering the likelihood they screwed up with the forensics on this phone and that there’s absolutely nothing of interest on the phone, I take this as an easy retreat for them.
But that doesn’t mean this is over. Remember, FBI has already moved to unlock this iPhone, of similar vintage to Farook’s, which seems more central to an actual investigation (even if FBI won’t be able to scream terrorterrorterror). There are two more encrypted phones FBI has asked Apple to break open.
But for now, I take this as FBI’s attempt to take its claims back into the shadows, where it’s not so easy to expose the giant holes in their claims.
Updated with Comey testimony.
Apple today revealed that the FBI intends to call two witnesses in the March 22 hearing regarding the All Writs Act order to help crack Syed Rizwan Farook’s phone: what I understand to be Privacy Manager Erik Neuenschwander and its Law Enforcement Compliance lawyer Lisa Olle. The tech company declined to say whether it will call the FBI personnel who made sworn statements in the case.
Things could get interesting fast, especially if Apple calls FBI’s forensics guy, Christopher Pluhar — or even better, FBI Director Jim Comey — as there’s an apparent discrepancy between their sworn testimony.
Here’s what Jim Comey had to say in response to a Jerry Nadler question in the March 1 House Judiciary Committee hearing.
As I understand from the experts, there was a mistake made in the, that 24 hours after the attack where the County at the FBI’s request took steps that made it hard later — impossible later to cause the phone to back up again to the iCloud. The experts have told me I’d still be sitting here, I was going to say unfortunately[?], I’m glad I’m here, but we would still be in litigation because — the experts tell me — there’s no way we would have gotten everything off the phone from a backup, I have to take them at their word.
Comey’s comments appear to conflict with this sworn declaration of FBI Christopher Pluhar.
To add further detail, on December 3, 2015, the same day the Subject Device was seized from the Lexus IS300, I supervised my Orange County Regional Computer Forensics Laboratory (“OCRCFL”) team who performed the initial triage of the Subject Device, and observed that the device was powered off, and had to be powered up, or booted, to conduct the triage.
I learned from SBCDPH IT personnel that SBCDPH also owned the iCloud account associated with the Subject Device, that SBCDPH did not have the current user password associated with the iCloud account, but that SBCDPH did have the ability to reset the iCloud account password.
Without the Subject Device’s passcode to gain access to the data on the Subject Device, accessing the information stored in the iCloud account associated with the Subject Device was the best and most expedient option to obtain at least some data associated with the Subject Device. With control of the iCloud account, the iCloud back-ups of the Subject Device could be restored onto different, exemplar iPhones, which could then be processed and analyzed.
After that conversation with Ms. Olle, and after discussions with my colleagues, on December 6, 2015, SBCDPH IT personnel, under my direction, changed the password to the iCloud account that had been linked to the Subject Device. Once that was complete, SBCDPH provided exemplar iPhones that were used as restore targets for two iCloud back-ups in the Subject Device’s iCloud account. Changing the iCloud password allowed the FBI and SBCDPH IT to restore the contents of the oldest and most recent back-ups of the Subject Device to the exemplar iPhones on December 6, 2015. Once back-ups were restored, OCRCFL examiners processed the exemplar iPhones and provided the extracted data to the investigative team. Because not all of the data on an iPhone is captured in an iCloud back-up (as discussed further below), the exemplar iPhones contained only that subset of data as previously backed-up from the Subject Device to the iCloud account, not all data that would be available by extracting data directly from the Subject Device (a “physical device extraction”).
That’s true for several reasons. First, as I understand it, once the phone was turned off, such a backup would no longer be possible, so it would have not been a mistake to change the password. And while Pluhar’s assertion that you can’t get everything from an iCloud backup is consistent with Comey’s claim (presumably Pluhar is one of the experts Comey relied on), Neuenschwander explained that that was false in his own supplemental declaration.
Note, this passage is also the first confirmation that the FBI had already told Apple this phone was part of the investigation by December 6, meaning it must have been one of the ones Apple provided metadata for on December 5.
There is just one way that Pluhar’s declaration and Comey’s statement (again, both were sworn) can be true: if the FBI turned off the phone themselves [update: or let it drain, h/t Some Guy]. That would also mean Comey’s claim that “a mistake was made in that 24 hours after the attack” would make more sense, as it would refer to the decision to turn off the phone, rather than FBI’s direction to San Bernardino County to change the password.
That said, I wonder whether FBI isn’t trying something else by calling Olle and Neuenschwander to testify.
As part of its reply, Apple had Senior Vice President for Software Engineering Craig Federighi submit a declaration to rebut government claims Apple has made special concessions to China. After making some absolute statements — such as that “Apple has also not provided any government with its proprietary iOS source code,” Federighi stated, “It is my understanding that Apple has never worked with any government agency from any country to create a “backdoor” in any of our products or services.”
I was struck at the time that the statement was not as absolute as the others. Federighi relies on what he knows, without, as elsewhere, making absolute assurances.
Which got me wondering. If any country had demanded a back door (or, for that matter, Apple’s source code) would Federighi really need to know? From Neuenschwander’s declaration, it sounded like a smallish team could make the back door the FBI is currently demanding, meaning he might be as high as such knowledge would rise.
So I wonder whether, in an attempt to be dickish, the government intends to ask Neuenschwander and Olle, who would be involved in such compliance issues, if they also back Federighi’s statement.
We shall see. For now, I just bet myself a quarter that Apple will call Comey.
This interview Ron Wyden did with Oregon Public Radio includes a lot of what you might expect from him, including an argument that weakening encryption makes us less safe, including possibly exposing kids (because their location gets identified) to pedophiles.
But the most interesting part of this interview are the three times Ron Wyden made it clear, in his inimitable fashion, that someone better ask NSA whether they can decrypt this phone. To me, the interview sounds like this:
Let me tell you what I think is noteworthy here. This is a fight between FBI and Apple. I think it’s noteworthy that nobody has heard from the NSA on this. [around 2:00]
And I want to come back to the fact that the NSA has not been heard from on this and I think that that is noteworthy. [before 7:25]
[After finally being asked what he had heard from NSA] I’m on the intelligence committee, so I’m bound, I take an oath, to not get into classified matters so I’m just going to, uh, leave that there with respect to the NSA. [at 8:30]
We’ve had experts like Susan Landau and Richard Clarke insist that NSA can get into this phone. Jim Comey, in testimony before HJC, sort of dodged by claiming that NSA doesn’t have the ability to get into a phone with this particular configuration.
But Ron Wyden sure seems to think the NSA might have more to say about that.
Golly, I can’t imagine what he thinks the NSA might have to offer about this phone.
There’s one last exchange in Wednesday’s Senate Judiciary Committee hearing with Attorney General Loretta Lynch that deserves closer focus. It came during John Cornyn’s round of questioning.
He structured his questions quite interestingly. He started by using the example of the Apple All Writs Act order to emphasize that FBI can’t do anything without DOJ’s approval and involvement. “I just want to make sure people understand the respective roles of different agencies within the law enforcement community — the FBI and the DOJ.”
He then turned to an unrelated subject — mental health, particularly as it relates to gun crime — ending that topic with a hope he and Lynch could work together.
Then he came back to the respective roles of the FBI and DOJ. “So let me get back to the role of the FBI and the Department of Justice.”
He did so in the context of Hillary’s email scandal. He started by reminding that Hillary had deleted 30,000 emails rather than turning them over to State for FOIA review. Cornyn then raised reports that the government had offered Bryan Pagliano immunity (Chuck Grassley argued elsewhere in the hearing that that should make it easy for Congress to demand his testimony, as the WSJ has also argued). “It’s true, isn’t it, that immunity can’t be granted by the FBI alone, it requires the Department of Justice to approve that immunity.”
Lynch filibustered, talking about different types of immunities, ultimately ceding that lawyers must be involved. She refused to answer a question directly about whether they had approved that grant of immunity. Which is when Cornyn moved onto trying to get the Attorney General to admit that she would have the final decision on whether to charge anyone in the email scandal.
Cornyn: Let me give you a hypothetical. If the FBI were to make a referral to the Department of Justice to pursue a case by way of an indictment and to convene a grand jury for that purpose, the Department of Justice is not required to do so by law, are they?
Lynch: It would not be an operation of law, it would be an operation of our procedures, which is we work closely with our law enforcement partners–
Cornyn: Prosecutorial discretion–
Lynch: –it would also be consulting with the Agents on all relevant factors of the investigation, and coming to a conclusion.
Cornyn: But you would have to make to the decision, or someone else working under you in the Department of Justice?
Lynch: It’s done in conjunction with the Agents. It’s not something that we would want to cut them out of the process. That has not been an effective way of prosecuting in my experience.
Cornyn: Yeah, I’m not suggesting that you would cut them out. I’m just saying, as you said earlier, you and the FBI would do that together, correct? Just like the Apple case?
Lynch: We handle matters together of all types.
Cornyn: If the FBI were to make a referral to the Department of Justice to pursue criminal charges against Mr. Pagliano or anyone else who may have been involved in this affair, does the ultimate decision whether to proceed to court, to ask for the convening of a grand jury, and to seek an indictment, does that rest with you, or someone who works for you at the Department of Justice?
Lynch: So Senator with respect to Mr. Pagliani [sic] or anyone who has been identified as a potential witness in any case, I’m not able to comment on the specifics of that matter and so I’m not able to provide you–
Cornyn: I’m not asking you to comment on the specifics of the matter, I’m asking about what the standard operating procedure is, and it seems pretty straightforward. The FBI does a criminal investigation, but then refers the charges to the Department of Justice, including US Attorneys, perhaps in more celebrated cases goes higher up the food chain. But my simple question is doesn’t the buck stop with you, in terms of whether to proceed, to seek an indictment, to convene a grand jury, and to prosecute a case referred to you by the FBI?
Lynch: There’s many levels of review, at many stages of the case, and so I would not necessarily be involved in every decision as to every prosecutorial step to make.
Cornyn: It would be you or somebody who works for you, correct?
Lynch: Everyone in the Department of Justice works for me, including the FBI, sir.
Cornyn: I’m confident of that.
Grassley: Senator Schumer.
Schumer: Well done, Attorney General, well done.
I’m not entirely sure what to make of this: whether Cornyn was setting this up for the future, or whether he was trying to lay out Lynch’s responsibility for a decision already made. But given the reports that FBI Agents think someone should be charged (whether because of the evidence or because Hillary is Hillary), it sure felt like Cornyn was trying to pressure Lynch for her role in decisions already discussed. Indeed, I wonder whether Cornyn was responding to direct entreaties from someone at the FBI, possibly quite high up at the FBI, about Lynch’s role in this case.
Whatever he was trying to do, it may lead to some folks in the FBI getting a stern talking to from their boss, Loretta Lynch.
The Department of Justice is undercutting Chuck Grassley’s efforts to provide FBI employees whistleblower protection. That became clear in an exchange (2:42) on Wednesday.
The exchange disclosed two objections DOJ has raised to Grassley’s FBI Whistleblower Protect Act. First, as Attorney General Loretta Lynch revealed, DOJ is worried that permitting FBI Agents to report crimes or waste through their chain of command would risk exposing intelligence programs.
What I would say is that as we work through this issue, please know that, again, any concerns that the Department raises are not out of a disagreement with the point of view of the protection of whistleblowers but again, just making sure that the FBI’s intelligence are also protected at the same time.
I suspect (though am looking for guidance) that the problem may be that the bill permits whistleblowers to go to any member of Congress, rather than just ones on the Intelligence Committees. It’s also possible that DOJ worries whistleblowers will be able to go to someone senior to them, but not read into a given program.
Still, coming from an agency that doesn’t adequately report things like its National Security Letter usage to Congress, which has changed its reporting to the Intelligence Oversight Board so as to exempt more activities, and can’t even count its usage of other intelligence programs, it seems like a tremendous problem that DOJ doesn’t want FBI whistleblowers to have protection because it might expose what FBI is doing on intelligence.
That’s sort of the point!
Especially given Grassley’s other point: apparently, DOJ is opposed to the bill because it will elicit too many complaints.
One of the issues that your department has raised is that allowing FBI employees to report wrong-doing to their chain of command could lead to too many complaints. You know? What’s wrong with too many complaints? … Seems to me you’d invite every wrong doing to get reported to somebody so it could get corrected.
Apparently, DOJ knows there are so many problems FBI employees would like to complain about that things would grind to a halt if they were actually permitted to complain.
This is the FBI! Not only a bureau that has tremendous power over people, but also one with a well-documented history of abuse. It should be the first entity that has whistleblower protection, not the last!
Grassley raised two more points. First, in April 2014, DOJ promised to issue new guidelines on whistleblowing for FBI, clarifying who employees could go to. That hasn’t been done yet.
FBI has, however, created a video about whistleblowing which is, according to what Grassley said, pretty crappy. He’s asking for both those things as well.
As he has said repeatedly in Congressional testimony, FBI Director Jim Comey wants to change Apple’s business model.
The former General Counsel for defense contractor Lockheed and hedge fund Bridgewater Associates has never, that I’ve seen, explained what he thought Apple’s business model should be, or how much he wants to change it, or how the FBI Director put himself in charge of dictating what business models were good for America and what weren’t and why we’re even asking that in an age of multinational corporate structures.
It seems there are three possible business models Comey might have in mind for Apple:
I raise these models, in part, because I got into a conversation on Twitter about what the value of encryption on handsets really is. The conversation suffered, I think, from presuming that iPhones and Android phones have the same business model, and therefore one could calculate the value of the encryption offered on an iPhone the same way one would calculate the value of encryption on an Android phone. They’re not.
Even aside from the current difference between Google’s business model (the data model at the software level, the licensing model at the handset level) versus Apple’s model, in Apple’s model, the customer is the customer, and she pays a premium for an idyllic walled garden that includes many features she may not use.
I learned this visiting recently with a blind friend of mine, whom I used to read for on research in college, who therefore introduced me to adaptive technologies circa 1990 (which were pretty cutting edge at the time). I asked her what adaptive technologies she currently uses, thinking that as happened with the 90s stuff the same technology might then be rolled out for a wider audience in a slightly different application. She said, the iPhone, the iPhone, and the iPhone. Not only are there a slew of apps available for iPhone that provide adaptive technologies. Not only does the iPhone offer the ability to access recorded versions of the news and the like. But all this comes standard in every iPhone (along with other adaptive technologies that wouldn’t be used by a blind person any more than most sighted ones). All iPhone users pay for those adaptive technologies as part of their walled garden, even though even fewer realize they’re there than they realize their phone has great encryption. But because they pay more for their phone, they’re effectively ensuring those who need adaptive technologies can have them, and on the market leader in handsets. Adaptive technologies, like online security, are part of the idyllic culture offered within Apple’s walled garden.
The notion that you can assign a value to Apple’s encryption, independent of the larger walled garden model, seems mistaken. Encryption is a part of having a walled garden, especially when the whole point of a walled garden is creating a space where it is safe and easy to live online.
Plus, it seems law enforcement in this country is absolutely obtuse that the walled garden does provide law enforcement access in the Cloud, and they ought to be thrilled that the best encryption product in the world entails making metadata — and for users using default settings, as even Syed Rizwan Farook seems to have been — content readily available to both PRISM and (Admiral Rogers made clear) USA Freedom Act. That is, Apple’s walled garden does not preclude law enforcement from patrolling parts of the garden. On the contrary, it happens to ensure that American officials have the easiest ability to do so, within limits that otherwise ensure the security of the walled garden in ways our national security elite have been both unwilling and even less able to do.
But there’s one more big problem with the fanciful notion you can build a business model that doesn’t allow for encryption: Signal is free. The best app for encrypted calls and texts, Signal, is available free of charge, and via open source software (so it could be made available overseas if Jim Comey decided it, too, needed to adopt a different business model). The attempt to measure in value what value encryption adds to a handset is limited, because someone can always add on top of it their own product, so any marginal value of encryption on a handset would have to make default encrypted device storage of additional marginal value over what is available for free (note, there is a clear distinction between encrypting data at rest and in motion, but the latter would be more important for anyone conducting nefarious actions with a phone).
Finally, there’s one other huge problem with Comey’s presumption that he should be able to dictate business models.
Even according to this year’s threat assessment, the threat from hacking is still a greater threat to the country than terrorism. Apple’s business model, both by collecting less unnecessary data on users and by aspiring to creating a safe walled garden, offers a far safer model to disincent attacks (indeed, by defaulting on encryption, Apple also made iPhone theft and identity via device theft far harder). Comey is, effectively, trying to squelch one of the market efforts doing the most to make end users more resilient to hackers.
The only model left–that could offer a safer default environment–would effectively be an AT&T model pushed to its limits: government ownership of telecoms, what much of the world had before Reagan pushed privatization (and in doing so, presumably made the rest of the world a lot easier for America to spy on). Not only would that devastate one of the brightest spots in America’s economy, but it would represents a pretty alarming move toward explicit total control (from what it tacit control now).
Is that what former Hedgie Jim Comey is really looking to do?
One final point. While I think it is hard to measure marginal value of encryption, the recent kerfuffle over Kindle makes clear that the market does assign value to it. Amazon dropped support for encryption on some of its devices last fall, which became clear as people were no longer able to upgrade. When they complained in response, it became clear they were using Kindles beyond what use Amazon envisioned for them. But by taking away encryption users had already had, Amazon not only made existing devices less usable, but raised real questions about the CIA contractor’s intent. Pretty quickly after the move got widespread attention, Amazon reversed course.
Even with a company as untrustworthy and data hungry as Amazon, removing encryption will elicit immediate distrust. Which apparently is not sustainable from a business perspective.
Even before the government obtained an All Writs Act ordering Apple to help back door Syed Rezwan Farook’s phone, it had arranged with a former judge to submit a brief on behalf of the victims of the attack, supporting the government’s demand. Yet not all victims agree. The husband of a woman shot three times in the attack, Salihin Kondoker, has submitted his own letter to the court in support of Apple’s stance. In it, he provides support for a point I was among the first to make: that the phone isn’t going to provide much information about the attack, in large part because it was a work phone Farook would have known was being surveilled.
In my opinion it is unlikely there is any valuable information on this phone. This was a work phone. My wife also had an iPhone issued by the County and she did not use it for any personal communication. San Bernardino is one of the largest Counties in the country. They can track the phone on GPS in case they needed to determine where people were. Second, both the iCloud account and carrier account were controlled by the county so they could track any communications. This was common knowledge among my wife and other employees. Why then would someone store vital contacts related to an attack on a phone they knew the county had access to? They destroyed their personal phones after the attack. And I believe they did that for a reason.
It’s a question no one asked Jim Comey earlier this week when he testified before the House Judiciary Committee.
Curiously, Kondoker (who explains he has attended briefings the FBI has held for victims) alludes to information the FBI is currently ignoring.
In the weeks and months since the attack I have been to the FBI briefings that were held for victims and their families. I have joined others in asking many questions about how this happened and why we don’t have more answers. I too have been frustrated there isn’t more information. But I don’t believe that a company is the reason for this.
In the wake of this terrible attack, I believe strongly we need stronger gun laws. It was guns that killed innocent people, not technology. I also believe the FBI had and still has access to a lot of information which they have ignored and I’m very disappointed in the way they’ve handled this investigation.
I’m really curious what that is — and why Jim Comey, who promises he would never ignore a lead, isn’t ensuring it gets chased down?