FBI vs. Apple: Cancelled Hearing, Draft Legislation, New Decryption Capabilities, And An Outside Party
Late during the day on Monday, the government's lawyers got U.S. Magistrate Sheri Pym to cancel a Tuesday March 22 hearing between Apple and the FBI about an earlier court decision forcing Apple to unlock the iPhone used by one of the San Bernardino attackers. Apple did not object to the cancelled hearing. The FBI was ordered to file a status by April 5, 2016. The government filed court papers on Monday explaining why:
"On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook's iPhone. Testing is required whether it is a viable method that will not compromise data on Farook's iPhone. If the method is viable, it should eliminate the need for assistance from Apple Inc. set forth in the All Writs Act Order in this case."
So, on or before April 5 we will learn if this outside party successfully demonstrated the ability to unlock and decrypt information stored on this newer model iPhone without any loss of damage to the information stored on it.
Are these decryption capabilities a good thing? Ars Technica reported:
"Jennifer Granick, the director of civil liberties at the Stanford Center for Internet and Society, said that these new government decryption capabilities are not good for privacy and ever-expanding government surveillance. "The DOJ doesn't want bad precedent, and I think Apple had the better side in this argument," she told Ars. "Being able to hack helps DOJ for a while. Apple could upgrade beyond the capability..."
Meanwhile, two U.S. Senators have drafted proposed legislation giving federal judges broad powers to force technology companies like Apple to help law enforcement break into encrypted devices. Prior proposals died in Congress. The latest proposal was drafted by Senators Richard Burr (Rep.-North Carolina) and Dianne Feinstein (Dem.-California), leading members of the Senate Intelligence Committee.
Who is this mysterious outside party helping the FBI unlock and decrypt information on newer model iPhones? There has been speculation that the National Security Agency (NSA) was helping the FBI. One would expect the NSA to have the decryption capabilities. BGR explored this on March 4:
"... the NSA can hack into the device but that it doesn’t want to tell that to the FBI because it never likes to reveal what it’s capable of doing. If that were the case, however, why wouldn’t the NSA help the FBI behind the scenes before the FBI went public with its request for Apple’s assistance? And besides, as The Intercept notes, “courts have affirmed the NSA’s legal right to keep its investigative methods secret.” In fact, security experts explained to Wired earlier this week that the FBI could recruit the NSA to connect the iPhone 5c to a Stingray-like rogue cellular network as it’s booting up, which could give the agency the ability to control the device before it even gets to the unlock screen..."
However, Inverse reported on Thursday who else it might be and why:
"Sun Corporation, the company currently getting rich off public speculation that it can help the FBI break into the notorious San Bernardino iPhone was not always such a fierce competitor. While it’s seen the value of its stock rise 36 percent since Reuters reported that the FBI had enlisted its subsidiary, an Israeli-firm called Cellebrite, to unlock the iPhone..."
NPR reported that it might be a publicity stunt by Cellebrite. Will the FBI meet its April 5 deadline? The NPR report discussed a possible decryption approach:
"Computer forensics researcher Jonathan Zdziarski argues that because the FBI has asked courts for only two weeks to test the viability of the new method, it's likely not highly experimental. It's also likely not something destructive, like the "decapping" method that relies on physically shaving off tiny layers of the microprocessor inside the phone to reveal a special code that would let investigators move the data and crack the passcode. The idea that's garnering the most focus is something called chip cloning, or mirroring or transplantation..."
During a press conference on Friday, FBI Director James Comey wouldn't disclose the name of the outside party. USA Today also reported:
"Law enforcement officials Thursday threw cold water on two recent theories on how the FBI was attempting to hack into an iPhone used by one of the San Bernardino terrorists... FBI Director James Comey, in response to a reporter's question at a briefing, said making a copy of the iPhone’s chip in an effort to circumvent the password lockout “doesn’t work”... A widely discussed scenario in the security world, put forward by a staff technologist at the ACLU, has been that the FBI had found a way to remove crucial chips from the iPhone, make digital copies of them and then run multiple passcode attempts against the digital copies, while keeping the phone's software itself untouched. That would avoid tripping the self-erase program built into the iPhone..."
So, who is helping the FBI -- Cellebrite, the NSA, or both? Or another entity?
Another line of speculation is that the FBI has received assistance from the NSA and has decided to use Cellebrite as a false front. Why might this be true? It allows the FBI to reveal (some) investigation methods without revealing the NSA's real methods. I'm no legal expert, but if this is true, I can't see any judge being pleased about being lied to.
We shall see on or before April 5. What are your opinions? Speculation?