5 Things Wrong With the Burr-Feinstein Anti-Encryption Bill
Open Letter By Tech Industry Associations Calls The Burr-Feinstein Anti-Encryption Proposal 'Unworkable'

The Information The FBI Found After Unlocking The San Bernardino Attacker's iPhone

Federal Bureau of Investigation logo Remember the Federal Bureau of Investigation (FBI) lawsuit using a 227-year-old-law to force Apple Inc. to build "back door" software to unlock an iPhone in California? The FBI said it couldn't unlock the phone, claimed the iPhone had important information on it, but later withdrew its lawsuit after it hired an unnamed third party to hack the iPhone. All of of this, you're probably wondering what information the FBI found on that unlocked iPhone.

Guess what they found? Nothing. Nadda. Zilch. Zip. Squat. CNN reported:

"Hacking the San Bernardino terrorist's iPhone has produced data the FBI didn't have before and has helped the investigators answer some remaining questions in the ongoing probe, U.S. law enforcement officials say... Investigators are now more confident that terrorist Syed Farook didn't make contact with another plotter during an 18-minute gap that the FBI said was missing from their time line of the attackers' whereabouts after the mass shooting... The phone didn't contain evidence of contacts with other ISIS supporters or the use of encrypted communications during the period the FBI was concerned about."

More confident? Either you're confident or you aren't. That's like being pregnant. You can't be more pregnant. But hey... you gotta love those unnamed sources. Sometimes they're accurate, and other times not.

Let's translate this into plain English. The attacker's phone contained nothing, which the FBI spun as valuable. Wow! That's like saying the bulk collection (e.g., spying) of all U.S. citizens' phone calls and emails was valuable because not finding anything proved they were not doing anything criminal.

Wow! The arrogance. The waste of time, money, and resources. It takes a brass set of balls to spin crap like this and keep a straight face.

Yet, the legal wrangling ain't over. An FBI versus Apple lawsuit in Brooklyn continues. And, as CNN reported:

"Apple and the FBI are squaring off again Tuesday in testimony at a House hearing on encryption..."

Yesterday's blog post discussed everything that is wrong With the Burr-Feinstein draft anti-encryption proposal circulating the U.S. Senate. The FBI must be feeling pretty cocky, since two Senators have its back while ignoring the consequences.

What are your opinions?


Feed You can follow this conversation by subscribing to the comment feed for this post.

Chanson de Roalnd

Let's correct the record: The FBI never said that there was or would be information on the late Mr. Farook's iPhone that would be valuable for either their law enforcement or intelligence investigation of the San Bernardino terrorist attack. What the FBI said was that there was a reasonable basis, probable cause, for believing that there could be information on Mr. Farook's iPhone that would be important to their investigation. That was certainly true beyond any reasonable dispute. And when the U.S. Attorney for the Central District of California presented his evidence of indisputable probable cause, the U.S. Magistrate hearing the matter properly authorized a search warrant.

The issue that arose is whether a federal court could use the All Writs Act (Act) to order Apple, an uninvolved and innocent third party, to use its resources and skill and bear the burden of writing a version of iOS, which has been referred to as GovtOS, that unlocked Mr. Farook's iPhone by removing iOS's security protections. That legal issue has nothing to do with whether there was or would ever be anything of investigative value on any computing device. That is irrelevant, because an investigator never knows what he will find by investigating; if he did know, there, of course, would not be any need to investigate. So whether or not the investigation discovers use information is also irrelevant to the issue of whether a court may use the Act to order a person, in the circumstances present in the San Bernardino case, to write a version of its operating system, here GovtOS, that removes certain critical security features of his/its operating system, so that the government could then decrypt Farook’s iPhone to investigate whether there was any information on it that would be useful for its investigation.

The issue, after a law enforcement agency establish probable cause to search, seize, monitor, and/or record information from a computing device is not whether the execution of the warrant is likely to discover information that is useful for the investigation but whether the Act may be used, under the circumstances present in San Bernardino, to require Apple or anyone to write GovtOS, whether on not the use of GovtOS would discover any useful information. The question is whether the investigation and its means were legal. The results of the investigation are irrelevant to that question.

That is why Apple's lawyers never argued in their court papers, though they did for public persuasion, that Mr. Farook's iPhone wasn't likely to have any useful information on it. Had they done so, the judge and the government would have properly said: So what? The judge would have reminded Apple's lawyers that the issue before the court, once probable cause was established, as it had been, was whether her order was lawful, regardless of what the FBI would or would not discover on Mr. Farook's iPhone.


Breaking news about where our tax dollars were spent:

FBI Paid More Than $1 Million to Hack San Bernardino iPhone


Chanson de Roland

For an investigation of that kind, which probably ranged across several continents and nations, which investigated the attackers’ histories and associates from puberty or earlier and their families and their beliefs overtime, all of their communications, which performed a thorough forensic psychological analysis, which traced all of their weapons right to their place and time of manufacture, and which did anything else that might be useful in knowing exactly who the attackers were, what the two attackers did, why they attacked, what means and instrumentalities that they used, what assistance, if any, they had, and the great many agents and other intelligence resources used, one million dollars was probably only a fraction, and a minor fraction, of the total cost of investigating the San Bernardino attack. And if the NSA had to reposition a satellite to aid in the investigation, a million dollars would be an infinitesimal cost. So I am sure that the Editor doesn't means to say that a million was too much to pay for decrypting Mr. Farook’s IPhone or that the United States should be deficient in paying whatever cost and employing whatever resources might discover the full truth of the San Bernardino attack and help protect against future attacks.

But I suppose FBI Director Comey's statement, which implied that the FBI had to pay more than a million dollars to have a third party decrypt Mr. Farook's, the San Bernardino attacker's, iPhone, was that, if Apple had cooperated, it would have costs the taxpayers nothing to decrypt Mr. Farook's iPhone.


Several thoughts on the $1 million (or the $1.3 million) cost paid by the F.B.I. to an unnamed third party to unlock the San Bernardino attacker's iPhone:

1. Consumers have a right to know how their money is spent, and if it is spent wisely.
2. Hard to know if this cost is a bargain or not. If the unlocking method can be used elsewhere, then it probably was a bargain.
3. Lack of disclosure about unlocking method makes judgment in #2 difficult to impossible.
4. If law enforcement invested now in its own unlocking methods, then it could save itself (and taxpayers) a lot of money in the longer term.
5. Lack of disclosures makes it difficult to judge #4 and if taxpayers' money is well spent.
6. One wonders how much the All Writs lawsuit(s) costs, continues to cost, and will cost if ever finished.
7. A noted economist once said, "There is no free lunch." If law enforcement is successful with getting Congress to pass the CCOA, then the continual investigative and unlocking/hacking costs have been shifted to tech companies, who will pass the costs on to consumers to maintain profitability. Is that what consumers want?
8. Is #7 the best method or appropriate, if one is interested in tracking the total costs of government security and surveillance?
9. Where is the public discussion about #7 and #8?


Chanson de Roland

The Editors' desire to know how the government's money is spent, know the methods that our intelligence and law enforcement agencies use to investigate and to gather intelligence, and know the results of the FBI's investigation, while perhaps appropriate in other contexts is utter folly here and has no basis in law or in any historical precedent. To wit: Neither the American people, nor any people, have a right or have ever had the right to know their intelligence and law enforcement agencies' sources and methods of investigation and intelligence gathering. In fact, the federal FOIA statute, as well as even state FOIA statute that I am acquainted with, exempt investigation and, at least in the case of the federal government, intelligence gathering from the scope of their respective FOIA acts.

And the exemption of investigative and intelligence methods is not merely a well established legal precedent in both case law and statute; the reasons for that precedent are simply common sense. If either criminals or foreign powers knew the sources and methods of U.S. law enforcement and intelligence agencies, then they could easily counteract those sources and methods, including, in some cases, killing informants and undercover officers. So, though it does prevent the public from closely monitoring how their money is spent and the goals and effectiveness of that spending to investigate crime and gather intelligence, it is essential that at least certain sources and methods of investigation and intelligence gathering remain secret. Therefore the Editor's objections, supra, 1 thru 7, are impractical at best and would in most cases be absurd and dangerous, exposing both our or any nation to grave danger, as its law enforcement was greatly impaired and its intelligence gathering ceased to be effective.

However, a further word about the Editor's objections 4, 6, and 7, supra. As regards 4: No one, who does not have the appropriate security clearance and the need to know, knows whether some agencies of the United States could have unlocked Mr. Farook's iPhone. But you can rest assured that principally the NSA and other agencies of the United States have developed, are enhancing, and will continue to develop and enhance the means to unlock and decrypt devices of all kinds, so as to rely on their own methods to unlock and decrypt devices, resorting to third parties only when it is necessary or advisable to do so for any variety of reasons, such as intelligence tactics or the need to exploit unique third-party expertise.

However, on the specific and related question of whether some agencies of the U.S. government could have or even did breach Mr. Farook's iPhone but, for reasons of national security and under the direction of the appropriate Director or the President, chose not share those capabilities and the collected intelligence with the FBI, that is unknown to the public and probably should remain unknown. But that it is unknown does not mean that U.S. intelligence and law enforcement agencies don't have and aren't continuing to develop their own sources and methods for unlocking and decrypting devices. But, for the reasons that I explained, supra, they won't, can't, shouldn't, and don't have any obligation to disclose their sources and methods to the public.

As for 6: The cost of going to court to execute duly obtained authority to seize, search, monitor, and/or record information from devices and obtain order pursuant to the All Writs Act in aid of that execution is always ongoing and has always been a continuing costs of governing and specifically a cost of law enforcement and intelligence gathering. But that is the costs of law enforcement and intelligence gathering in a democratic republic. Indeed, we should be more concerned, if and when our intelligence and law enforcement agencies don't go to court, where an independent judge can examine what they propose to do and require and compel them to operate within the bounds of the U.S. Constitution and subordinate laws promulgated thereunder. Of course, we could save a little money by dispensing with the courts and letting the law enforcement and intelligence agencies determine the legality of their own acts, but I think that most of us would consider such a gross violation of the U.S. Constitution and the agencies becoming a law unto themselves to be undemocratic and a jeopardy to liberty. So the cost of having to petition a court for orders pursuant to the All Writs Act is money that is well spent to protect our liberty and defend and comply with our constitution’s provisions and mandates.

Objection 7 is the easiest to dispense with because, in either their role as consumers or in their role as taxpayers, Americans are going to pay in any and either event. The only questions are which means of payment is most efficient for achieving the desired goal and in a manner consistent with law and national interests. Given that, I think that the law and legal precedents have already devised the right solution in principle. To wit: Where the government has the capacity to act in a practical way on its own to carry out its ministerial function of investigating crime, it must do so; where, however, it does not, and a person, natural or juridical, has the ability to aid the government, has some nexus to the investigation, such as manufacturing the device to be unlocked, and can be ordered to aid the government without incurring and undue burden and without violating any of its other rights, then the court may order that person to aid the government, with the government paying just and reasonable compensation for that assistance. But, either way, either as consumers or as taxpayers, Americans will pay. So objection 7 only has merit, if we are content to dispense with the U.S. Constitution.

So how do we, in such necessary circumstances of secrecy, know that are taxes are being well and wisely spent? Well, here is where we must rely on a particular feature of republican government: That of choosing the right people, the right president, members of the Congressional intelligence committees, the right heads of the intelligence and law enforcement agencies, choosing the right judges, and the right members of the U.S. Senate who must give their advice and consent to nominations of our federal judges and of each head of our intelligence and law enforcement agencies. Though it would be preferable to disclose the source, methods, and results of investigations and intelligence gathering to the public, that is would be dangerous folly, so choosing the right representatives and holding them accountable for the results of their actions is all and the best that we can do.

The comments to this entry are closed.