FBI’s “Outside Party” Revealed as Bureau Angles to Keep New Hack Secret

Israeli Tech Company Comes to the Rescue of the FBI

Preface by Pam Barker | TLB staff writer

In a situation that is increasingly making the FBI look technologically amateurish, it has turned to an Israeli company, Cellebrite, with whom it already has a contract, to figure out a way to unlock San Bernardino shooter Syed Farouk’s phone. This after insisting that only Apple could help it unlock the phone.

However, what that method is the FBI wants to keep classified.

Speculation is running rampant as to what it could be, and Apple, eager to find out what security flaw its product contains so as to fix it, may be able to find out under a legal process called the ‘equities review’ which comes into operation when the government discovers technical vulnerabilities of any kind.

The government may not be required to reveal the nature of the vulnerability, however, in cases where national security considerations trump those of a company or user, or where the vulnerability only exists by damaging the hardware. Ditto if the bug is difficult to exploit, little known about, or if there are few consequences for keeping it secret. Without a review, of course, the government would possess a secret method of rendering users’ phones vulnerable.

40FBIapple2mar2516

The FBI made this announcement just the day before it was due in court to press further for Apple’s assistance in unlocking the phone. Will the FBI back off in its legal battle now, or not? Will it be subject to an equities review and reveal what it knows? Apple meanwhile has garnered a great deal of public support over its resistance to the government at the expense of the FBI.

Enjoy Nadia Prupis’ article.

************

By Nadia Prupis

FBI is getting help from an Israeli software company in effort to unlock San Bernardino phone

The FBI wants to classify its new “alternate” method of unlocking the suspected San Bernardino shooter’s iPhone, keeping it secret even from Apple itself, according to new reporting.

The Guardian confirmed with government officials on Wednesday that the technique does enable the FBI to get into Syed Farook’s iPhone. That means the agency can back off from its legal battle with Apple, which has accrued widespread support from consumers and privacy advocates in its refusal to create decryption software.

The FBI made its announcement on Monday, a day before it was due in court to continue seeking an order to force Apple to unlock Farook’s phone, which Apple has said would weaken its users’ privacy rights.

However, “the government now has to be very cautious about when to use the method, which was provided by an ‘outside party’, according to court filings,” the Guardian’s Danny Yadron writes.

And according to additional reporting by Reuters on Wednesday, the “outside party” is an Israeli software company called Cellebrite, which creates, among other things, “a forensics system used by law enforcement, military and intelligence that retrieves data hidden inside mobile devices.”

40FBIapplemar12516

As The Verge notes, Cellebrite’s involvement in the case is not a total surprise. The company has “a sole-source contract with the FBI that it signed in 2013 specifically to help with mobile forensics and data extraction, exactly the task presented by the San Bernardino case,” writes Ashley Carman.

Carman explains:

[E]xperts speculate the attack is based on a NAND mirroring technique, which involves essentially copying the flash memory of the device so it can be restored after a lockscreen wipe. US Representative Darrel Issa directly asked FBI Director James Comey about the possibility of using this technique during a House Judiciary hearing last month. The bureau is now well aware of its existence, and there’s no reason to believe it won’t work on the iPhone 5C in question. Notably, this method will run into problems on phones with a Secure Enclave, ruling out any phones beyond the 5S.

Apple’s attorneys said Monday they would request the FBI inform them of the security flaw they discovered and how they were able to exploit it.

As Bloomberg explains, the FBI may in fact be subject to a little-known process called the “equities review,” which was created by the Obama administration to determine if security flaws should be disclosed.

“I do think it should be subjected to an equities review,” Chris Inglis, former National Security Agency (NSA) deputy director, told Bloomberg. “The government cannot choose sides in the tension between individual and collective security so the equities process should be run to put both on a level playing field.”

Nate Cardozo, staff attorney at the digital rights group Electronic Frontier Foundation, added, “The equities process is supposed to apply to anytime the government discovers, learns of, buys or uses vulnerabilities of any kind. If it’s anything where they’re attacking the phone in software, it would be subject to the equities review.”

At any rate, as civil liberties advocates said this week, the showdown between Apple and the FBI is far from over. Alex Abdo, an attorney with the ACLU’s Speech, Privacy, and Technology Project, wrote in a blog post published Tuesday that “[e]ven if the FBI gets access to the San Bernardino phone using the new method it is exploring, it is inevitable that the FBI will come knocking again,” particularly as Apple and other tech companies begin to bolster their existing security systems in response to consumer demand.

The FBI’s sudden discovery of the new hacking method also strains trust in the agency’s technical expertise, Abdo writes, adding, “We have already explained that a key premise of the government’s argument—that it would lose the data if it tried to guess the passcode too many times—was false. And now the FBI is acknowledging that its previous statements that only Apple could help may also have been wrong.”

Surveillance blogger Marcy Wheeler also noted that the Department of Justice (DOJ) has claimed at least 19 times that the only way it could get into Farook’s phone was with Apple’s help, a claim which security experts consistently disputed. And as digital rights group Fight for the Future said Wednesday, the DOJ never named Cellebrite as an option in its previous court filings.

Fight for the Future campaign director Evan Greer said the latest developments indicate that the FBI is backing down because it is losing public trust and is increasingly unlikely to set the precedent that Apple unlock an iPhone on the bureau’s command. “The FBI’s last minute excuse is about as believable as an undergrad who comes down with the flu the night before their paper is due,” Greer said. “They should come clean immediately, and admit that they mislead the court and the public, to avoid further damaging what’s left of their credibility.”

************

Original article

TLB recommends other articles and news items from Common Dreams.

Reference

http://www.bloomberg.com/news/articles/2016-03-23/thank-you-for-hacking-iphone-now-tell-apple-how-you-did-it

About the Author

Nadia Prupis is staff writer at Common Dreams

About the Contributor

TLB image Pam

Pam Barker is a TLB staff writer/analyst. She has an extensive background in the educational system of several countries at the college and university level as a teacher and administrator.

 

 

Be the first to comment

Leave a Reply

Your email address will not be published.


*