OIG report on San Bernardino iPhone case criticizes FBI

OIG report on San Bernardino iPhone case criticizes FBI

A new report by the Department of Justice's Office of the Inspector General revealed poor communication and suspicious motives behind the FBI's court

Reality Winner, N.S.A. Contractor, Sentenced to 5+ Years in Leak Case
Bad Actors Sizing Up Systems Via Lightweight Recon Malware
Infosec mental health support and awareness hits Black Hat 2018

A new report by the Department of Justice’s Office of the Inspector General revealed poor communication and suspicious motives behind the FBI’s court order regarding the San Bernardino iPhone case.

The OIG said a dividing line in the FBI created poor communication and caused confusion as the FBI took Apple to court for an iPhone encryption bypass. According to the OIG, former FBI Director James Comey and other FBI personnel were not lying when claiming the agency did not have the capability to unlock an iPhone owned by the San Bernardino shooter, despite an FBI vendor that was “almost 90 percent of the way toward a solution” at the time.

In December 2015, Syed Rizwan Farook killed 14 people in San Bernardino, Calif., but the FBI was unable to get access to Farook’s iPhone because the device was passcode protected and would auto-erase after 10 failed login attempts. In an attempt to gain access to the device, the government took Apple to court to compel the company to create specialized software to bypass the San Bernadino iPhone’s encryption, sparking the “going dark” debate over encryption security and the needs of law enforcement that continues to this day with “responsible encryption.”

During the course of the court hearings, Comey said the FBI could not unlock the San Bernadino iPhone without forcing Apple to help.

“We wouldn’t be litigating if we could,” Comey said during a congressional hearing in March 2016. “We have engaged all parts of the U.S. government to see, does anyone have a way — short of asking Apple to do it — with [an iPhone] 5c running iOS 9, and we do not.”

The OIG discovered that a vendor working closely with the FBI’s Remote Operations Unit (ROU) was working on an unlock method and was close to completing it. However, the OIG also determined that Comey had not lied when he said the FBI didn’t have the capability to unlock the San Bernardino iPhone.

The OIG report said the disconnect was due to a lack of communication;  Comey and the FBI’s Operational Technology Division (OTD) did not ask the ROU if this type of iPhone unlock method was available, and the ROU Chief explained this as an understood division within the FBI.

“In the ROU Chief’s view, the fact that he was not asked for help sooner was not a mistake in judgment or communication breakdown on [Cryptographic and Electronic Analysis Unit’s] part, but rather the result of a long-standing policy that the ROU Chief understood created a ‘line in the sand’ against using national security tools in criminal cases,” the OIG wrote in its report. “From the time he had become the unit chief in 2010, he was told that ROU’s classified techniques could not be used in criminal cases. He said that this dividing line between criminal and national security became part of the culture in OTD and inhibited communication between the criminal and national security components in [Digital Forensics and Analysis Section] and [Technical Surveillance Section].”

Matthew Green, a cryptography expert and professor at Johns Hopkins University, noted in a thread on Twitter that the timeline of events is especially important to consider.

“Keep in mind that the testimony [of former director Comey] occurred on March 1. While the effort to engage a contractor (who already had a 90% solution) was initiated on February 11. The solution was found March 16 and a working demo of the tech was given on March 20,” Green wrote. “When professional exploit devs tell a government customer that they have 90% of an exploit (chain), that means they already have a very high confidence that things will work.”

The OIG said it believed FBI leadership relied on briefings from Stephen Richardson, former assistant director of OTD, and previous Congressional testimony when determining the only path to unlocking the San Bernardino iPhone was a court order against Apple. It was not until a blanket call for options was put out that the ROU chief independently approached the vendor — suspected to be Cellebrite — about its iPhone unlocking tool.

Suspicious motives behind the Apple court case

However, even after the ROU chief presented the iPhone unlocking method there was “disagreement between the CEAU and ROU Chiefs over the use of this technique to exploit the Farook iPhone — the ROU Chief wanted to use capabilities available to national security programs, and the CEAU Chief did not.”

The OIG report said Amy Hess, former executive assistant director for the FBI, “became concerned that the CEAU Chief did not seem to want to find a technical solution, and that perhaps he knew of a solution but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple.”

The OIG claimed it did not find evidence to support this concern, rather “that CEAU did not pursue all possible avenues in the search for a solution.” However, it also noted the CEAU chief admitted to the OIG that he “became frustrated that the case against Apple could no longer go forward” after the San Bernardino iPhone unlocking method came to light.

“The CEAU Chief may not have been interested in researching all possible solutions and instead focused only on unclassified techniques that could readily be disclosed in court and that OTD and its partner agencies already had in-hand,” the OIG wrote. “We believe all of these disconnects resulted in a delay in seeking and obtaining vendor assistance that ultimately proved fruitful, and that as a result of the belatedly-obtained technical solution, the government was required to withdraw from its previously stated position that it could not access the iPhone in this critical case, and by implication in other cases, without first compelling cooperation from the manufacturer.”

Green added on Twitter that miscommunication doesn’t erase the history of the FBI looking to subvert device encryption in the name of public safety.

Recommended changes in the FBI

The FBI claimed it was “taking further steps to address the circumstances

that contributed to this incident,” according to the OIG report, but will not be backing down in its efforts to push for a way around device encryption.

“We were informed that the FBI intends to add a new section in OTD to consolidate resources to address the ‘going dark’ problem and improve coordination between the units that work on computer and mobile devices,” the OIG wrote. “We believe that such efforts to improve communication and coordination are worthwhile, and should help to avoid some of the disconnects we found occurred in this very important and high profile investigation.”

The OIG requested a status report on the FBI’s reorganization efforts within 90 days.

Go to Source

COMMENTS