Did The DOJ Lie At The Beginning Of Its iPhone Fight, Or Did It Lie This Week?

from the gallantly-the-DOJ-chickened-out dept

Comey: We wouldn't be litigating it if we could [get in ourselves]. We've engaged all parts of the US government to see 'does anyone have a way -- short of asking Apple to do it -- with a 5c running iOS 9 to do this?' and we do not.

If you haven't asked that question, how can you come before this committee and before a federal judge and demand that somebody else invent something if you can't answer the question that your people have tried this? ... I'm asking who did you go to? Have you asked these questions? Because you're expecting to get an order and have somebody obey something they don't want to do and you haven't even figured out if you can do it yourself.

So now that there's been a little time to process the Justice Department's last minute decision to bail out on the hearing in the San Bernardino case, claiming it was because some mysterious third party had demonstrated a way to hack into Syed Farook's iPhone, it's becoming increasingly clear that (1) the DOJ almost certainly lied at some point in this case and (2) this move was almost entirely about running away from a public relations battle that it was almost certainly losing (while also recognizing that it had a half-decent chance of also losing the court case). Just replace "Sir Robin" with "the DOJ" in the following video.That said, there are still some things to clear up. First, did the DOJ lie? It seems pretty obvious that it must have. After all, it insisted earlier in the case, multiple times, that it had "exhausted" all other possibilities and "the only" way to get into the phone was with Apple's help. That's certainly raised some eyebrows The DOJ and its supporters, of course, will argue that "new shit has come to light, man," but that seems... doubtful. My first thought was that when the FBI said that it had been alerted to a way in over the weekend, it potentially was using the announcement from researchers at Johns Hopkins about a flaw in iMessage encryption. If so, that would be particularly bogus, since everyone admits that the vulnerability found would not apply to this case.However, there's now a ton of speculation going around about the likely method (and the likely third party ) that the FBI is probably using, involving copying the storage off the chip and then copying it back to brute force the passcode without setting off the security features or deleting the data. But, again, this possible solution isn't really new. Just a few weeks ago, during a Congressional hearing, Rep. Darrell Issa quizzed FBI Director James Comey about this very technique (which was so deep in the technical weeds, that many reporters and other policy folks were left scratching their heads):That video is worth watching, because Director Comey insists, pretty clearly, that there is no way to get into the phone:At that point Issa starts asking really technical questions about can't the FBI remove the data from the phone to make copies of the storage, putting it with the encryption chip, trying passcodes, and then reflashing the memory before the 10 chance are used up -- thus brute forcing the passcode without setting off the security features. As Issa notes:Comey is clearly befuddled by the questions and basically says that he's sure that his people must have thought about this, but he assumes that they're watching and if they haven't thought of this then they'll test it out. But, really, a few people had suggested similar things early on, so if that is the solution then it only adds weight to the idea that the FBI didn't do everything it could possibly do before running to the judge.Others have questioned the "two week" timeframe for the DOJ to issue a status report to the court, noting that a brand new solution would almost certainly take much longer to test thoroughly before using it on the iPhone in question.And then there's the other question: if the FBI really has tracked down a new "vulnerability" in Apple's encryption...so that Apple can patch it? Remember, the White House has told the various parts of the federal government that they should have a "bias" towards revealing the flaws so they can be patched...leaving a "broad exception for 'a clear national security or law enforcement need.'" It's pretty clear from how the DOJ has acted that it believes this kind of hole is a "law enforcement need."So, if the FBI really did figure out a vulnerability in Apple's encryption, it probably won't actually reveal it -- but I'd imagine that Apple's security engineers are scrambling just the same to see if they can patch whatever flaws there may be here,. And, again, that gets back to the point here: there aresome vulnerabilities in encryption schemes, and part of the job of security folks is to keep patching them. And one of the worries with the demand for backdoors is that the introduce a whole bunch of vulnerabilities that they're thenEither way, the DOJ's actions here are highly questionable, and it seems pretty clearly an attempt to save face. But the overall fight is far from over.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: all writs act, doj, encryption, fbi, forensics, iphone

Companies: apple