FBI Challenges Absolute Privacy

FBI Director James Comey discussed the scope of the tool they used to break the iPhone 5C and challenged the concept of absolute privacy in a talk Wednesday.

The method the FBI used to unlock the San Bernardino killer’s iPhone 5C does not work on newer models, FBI Director James Comey told a crowd of students on Wednesday night.

In a Q&A following a keynote address at Kenyon College’s Expectation of Privacy conference in Gambier, Ohio, Comey spoke vaguely but clarified that the tool, which the FBI purchased from a private party, would not work on an iPhone 6, or 5S.

Comey called it “a bit of a technological corner case,” in the sense that the tool the FBI has in its possession only works on “a narrow slice of phones.”

The law enforcement agency ended weeks of speculation and pumped the brakes on a legal tussle last Monday when it announced it was able to break into the iPhone that belonged to San Bernardino shooter Syed Farook without Apple’s help. The news hushed weeks of speculation over whether or not Apple should forcibly break its own crypto following a judge’s request in mid-February.

Comey told attendees at the biennial conference that there have been ongoing discussions within the government over whether or not they should share with Apple how the phone was cracked, adding that the FBI may ultimately tell the company, it just hasn’t decided yet.

“Should we tell Apple what the flaw is that we found?” Comey asked Wednesday, “If we do, then they’ll fix it and we’re right back where we’re started from.”

The FBI Director championed strong encryption early in his talk, but challenged any idea that the concept could be absolute. Comey claimed that as technology grows more ubiquitous, it’s bringing significant change to the way we think about liberty and security, but like he’s done in previous talks, he lamented the lack of public security in discussions around the issue of encryption.

“The notion that privacy should be absolute, or that the government should keep their hands off our phones, to me, just makes no sense to me, given our history and our values,” he said.

Comey reiterated several times that the tug of war with Apple was not an attempt to set a precedent and while he’s content the FBI was able to get into the phone, he hopes the conversation around encryption continues.

“Litigation is a terrible place to have a conversation, but it’d be a bad thing if the conversation ended,” Comey said.

The debate around encryption continues to mount, especially in wake of WhatsApp completing end-to-end encryption in its service earlier this week.

While the FBI has been inundated with requests from both local and state law enforcement to unlock devices over the last few months, Comey believes that both the FBI and the “private party” can succeed at keeping how it got into the phone under wraps.

“The people we bought this from, I know a fair bit about them, and I have a high degree of confidence that they’re very good at protecting this, and their motivations align with ours,” he said.

Experts like Bruce Schneier have argued that the FBI should disclose to Apple how it got into Farook’s 5C, because by not doing so, they’re opening a number of phones to attack.

Calling the debate around privacy a double-edged sword, Jonathan Zdziarski, an independent security researcher and forensics expert, wrote an open letter to Comey Thursday morning, urging the FBI to disclose to Apple how it broke into the phone.

“Given that it’s only a matter of time before a criminal finds the blueprint to this vulnerability, I urge you to consider briefing Apple of the tool and techniques used to access Syed Farook’s device,” Zdziarski wrote. “There is a way in which Apple can design their devices to be unhackable – even by them. Please let them do this, for the security and safety of our country,” he wrote.

So far the FBI has only opted to let a select number of government officials in on how it cracked the iPhone. A report in the National Journal this week claims that Sen. Dianne Feinstein (D-Calif.) is one of those few.

Feinstein, Vice Chair of the Senate Select Committee on Intelligence, was one of the first voices to urge Apple to comply with the court order back in February. At the time Feinstein was vehement in her request, and stressed that if Apple didn’t obey, she would lead legislation to force its hand.

According to the report Sen. Richard Burr (R-N.C.) the chairman of the Senate Intelligence Committee has been offered intel on the hack as well, but hasn’t taken it. Burr, like Feinstein, was up in arms over Apple’s decision from the get go.

Spurred by the Paris attacks and the San Bernardino shooting, the two are planning to release draft legislation, potentially as early as this week, that would compel judges to require technology companies, like Apple and Google, to assist law enforcement in cracking encrypted devices.

Controversy around the bill, made worse by an already gridlocked Congress, will prompt the White House reject public support for the legislation, Reuters reported today, suggesting stalemate over the issue will continue.

Suggested articles

Discussion

  • MajorLunaC on

    “The notion that privacy should be absolute, or that the government should keep their hands off our phones, to me, just makes no sense to me, given our history and our values" What, FBI history or US History? Because the Federal gov was originally given hardly any power (decentralization) originally, and was actually run strictly on donations. The values were always "independence", not "spy on me and control me for what you think is my own good" (more along the lines of King George). As for trusting them with the knowledge they gain from all this spying and anti-encryption attitude, the next article over says just how well they're managing that: https://threatpost.com/fbi-quietly-admits-to-multi-year-apt-attack-sensitive-data-stolen/117267/

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.