Enlarge/ Then FBI Director James Comey participates in a news conference on child sex trafficking at FBI headquarters, June 23, 2014 in Washington, DC. Mark Wilson / Getty Images News

The Department of Justices internal watchdog, the Office of the Inspector General (OIG), has concluded that the FBI may have overstepped when it failed to exhaust internal options before pressing ahead in a high-profile 2016 legal clash with Apple.

The OIG issued a 17-page report on Tuesday, which describes the FBIs actions two years ago during the so-called "FBI v. Apple" showdown. That case centered around the FBIs attempt to unlock the iPhone 5C used by Syed Rizwan Farook, the man behind a terrorist attack in San Bernardino, California, in December 2015.

"We believe [the Cryptologic and Electronics Analysis Unit] should have checked with [Operational Technology Divisions] trusted vendors for possible solutions before advising OTD management, FBI leadership, or the [US Attorneys Office] that there was no other technical alternative and that compelling Apples assistance was necessary to search the Farook iPhone," the report states.

The case began in March 2016, when a Los Angeles-based federal prosecutor initially got a federal magistrate to sign off on a court order that would have forced Apple to re-engineer the firmware on this particular iPhone 5C so that an unlimited number of passcode entries could be attempted, instead of the 10 allowed by Apple. The iPhone maker forcefully argued both in court filings and in public that such an unprecedented order was going too far.

In the end, the high-profile court hearing was called off the day before the two sides were set to appear before the magistrate, as the FBI said it was able to gain access to the iPhone's contents. FBI Director James Comey later suggested that his agency paid more than $1.3 million to an unnamed company to unlock the iPhone 5C. It is still unknown what useful information, if any, was gleaned from the device.

Additionally, the OIG also found that when then FBI Director James Comey swore up and down in Congressional hearings that there was no alternative but to force the issue in court—it wasnt entirely true.

"We have engaged all parts of the US government to see, does anybody have a way, short of asking Apple, to do it, with a 5C running iOS9, and we do not," Comey told Rep. Darrell Issa (R-Calif.) during a March 1, 2016 hearing.

However, the new OIG report reveals that by February 11, the head of yet another FBI group—known as the Remote Operations Unit—had been in touch with a vendor that "he worked closely with [who] was almost 90 percent of the way toward a solution that the vendor had been working on for many months, and he asked the vendor to prioritize completion of the solution." In short, weeks before Comeys testimony before Congress, the FBI actually did know of a technique that was nearly all the way there.

Still, the report seems to tiptoe around this point.

During Comeys February 9 and March 1 testimonies, OIG continues: "the FBI was not in the possession of any means to access the data on the Farook iPhone and believed assistance from Apple would be required to accomplish this. We further found that [Executive Assistant Director] Hesss April testimony to the effect that rapidly changing technology was a reason that the FBI was not able to exploit the iPhone without assistance was accurate."

Matthew Green, a well-known cryptography professor at Johns Hopkins University, tweeted his frustration with the FBI on Tuesday.

I dont expect the FBI to have perfect internal communications all the time. Unless theyre making a massive, unprecedented request to Congress, the courts, and the American people. Then they dont get to do things halfway.

— Matthew Green (@matthew_d_green) March 27, 2018

The OIG report concludes by noting that the FBI "is taking further steps" to mitigate such confusion in the future and will "add a new section" to "consolidate resources to address the Going Dark problem."

Apple declined to comment on the report.

Original Article

[contf] [contfnew]

Ars Technica

[contfnewc] [contfnewc]


Please enter your comment!
Please enter your name here