FBI Has Sights On Larger Battle Over Encryption After Apple Feud

An anonymous reader writes from a report via Bloomberg: FBI Director James Comey said the FBI is exploring how to make broader use of the hack, used to access a San Bernardino terrorist's encrypted iPhone, while bracing for a larger battle involving encrypted text messages, e-mails and other data. The tool could "in theory be used in any case where there's a court order" to access data on an iPhone 5c running Apple's iOS 9 OS, Comey told reporters in Washington on Wednesday. However, accessing content on a phone, known as "data at rest," is only part of the challenge that encryption poses for U.S. investigators. Software applications and other services that encrypts texts, e-mails and other information in transit over the Internet, known as "data in motion," are "hugely significant," especially for national security investigations, Comey said. He said criminals are increasingly using services that encrypt data in motion, and he didn't rule out litigation against companies such as WhatsApp. "WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house." As for whether or not there will be litigation against WhatsApp down the road, Comey says, "I don't know." The FBI is trying to figure out how to allow "law enforcement around the country with court orders to be able to use our tool," Comey said. It's "tricky," he said, because using the tool to help state and local criminal investigations could mean that it would have to be revealed in a court preceding if there isn't a procedure in place to prohibit testimony about how it works.

Comey needs to resign

[Gravis+Zero]

FBI Director James Comey needs to resign because he's made it very clear he does not have the American public's best interests in mind.

Re:Here's the problem.

[tlambert]

Before WhatsApp and the iPhone, there weren't any real obstacles. Given time and equipment, any physical safe can be opened.

It *can* be, but it won't be. John DOE, Petitioner v. UNITED STATES. 487 U.S. 201 (108 S.Ct. 2341, 101 L.Ed.2d 184).

"A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the prosecution in convicting him of a crime? I think not. He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe —- by word or deed."

The police did not subsequently obtain a warrant to break open the safe, because they could not produce probable cause that the safe contained the bank records which the police were seeking.

So no: there is no difference between encryption and a combination lock.

What's interesting, however, is that there is, likewise, no difference between a lockbox key and a fingerprint to unlock a phone. So if you are stupid enough to use a fingerprint lock, they can compel you to put your finger on the sensor.

The only difference here is that an iPhone is treated differently than a safe, because the iPhone isn't (yet) as secure as a safe, and the iPhone isn't (yet) treated as a container for data, rather than personal property. Obviously, the first time someone is smart enough to raise that precedent in an evidentiary hearing and get an iPhone hack in as an illegal search, things will go to hell for the police, and then for the FBI.

So for right now, I think they will use it only where they've used it so far: where the perp doesn't own the device, and the actual owner gives permission.

Of course, this means that, for most of the U.S., which buys their iPhone over time as part of agreeing to a service contract, until they go off contract, it's actually the telephone company which owns the iPhone, not the person in whose possession it happens to currently reside.

That should make a nice court case, as well: when the police go to the telephone company and obtain permission. Expect if e.g. AT&T actually grants permission, that the week following, there's going to be a LOT of new T-Mobile, Verizon, and Sprint customers.

I don't think that WhatsApp really understands what this means.

I think they do. I think they have a pretty damned good idea, in fact, having talked to a number of executive officers of the company personally about the issue.

Is this really what we want - for evidence of crimes to be unobtainable?

No.

In the "think of the children" argument you are making, this is what we want:

We want the police to arrest the child pornographers at the point of the creation of the pornography, prior to its distribution, and prior to the further abuse of the children in question. If they can't do that, then what good are they to anyone?

Great, you break into an iPhone, and find someone has a picture on it that was illegally created, and is illegal to posses. Big deal. For every copy you find, there are dozens or hundreds still out there. You haven't prevented the social harm by breaking into Guido The Child Perv's iPhone. You haven't even ameliorated it a bit, if Guido is a "leaf node" (i.e. he doesn't distribute the material himself).

Marching in after a crime has been committed and figuratively beating the crap out of the perpetrator, while the victim is still lying in a pool of blood is not a useful operation. It clearly does not prevent future victims, particularly for things like murder, where the penalty takes so freaking long to enact that someone can start by getting their GED and have multiple PhDs before they ever

Re:They deny there's a slippery slope...

[_KiTA_]

Slipperly slope nothing, they're leaping off the cliff. Their latest argument is that part time traffic court judges in bumfuck Nebraska should be allowed to authorize hacks to literally any/every computer everywhere.

Perhaps, I don't know, the FBI's job is SUPPOSED to be hard. Whenever they use that as an excuse to shit over everyone's rights I get more than a little wary.

Isn't the genie out of the bottle?

[wcrowe]

Somebody help me out here. Since pgp is, essentially, open-sourced, how do government agencies expect to regulate encryption? Even if they force this company or that company to give them a "back door", what is there to prevent someone from running their own app? Do they not realize that criminal and terrorist organizations are capable of easily building their own encryption applications?