Did the FBI engineer its iPhone encryption court showdown with Apple to force a precedent? Yes and no, say DoJ auditors
Official report blows lid on behind-the-scenes
Analysis On December 2, 2015 Syed Farook and his wife Tashfeen Malik attended his employer's holiday party in San Bernardino, California – and without warning started indiscriminately shooting at fellow employees.
Four minutes and 75 bullets later, 14 people were dead and 17 injured. Farook and Malik fled the scene but were located by the police four hours later and died in the resulting gunfight.
The attack stoked fears of Islamic extremism within the United States but the shooting has become renowned for a different reason: a showdown between the FBI and Apple over access to Farook's mobile phone.
Now a new report [PDF] by the US Department of Justice's internal inspector general, published Tuesday, has blown open the case and indicates the FBI might have been trying to play Apple for a patsy.
The truth is out there
The report title is remarkable in itself: "A Special Inquiry Regarding the Accuracy of FBI Statements Concerning its Capabilities to Exploit an iPhone Seized During the San Bernardino Terror Attack Investigation."
Which could perhaps be more accurately titled: "Did the FBI lie about not being able to break into a terrorist's phone in an effort to win a legal precedent granting it access to everyone else's digital devices?"
And the answer is, remarkably, yes and no.
Two months after the attack, on February 9, 2016, the FBI announced it was unable to unlock one of the phones it had recovered from the couple's home - an iPhone 5C running iOS 8 - because of its security features.
Those features had been introduced in a recent update of the phone's operating system and included an auto-delete function if the wrong passcode was typed in too many times.
Hand it over. No
The FBI asked Apple to create a new version of its operating system to install on the phone and enable it to bypass the security features. Apple refused. So the FBI responded by getting a court order that demanded Apple create and supply the software workaround.
Apple again refused and decided to go public with its concerns, sparking a public feud and even wider public debate between privacy and security in the modern digital world.
In the end, the issue was resolved the day before a crunch court hearing when the FBI said it had found a third-party solution to cracking the phone and no longer needed to force Apple to break its own encryption.
The timing of that last-minute back down raised suspicions that the FBI had engineered the showdown to create a legal precedent that would force US companies to give it backdoor access to everyone's digital devices now and in the future.
In the prior months, the FBI had been increasingly vocal about the need to be able to access everyone's phones for security reasons. Its director repeatedly warned about criminals "going dark" and evading law enforcement's efforts to track them down. Was the San Bernardino shooting the perfect test case? After all, who could argue against tracking down terrorists?
It wasn't just technologists that had their suspicions, it turns out. As the DoJ report makes clear, the FBI's own Executive Assistant Director (EAD) Amy Hess was concerned that staff within the FBI had withheld knowledge about being able to crack the phone. She was especially concerned because she gave testimony to Congress in which she stated that the FBI did not have the ability to crack the phone – and that was why it had taken Apple to court.
Concerns over FBI civil war
On August 31, 2016 – five months after the FBI announced it could unlock the phone – the DoJ's internal watchdog the Office of the Inspector General (OIG) received "a referral from the FBI Inspection Division after former EAD Hess expressed concern about an alleged disagreement between units within the FBI Operational Technology Division (OTD) over the 'capabilities available to the national security programs' to access the Farook iPhone following its seizure."
In other words, she had found out that people may not have been entirely honest with her and someone in the FBI was concerned enough to report it to the DoJ.
The OIG says it "conducted inquiries" into the question, including interviewing "relevant key participants" and outlines what it found in its report. It doesn't say when those interviews happened or why it has taken 18 months to finish up and publish the report.
The report concludes that FBI officials did not lie to Congress in their testimony because what they said was true at the time. That is a key finding in that it backs up the FBI's claim that it was not able to access the phone at the time; anything else would have indicated that the FBI knowingly misled Congress and the public in an effort to grant itself new powers. Which would be an explosive situation.
Fortunately we are not a police state yet. But the report does flag some very disturbing conversations and inconsistencies that appear to point quite clearly to the fact that the FBI made the most out of the situation and may have done its best not to find out if some parts of the FBI were able to crack the phone in order to pursue its legal case.
The key to understanding what went on behind the scenes is in making sense of the FBI's internal structures.
The report notes there was a communication issue between two key departments: the Cryptographic and Electronic Analysis Unit (CEAU) and the Remote Operations Unit (ROU).
Prepare for alphabet soup
The CEAU sits within the Digital Forensics and Analysis Section (DFAS) of the FBI and the ROU sits within the Technical Surveillance Section (TSS) of the agency. And both the DFAS and TSS sit within the Operational Technology Division (OTD) of the FBI.
As with any organization, these additional layers of bureaucracy create communication barriers. But the key thing to understand is that while both CEAU and ROU work on cracking digital devices (among other things), the ROU spends more time on issues of national security and CEAU does more everyday law enforcement.
It fell to the CEAU to try to break into Farook's phone and it didn't have the tools to do so, and reported that back to FBI leadership. Pretty soon, however, the issue became much bigger and the FBI started considering pressuring Apple to force it to give the FBI access to iPhones.
It appears that at that point, FBI leadership went back to the CEAU and asked it to make sure that no one in the FBI was able to crack the phone. It is here that the DoJ report says there was a communication breakdown – but raises the question as to whether that breakdown was inadvertent or deliberate.
A logical department to have asked if it had a crack was the ROU. But it turns out that there was never a direct request to the ROU – with senior officials claiming that it was simply assumed that the ROU would be approached during an agency-wide request for help. The report notes it received "conflicting testimony" on this critical aspect.
The ROU for its part says that it wasn't forthcoming with what it had because it has a longstanding rule that it does not use its tools for anything but national security cases – and the San Bernardino shooting was explicitly being pursued as a criminal matter.
As it turns out – at least according to the DoJ report – the ROU didn't have a crack for the relevant operating system, iOS 8. But what it did have was a relationship with a third-party (assumed to be Israel-based Cellebrite) that it knew was "90 per cent" of the way to cracking the operating system.
The 'poster child' case for going dark
The ROU finally got onboard with cracking Farook's iPhone, its officials say, when they saw FBI director James Comey testifying in Congress about how the FBI could not access the phone and was doing everything in its power to do so.
ROU approached Cellebrite (the company is not named in the report) and asked it to focus on the iOS 8 crack – which it subsequently did. According to the report, Cellebrite told the FBI it had a solution on March 16, 2016.
It then demonstrated the crack to FBI leadership four days later, on March 20, and the FBI notified the court the very next day. One week later – March 28 - it formally filed in court to drop the case against Apple. We later learned that the FBI had paid approximately $1m for the crack – and found nothing of interest.
So that's the explanation: poor communication between departments, followed by a scramble, followed by the FBI doing the right thing.
Except...
Except this part of the report: "After the outside vendor successfully demonstrated its technique to the FBI in late March, EAD Hess learned of an alleged disagreement between the CEAU and ROU Chiefs over the use of this technique to exploit the Farook iPhone."
What was the disagreement? "The ROU Chief wanted to use capabilities available to national security programs, and the CEAU Chief did not. She became concerned that the CEAU Chief did not seem to want to find a technical solution, and that perhaps he knew of a solution but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple."
In an interview that Hess gave with the DoJ investigators she told them that the Farook phone had become "the 'poster child' case for the Going Dark challenge."
Frustration
The investigators dug into that concern and found that "CEAU did not pursue all possible avenues in the search for a solution." What's more, the person in question, the CEAU Chief – who is not named in the report – told investigators that he was "frustrated that the case against Apple could no longer go forward, and he vented his frustration to the ROU Chief."
Presumably because he knew the ROU Chief would relay his version of the conversation, the CEAU Chief also "acknowledged that during this conversation between the two, he expressed disappointment that the ROU Chief had engaged an outside vendor to assist with the Farook iPhone, asking the ROU Chief, 'Why did you do that for?'"
Further: "According to the CEAU Chief, his unit did not ask CEAU's partners to check with their outside vendors. CEAU was only interested in knowing what their partners had in hand – indicating that checking with 'everybody' did not include OTD's trusted vendors, at least in the CEAU Chief's mind."
It is here that the DoJ report inserts a rare piece of opinion – the rest of the report is largely an objective report of what people said – when it says: "We believe CEAU should have checked with OTD's trusted vendors for possible solutions before advising OTD management, FBI leadership, or the USAO that there was no other technical alternative and that compelling Apple's assistance was necessary to search the Farook iPhone."
And in an unusual addition, given the fact that the rest of the report directly quotes and sources all its information, the DoJ report then quotes anonymous "other information" that points to the CEAU going out of its way not to find a crack.
"We obtained other information suggesting that not everyone within OTD was on the same page in the search for a technical solution to the Farook iPhone problem, including varying testimony from OTD managers on whether there was a dividing line discouraging collaboration between the units that predominately do criminal and national security work in OTD," the report notes.
Upshot
In summary: did the FBI lie about its capabilities in an effort to try to force Apple into an impossible situation so it could gain a legal precedent for accessing all digital devices? No, it did not.
But did some elements within the FBI try to make the most of a bad situation, including not looking hard enough for a possible solution, in order to push the issue in the courts? Yes, they did.
Let's be honest, we all knew that's what was happening. But it is gratifying to read it in an official report, and it is good to see that FBI leadership was sufficiently concerned about having potentially lied to Congress that it subjected itself to an investigation to clear things up. That level of integrity appears to be in dangerously short supply in Washington right now.
It should be noted, however, that the FBI has not given up its efforts to be granted access to every phone. It appears to be simply biding its time until the next San Bernardino tragedy. ®