Skip to main content

Analysis | The Cybersecurity 202: Barr ramps up encryption war with Apple over Pensacola shooter's phone

By Joseph Marks


with Tonya Riley
Attorney General William P. Barr just ratcheted up the government's fight against encryption.
Barr slammed Apple for its apparent refusal to help unlock unlock the devices of a Saudi air force student who opened fire last year at a U.S. military base in Pensacola, Fla. He said the strong encryption meant it took law enforcement five months to access evidence tying the shooter, Ahmed Mohammed al-Shamrani, to the terrorist group al-Qaeda in the Arabian Peninsula.
Barr presented the case as proof positive that the longstanding refusal by Apple and other tech firms to build in law enforcement access to encrypted communications is endangering Americans’ safety by allowing terrorists to recruit and plan operations in digital secrecy. Information on the devices helped launch a counterterrorism operation against an associate of Alshamrani in Yemen, Abdullah al-Maliki, Devlin Barrett reports.
“The bottom line: Our national security cannot remain in the hands of big corporations who put dollars over lawful access and public safety,” he said in a statement. “The time has come for a legislative solution.”
But Apple and other defenders of encryption drew the opposite conclusion about the case.
They focused on the fact that the FBI was able to ultimately get the information it needed without Apple's help. This, they say, proves there’s no need for Apple or other companies to give law enforcement a backdoor into its encryption – which, they say, would make everyone using these devices vulnerable to criminal hackers or U.S. adversaries, and make American products less competitive on the world stage.
It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoorone which will make every device vulnerable to bad actors who threaten our national security and the data security of our customers,” the company said. “There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations.”
The case provides a stunning example of how far apart the two sides have become in six years of battle. 

In this Jan. 13, 2020, file photo Attorney General William Barr speaks to reporters at the Justice Department. (AP Photo/J. Scott Applewhite, File)
Barr didn’t say how the FBI got into the Pensacola shooter’s phone, but it was likely with the help of a company that offers hacking tools that exploit bugs that Apple doesn’t know about.
In many cases those tools can break through powerful encryption that shields people’s digital communications even from the company that runs the communications platform.
This is just confirmation that the FBI and the Justice Department have long had the ability to get into these phones. It just takes time and resources,” Hannah Quay-de la Vallee, senior technologist at the Center for Democracy and Technology think tank, told me.
Many encryption advocates say the FBI should focus on beefing up its resources to do this faster, versus forcing the companies to undermine their own security.
This marks the second time federal investigators have sought Apple’s help cracking into an encrypted iPhone but ultimately got in on their own. 
The FBI went to court in 2015 to try to force Apple to help it access the contents of an encrypted iPhone used by San Bernardino, Calif., shooter Syed Farook. But the bureau dropped its efforts when an unnamed company offered a hacking tool that could break in without Apple’s assistance.
Nevertheless, Barr and other law enforcement officials repeatedly called on Apple to help break through its encryption in the Pensacola case. At the same time, they acknowledged they’d largely given up on tech companies helping them voluntarily with encryption and were focusing on seeking legislation that forces companies to cooperate instead.

Attorney General William P. Barr and President Trump. (Jabin Botsford/The Washington Post)
Encryption defenders accused DOJ of using the Pensacola case to undermine confidence in the security protection. 
“Every time there’s a traumatic event requiring investigation into digital devices, the Justice Department loudly claims that it needs backdoors to encryption, and then quietly announces it actually found a way to access information without threatening the security and privacy of the entire world,” American Civil Liberties Union Senior Staff Attorney Brett Max Kaufman said in a statement.
“The boy who cried wolf has nothing on the agency that cried encryption.” 
But law enforcement defenders say the fact the FBI ultimately got into the phones doesn’t make up for the long delay.
“How would you have felt if it took us five months to figure out who flew into the World Trade Center?” former National Security Agency general counsel Stewart Baker told me. “That’s an unacceptable price to pay in a terrorism investigation and in many law enforcement investigations where capturing a kidnapper or murderer is going to be almost impossible after five months.”
Sen. Tom Cotton (R-Ark.) thrashed Apple on Twitter, accusing the company of “siding with terrorists over law enforcement”:
Despite Apple’s stonewalling, the FBI was finally able to access critical data from the iPhone of a terrorist. I applaud their determination & hard work. But it’s work that wouldn’t need to be done if Apple would ‘Think Different’ about siding with terrorists over law enforcement https://t.co/1eDehIou95
— Tom Cotton (@SenTomCotton) May 18, 2020
Proponents of law enforcement access to encryption say the tide is turning their way.
They point to a slew of scandals at major tech companies since 2016 that has stoked public distrust.
Barr and other top Justice Department officials have also refocused many of their public arguments on how encrypted systems allow extensive sharing of child pornography and other material that exploits children, which has helped rally support in Congress. A bill with bipartisan support would remove tech companies' liability shield for what their users share and post if they don't follow a new set of rules that could include weakening encryption.
There is a growing lack of patience among people who are not already ideologically committed to Silicon Valley on this issue,” Baker told me. “I’m of the opinion that Apple’s position doesn’t get stronger over time because the number of people whose lives have been touched in a way their encryption policies makes worse continues to grow.”
The coronavirus crisis could give a boost for the anti-backdoor movement.  
Public support for strong encryption might be strengthened as Americans are even more reliant on the Internet and their personal devices during the coronavirus pandemic.
The value of encryption grows as more of our lives move online and you just can’t not be online now,” Quay-de la Vallee told me. “So, the question of what’s the value of encryption just becomes clearer every day.”

The keys
Israel was responsible for a cyberattack that brought an Iranian port to a standstill this month, U.S. officials say.

The port at Bandar Abbas, Iran. (Dan Rosenbaum/British Royal Navy/AP)
The attack was presumably carried out in retaliation for an attempted hack into Israeli rural water distribution systems earlier this month, officials familiar with the matter told Joby Warrick and Ellen Nakashima.
If Israel was behind the attacks, it could lead to a dangerous escalation in hacking conflict between the regional enemies, Joby and Ellen report.
Officials also say the attack on Iran was more damaging than official accounts suggested. “There was total disarray,” said one official, who spoke on the condition that his identity and national affiliation not be revealed, citing the highly sensitive nature of the intelligence.
“Assuming it’s true, this is in line with Israeli policy of aggressively responding to Iranian provocation, either kinetically or through other means. Any time you see Iranian escalation… you have consistently seen Israeli retaliation," said Dmitri Alperovitch, a cybersecurity policy fellow at the Harvard Belfer Center and founder and former chief technology officer of cybersecurity firm CrowdStrike.
Sen. Marco Rubio’s temporary appointment as Senate Intelligence Committee chair puts a China hawk in the pivotal post. 

Sen.. Marco Rubio (R-Fla.). (Andrew Harnik/AP/Bloomberg News)
Rubio (R-Fla.) has pushed legislation to block U.S. relations with Huawei and other Chinese firms over spying concerns and clashed with the administration over its lax enforcement of policies to blacklist Huawei.
Vice Chairman Mark Warner (D-Va.), who has worked with Rubio on legislation to prevent Chinese security threats, commended his appointment. Reuters's Jonathan Landay:
SSCI Vice Chairman Mark Warner: “Senator Rubio has been a great partner on intelligence and national security issues and I look forward to working with him in his new role as Acting Chairman.”
— Jonathan Landay (@JonathanLanday) May 18, 2020
Senate Majority Leader Mitch McConnell (R-Ky.) appointed Rubio after Sen. Richard Burr (R-N.C.) temporarily stepped down from the post last week while he's being investigated for questionable stock trades during the pandemic. Rubio's first major task will be running a committee vote today on President Trump’s nominee for director of national intelligence, Rep. John Ratcliffe (R-Tex.), Donna Cassata reports.
The Trump administration’s strongest move yet to rein in Huawei may still not be effective. 

Huawei CEO Richard Yu. (Thibault Camus)
The administration's order restricts global computer chip suppliers with U.S. ties from selling to Huawei, but companies can easily get around the rules, China experts told Bob David and Dan Strumpf at the Wall Street Journal.
For instance, those companies could sell chips to Huawei suppliers rather than directly to the Chinese telecom itself. An earlier Commerce Department ban on U.S. companies selling to Huawei also had less impact than expected.
Huawei lambasted the new rule yesterday as "arbitrary and pernicious" and claimed it would put maintenance and expansion of the company's global networks on hold.

Securing the ballot

New Jersey will not use Internet-based voting in its July primary after piloting it this month.

A voting booth sits at a polling station in Milwaukee. (Thomas Werner/Bloomberg News)
State officials announced the decision during a hearing yesterday, according to Penny Venetis, the lead attorney for activists challenging the use of such tools.

The New Jersey secretary of state’s office did not respond to an email asking to confirm the decision. New Jersey is among three states that announced plans to pilot Internet voting systems during primaries this year, despite experts’ warnings the systems are highly vulnerable to hacking.
New Jersey’s online system was made available to voters with disabilities in local elections earlier this month, but only one person actually used it to vote, state officials said, according to Venetis, who directs Rutgers University Law School’s International Human Rights Clinic.

Government scan

HHS is loosening data security requirements for community-based coronavirus testing sites. 

Armon Ramirez of the Texas National Guard tests people for the coronavirus on Monday in El Paso. (Paul Ratje/AFP/Getty Images)
The Health and Human Services Department will have more discretion in deciding whether to fine community-based testing sites if they expose user data collected for covid-19 testing purposes, according to a notice posted in the Federal Register. The agency still strongly recommends providers take reasonable precautions including using secure technology to transmit medical records, the notice states.
More government news:

The comments are likely to dismay President Trump, who has pushed the notion that his political opponents committed crimes.
Matt Zapotosky

Lawmakers on Monday introduced bipartisan legislation that would prohibit the use of federal funds to purchase airport equipment made in countries that may pose a national security threat to the United States, such
The Hill

Cyber insecurity

Hackers are targeting an ever-broader array of industries as traditional targets get better at defense, Verizon finds. 

A "Yes, we're open!" sign is displayed outside a Verizon Communications Inc. store. Photographer: Angus Mordant/Bloomberg
Hackers have spent decades trying to steal data from banks and financial services firms but are now expanding to industry sectors that haven’t spent as much effort improving their digital defenses, according to the company’s 2020 Data Breach Investigations Report. Some examples include education services and the hospitality industry.
“There are certain industries where cybersecurity is not as much of a priority because they’ve not been in the crosshairs in the past,” John Loveland, Verizon’s global head of cyebrscurity strategy and marketing, told me.
Verizon also found that money was the prime motivator for more than 80 percent of hacks last year compared with espionage or political motivations. Here’s more on the report from Reuters and CyberScoop.


Daybook

  • The Center for Strategic and International Studies will host an online event “Who Makes Cyberspace Safe for Democracy?” today at 12:30 p.m.
  • The Senate Commerce Committee will mark up the CYBER LEAP Act on Wednesday at 10 a.m.
  • The Tech, Law and Security program at the American University Washington Collect of Law and R Street Institute will host a virtual discussion on the challenge of alternative voting systems during the pandemic Wednesday at 2 p.m.


Comments

Popular posts from this blog

Analysis | The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent

By Joseph Marks 13-17 minutes THE KEY President Trump delivers an address about border security amid a partial government shutdown on Jan. 8. (Carolyn Kaster/AP) The partial government shutdown that's now in its 18th day is putting key cyber policy priorities on hold and leaving vital operations to a bare bones staff. But the far greater long-term danger may be the blow to government cyber defenders' morale, former officials warn. With the prospect of better pay and greater job security in the private sector, more government cyber operators are likely to decamp to industry, those former officials tell me, and the smartest cybersecurity graduates will look to industry rather than government to hone their skills. That’s especially dangerous, they say, considering the government’s struggle to recruit and retain skilled workers amid a nationwide shortage of cybersecurity talent. About 20 percent of staffers are furloughed at the De

Democrats call for investigation into Trump’s iPhone use after a report that China is listening:Analysis | The Daily 202 I The Washington Post.

washingtonpost.com By James Hohmann _________________________________________________________________________________ President Trump and Chinese President Xi Jinping visit the Great Hall of the People in Beijing last November. (Andrew Harnik/AP) With Breanne Deppisch and Joanie Greve THE BIG IDEA: If Democrats win the House in two weeks, it’s a safe bet that one of the oversight hearings they schedule for early next year would focus on President Trump’s use of unsecured cellphones. The matter would not likely be pursued with anywhere near the gusto that congressional Republicans investigated Hillary Clinton’s use of a private email server during her time as secretary of state. Leaders of the minority party have higher priorities . But Democratic lawmakers made clear Thursday morning that they will not ignore a New York Times report that Trump has refused to stop using iPhones in the White House, despite repeated warnings from U.S. intelligence offici

RTTNews: Morning Market Briefing.-Weekly Jobless Claims Edge Down To 444,000. May 13th 2010

Morning Market Briefing Thu May 13 09:01 2010   Commentary May 13, 2010 Stocks Poised For Lackluster Open Amid Mixed Market Sentiment - U.S. Commentary Stocks are on pace for a mixed start to Thursday's session, as a mostly upbeat jobs report continued to relieve the markets while some consternation regarding the European debt crisis remained on traders' minds. The major index futures are little changed, with the Dow futures down by 4 points. Full Article Economic News May 13, 2010 Weekly Jobless Claims Edge Down To 444,000 First-time claims for unemployment benefits showed another modest decrease in the week ended May 8th, according to a report released by the Labor Department on Thursday, although the number of claims exceeded estimates due to an upward revision to the previous week's data. Full Article May 13, 2010 Malaysia's Decade High Growth Triggers Policy Tightening Malaysia's economy grew at the fastest pace in a decade in