Analysis | The Cybersecurity 202: Barr ramps up encryption war with Apple over Pensacola shooter's phone
By Joseph Marks
Attorney General William P. Barr just ratcheted up the government's fight against encryption.
Barr slammed Apple for its apparent refusal to help unlock unlock the devices of a Saudi air force student who opened fire last year at a U.S. military base in Pensacola, Fla. He said the strong encryption meant it took law enforcement five months to access evidence tying the shooter, Ahmed Mohammed al-Shamrani, to the terrorist group al-Qaeda in the Arabian Peninsula.
Barr presented the case as proof positive that the longstanding refusal by Apple and other tech firms to build in law enforcement access to encrypted communications is endangering Americans’ safety by allowing terrorists to recruit and plan operations in digital secrecy. Information on the devices helped launch a counterterrorism operation against an associate of Alshamrani in Yemen, Abdullah al-Maliki, Devlin Barrett reports.
“The bottom line: Our national security cannot remain in the hands of big corporations who put dollars over lawful access and public safety,” he said in a statement. “The time has come for a legislative solution.”
But Apple and other defenders of encryption drew the opposite conclusion about the case.They focused on the fact that the FBI was able to ultimately get the information it needed without Apple's help. This, they say, proves there’s no need for Apple or other companies to give law enforcement a backdoor into its encryption – which, they say, would make everyone using these devices vulnerable to criminal hackers or U.S. adversaries, and make American products less competitive on the world stage.
“It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor — one which will make every device vulnerable to bad actors who threaten our national security and the data security of our customers,” the company said. “There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations.”
The case provides a stunning example of how far apart the two sides have become in six years of battle.
In this Jan. 13, 2020, file photo Attorney General William Barr speaks to reporters at the Justice Department. (AP Photo/J. Scott Applewhite, File)
In many cases those tools can break through powerful encryption that shields people’s digital communications even from the company that runs the communications platform.
“This is just confirmation that the FBI and the Justice Department have long had the ability to get into these phones. It just takes time and resources,” Hannah Quay-de la Vallee, senior technologist at the Center for Democracy and Technology think tank, told me.
Many encryption advocates say the FBI should focus on beefing up its resources to do this faster, versus forcing the companies to undermine their own security.
This marks the second time federal investigators have sought Apple’s help cracking into an encrypted iPhone but ultimately got in on their own.The FBI went to court in 2015 to try to force Apple to help it access the contents of an encrypted iPhone used by San Bernardino, Calif., shooter Syed Farook. But the bureau dropped its efforts when an unnamed company offered a hacking tool that could break in without Apple’s assistance.
Nevertheless, Barr and other law enforcement officials repeatedly called on Apple to help break through its encryption in the Pensacola case. At the same time, they acknowledged they’d largely given up on tech companies helping them voluntarily with encryption and were focusing on seeking legislation that forces companies to cooperate instead.
Attorney General William P. Barr and President Trump. (Jabin Botsford/The Washington Post)
“Every time there’s a traumatic event requiring investigation into digital devices, the Justice Department loudly claims that it needs backdoors to encryption, and then quietly announces it actually found a way to access information without threatening the security and privacy of the entire world,” American Civil Liberties Union Senior Staff Attorney Brett Max Kaufman said in a statement.
“The boy who cried wolf has nothing on the agency that cried encryption.”
But law enforcement defenders say the fact the FBI ultimately got into the phones doesn’t make up for the long delay.“How would you have felt if it took us five months to figure out who flew into the World Trade Center?” former National Security Agency general counsel Stewart Baker told me. “That’s an unacceptable price to pay in a terrorism investigation and in many law enforcement investigations where capturing a kidnapper or murderer is going to be almost impossible after five months.”
Sen. Tom Cotton (R-Ark.) thrashed Apple on Twitter, accusing the company of “siding with terrorists over law enforcement”:
Despite Apple’s stonewalling, the FBI was finally able to access critical data from the iPhone of a terrorist. I applaud their determination & hard work. But it’s work that wouldn’t need to be done if Apple would ‘Think Different’ about siding with terrorists over law enforcement https://t.co/1eDehIou95— Tom Cotton (@SenTomCotton) May 18, 2020
Proponents of law enforcement access to encryption say the tide is turning their way.They point to a slew of scandals at major tech companies since 2016 that has stoked public distrust.
Barr and other top Justice Department officials have also refocused many of their public arguments on how encrypted systems allow extensive sharing of child pornography and other material that exploits children, which has helped rally support in Congress. A bill with bipartisan support would remove tech companies' liability shield for what their users share and post if they don't follow a new set of rules that could include weakening encryption.
“There is a growing lack of patience among people who are not already ideologically committed to Silicon Valley on this issue,” Baker told me. “I’m of the opinion that Apple’s position doesn’t get stronger over time because the number of people whose lives have been touched in a way their encryption policies makes worse continues to grow.”
The coronavirus crisis could give a boost for the anti-backdoor movement.Public support for strong encryption might be strengthened as Americans are even more reliant on the Internet and their personal devices during the coronavirus pandemic.
“The value of encryption grows as more of our lives move online and you just can’t not be online now,” Quay-de la Vallee told me. “So, the question of what’s the value of encryption just becomes clearer every day.”
Israel was responsible for a cyberattack that brought an Iranian port to a standstill this month, U.S. officials say.
The port at Bandar Abbas, Iran. (Dan Rosenbaum/British Royal Navy/AP)
If Israel was behind the attacks, it could lead to a dangerous escalation in hacking conflict between the regional enemies, Joby and Ellen report.
“Assuming it’s true, this is in line with Israeli policy of aggressively responding to Iranian provocation, either kinetically or through other means. Any time you see Iranian escalation… you have consistently seen Israeli retaliation," said Dmitri Alperovitch, a cybersecurity policy fellow at the Harvard Belfer Center and founder and former chief technology officer of cybersecurity firm CrowdStrike.
Sen. Marco Rubio’s temporary appointment as Senate Intelligence Committee chair puts a China hawk in the pivotal post.
Sen.. Marco Rubio (R-Fla.). (Andrew Harnik/AP/Bloomberg News)
Vice Chairman Mark Warner (D-Va.), who has worked with Rubio on legislation to prevent Chinese security threats, commended his appointment. Reuters's Jonathan Landay:
SSCI Vice Chairman Mark Warner: “Senator Rubio has been a great partner on intelligence and national security issues and I look forward to working with him in his new role as Acting Chairman.”— Jonathan Landay (@JonathanLanday) May 18, 2020
The Trump administration’s strongest move yet to rein in Huawei may still not be effective.
Huawei CEO Richard Yu. (Thibault Camus)
For instance, those companies could sell chips to Huawei suppliers rather than directly to the Chinese telecom itself. An earlier Commerce Department ban on U.S. companies selling to Huawei also had less impact than expected.
Huawei lambasted the new rule yesterday as "arbitrary and pernicious" and claimed it would put maintenance and expansion of the company's global networks on hold.
Securing the ballot
New Jersey will not use Internet-based voting in its July primary after piloting it this month.
A voting booth sits at a polling station in Milwaukee. (Thomas Werner/Bloomberg News)
The New Jersey secretary of state’s office did not respond to an email asking to confirm the decision. New Jersey is among three states that announced plans to pilot Internet voting systems during primaries this year, despite experts’ warnings the systems are highly vulnerable to hacking.
New Jersey’s online system was made available to voters with disabilities in local elections earlier this month, but only one person actually used it to vote, state officials said, according to Venetis, who directs Rutgers University Law School’s International Human Rights Clinic.
HHS is loosening data security requirements for community-based coronavirus testing sites.
Armon Ramirez of the Texas National Guard tests people for the coronavirus on Monday in El Paso. (Paul Ratje/AFP/Getty Images)
More government news:
Hackers are targeting an ever-broader array of industries as traditional targets get better at defense, Verizon finds.
A "Yes, we're open!" sign is displayed outside a Verizon Communications Inc. store. Photographer: Angus Mordant/Bloomberg
“There are certain industries where cybersecurity is not as much of a priority because they’ve not been in the crosshairs in the past,” John Loveland, Verizon’s global head of cyebrscurity strategy and marketing, told me.
Verizon also found that money was the prime motivator for more than 80 percent of hacks last year compared with espionage or political motivations. Here’s more on the report from Reuters and CyberScoop.
- The Center for Strategic and International Studies will host an online event “Who Makes Cyberspace Safe for Democracy?” today at 12:30 p.m.
- The Senate Commerce Committee will mark up the CYBER LEAP Act on Wednesday at 10 a.m.
- The Tech, Law and Security program at the American University Washington Collect of Law and R Street Institute will host a virtual discussion on the challenge of alternative voting systems during the pandemic Wednesday at 2 p.m.