The FBI Is Looking For A Fight Over Encryption

Uploaded on 2016-06-09 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

FBI Direcor James Comey

After buying a software tool to access a dead terrorist’s encrypted iPhone, the FBI is exploring how to make broader use of the hack while bracing for a larger battle involving encrypted text messages, e-mails and other data, Director James Comey said.

The tool used to get into the phone used by Syed Rizwan Farook, who with his wife carried out a deadly December attack in San Bernardino, California, could "in theory be used in any case where there’s a court order" to access data on an iPhone 5c running Apple’s iOS 9 operating system, Comey told reporters in Washington recently.

However, accessing content on a phone, known as “data at rest”, is only part of the challenge that encryption poses for US investigators. Software applications and other services that encrypt texts, e-mails and other information in transit over the Internet, known as “data in motion”, are “hugely significant,” especially for national security investigations, Comey said.

"The data at rest problem affects non-national security law enforcement overwhelmingly," Comey said. "The data in motion, at least today, overwhelmingly affects our national security work. Terrorists and their fellow travelers are increasingly using end-to-end encrypted apps."

Comey said criminals are increasingly using services that encrypt data in motion, and he didn’t rule out litigation against companies such as Facebook Inc.’s mobile messaging service WhatsApp, which has more than 1 billion subscribers worldwide.

WhatsApp has been embroiled in a legal dispute in Brazil, with judges twice in the last six months temporarily ordering the service blocked for failing to turn over data in response to court orders. A Facebook executive in Brazil also was detained in March for allegedly failing to cooperate with orders.

"WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house."

Comey said he currently doesn’t have plans to bring a legal case against WhatsApp. "Whether there will be litigation down the road, I don’t know," he said.

Hacking Tool

The FBI served Apple with a court order in February compelling the company to help break into an encrypted iPhone used by Farook. Apple resisted, and the FBI dropped the case last month after saying it bought a tool from a private entity it hasn’t identified to break into the phone.

State and local law enforcement agencies say they have hundreds of encrypted iPhones that they could use the FBI’s help getting into.

From October 2015 to March of this year, New York City police have been locked out of 67 Apple devices lawfully seized during investigations into 44 violent crimes, including murders, rapes and the shootings of two officers, Thomas Galati, chief of the New York City Police Department’s intelligence bureau, told a House Energy and Commerce subcommittee last month.
The FBI is trying to figure out how to allow "law enforcement around the county with court orders to be able to use our tool," Comey said.

It’s "tricky," he said, because using the tool to help state and local criminal investigations could mean that it would have to be revealed in a court proceeding if there isn’t a procedure in place to prohibit testimony about how it works.

"If we use it in a criminal case in such a way that it becomes a feature of litigation, then the nature of the tool may be exposed and utility may be significantly decreased," Comey said.

"I expect in the near future we’ll have figured out how we’re going to do it," he said. "Then we’ll tell local law enforcement, ‘If you send us a phone here are the rules.’"

Information-Management:

« 12% Of Bank CEOs Don’t Even Know If They’ve Been Hacked
First LinkedIn, Now Twitter ... Hacked User IDs For Sale »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

Centrify

Centrify

Centrify’s Next-Gen Access is an identity & access management solution that uniquely converges Identity-as-a-Service, enterprise mobility management and privileged access management.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Cross Identity

Cross Identity

Cross Identity (formerly Ilantus Technologies) is a complete IAM solution that is deep, comprehensive, and can be implemented even by non-IT persons.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

CyberDefcon

CyberDefcon

CyberDefcon is an independent organization dedicated to the pursuit of making the internet a safer place.

Very Good Security (VGS)

Very Good Security (VGS)

VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

Microchip Technology

Microchip Technology

Microchip Technology Inc. is a leading provider of smart, connected and secure embedded control solutions.

Microland

Microland

Microland’s delivery of digital is all about making technology do more and intrude less for global enterprises. Our services include Cloud & Data Center, Networks, Cybersecurity and more.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

Intelligent CloudCare

Intelligent CloudCare

Intelligent CloudCare, a division of IPS, is a full IT Services provider serving the needs of SMBs in the metropolitan New York City region.

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.

Twilio

Twilio

Twilio are the customer layer for the internet, powering the most engaging interactions companies build for their customers. We provide simple tools that solve hard problems.

Stack Overflow

Stack Overflow

Founded in 2008, Stack Overflow’s public platform is used by nearly everyone who codes to learn, share their knowledge, collaborate, and build their careers.

Runtime Ventures

Runtime Ventures

Runtime Ventures focuses on seed and pre-seed stage cybersecurity investments. We love to work with ambitious founders building the future of the secure enterprise.