The FBI Is Looking For A Fight Over Encryption

Uploaded on 2016-06-09 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

FBI Direcor James Comey

After buying a software tool to access a dead terrorist’s encrypted iPhone, the FBI is exploring how to make broader use of the hack while bracing for a larger battle involving encrypted text messages, e-mails and other data, Director James Comey said.

The tool used to get into the phone used by Syed Rizwan Farook, who with his wife carried out a deadly December attack in San Bernardino, California, could "in theory be used in any case where there’s a court order" to access data on an iPhone 5c running Apple’s iOS 9 operating system, Comey told reporters in Washington recently.

However, accessing content on a phone, known as “data at rest”, is only part of the challenge that encryption poses for US investigators. Software applications and other services that encrypt texts, e-mails and other information in transit over the Internet, known as “data in motion”, are “hugely significant,” especially for national security investigations, Comey said.

"The data at rest problem affects non-national security law enforcement overwhelmingly," Comey said. "The data in motion, at least today, overwhelmingly affects our national security work. Terrorists and their fellow travelers are increasingly using end-to-end encrypted apps."

Comey said criminals are increasingly using services that encrypt data in motion, and he didn’t rule out litigation against companies such as Facebook Inc.’s mobile messaging service WhatsApp, which has more than 1 billion subscribers worldwide.

WhatsApp has been embroiled in a legal dispute in Brazil, with judges twice in the last six months temporarily ordering the service blocked for failing to turn over data in response to court orders. A Facebook executive in Brazil also was detained in March for allegedly failing to cooperate with orders.

"WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house."

Comey said he currently doesn’t have plans to bring a legal case against WhatsApp. "Whether there will be litigation down the road, I don’t know," he said.

Hacking Tool

The FBI served Apple with a court order in February compelling the company to help break into an encrypted iPhone used by Farook. Apple resisted, and the FBI dropped the case last month after saying it bought a tool from a private entity it hasn’t identified to break into the phone.

State and local law enforcement agencies say they have hundreds of encrypted iPhones that they could use the FBI’s help getting into.

From October 2015 to March of this year, New York City police have been locked out of 67 Apple devices lawfully seized during investigations into 44 violent crimes, including murders, rapes and the shootings of two officers, Thomas Galati, chief of the New York City Police Department’s intelligence bureau, told a House Energy and Commerce subcommittee last month.
The FBI is trying to figure out how to allow "law enforcement around the county with court orders to be able to use our tool," Comey said.

It’s "tricky," he said, because using the tool to help state and local criminal investigations could mean that it would have to be revealed in a court proceeding if there isn’t a procedure in place to prohibit testimony about how it works.

"If we use it in a criminal case in such a way that it becomes a feature of litigation, then the nature of the tool may be exposed and utility may be significantly decreased," Comey said.

"I expect in the near future we’ll have figured out how we’re going to do it," he said. "Then we’ll tell local law enforcement, ‘If you send us a phone here are the rules.’"

Information-Management:

« 12% Of Bank CEOs Don’t Even Know If They’ve Been Hacked
First LinkedIn, Now Twitter ... Hacked User IDs For Sale »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Voyager Networks

Voyager Networks

Voyager Networks is an IT solutions business with a focus on Enterprise Networks, Security and Collaborative Communications.

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer is a global law firm with a track record of successfully supporting the world's leading corporations, financial institutions and governments.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

ID Experts

ID Experts

ID Experts is a leading provider of identity protection and data breach services for companies and individuals throughout the USA.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

Vortiv

Vortiv

Vortiv Ltd (formerly known as Transaction Solutions International Ltd) is a technology based company focused on the cybersecurity and the cloud services sector.

Nucleus Security

Nucleus Security

Nucleus is a leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

Softcat

Softcat

Softcat offer a broad portfolio of IT services and solutions covering Hybrid Infrastructure, Cyber Security, Digital Workspace and IT Intelligence.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Think|Stack

Think|Stack

Think|Stack is a managed IT services company specializing in cloud and cybersecurity with human-centered design.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

SecurEnvoy

SecurEnvoy

SecurEnvoy are a leader in designing zero access trust solutions using the latest cutting-edge technologies, to protect your users, devices and data, whatever the location.