Police are unlikely to win wider access to smartphones despite FBI success in San Bernardino case – Los Angeles Times
The successful hack of a phone linked to the San Bernardino terror attacks is unlikely to help police win greater access to encrypted data contained inside thousands of smartphones sitting in evidence lockers nationwide, legal experts and law enforcement officials said Tuesday.
Though the FBI might want to use the new tool to help solve outstanding criminal cases, doing so would also make the process subject to discovery during criminal trials and place the information in the public domain, according to the official, who was not authorized to discuss the case and spoke on the condition of anonymity.
Any application of the method used to access Farook’s phone would probably be limited to investigations that are unlikely to result in criminal cases, the official said.
“A technical option developed for a particular computing device may not work on other devices,” the FBI official said. “The effectiveness of these lawful methods may be limited by time and resources, and may lack the scalability to be a viable option for most investigations.”
News that the FBI found a way into Farook’s phone Monday drew excited reactions from police, who have long complained that encrypted data represents a major roadblock to routine police investigations. Thousands of smartphones sit in police evidence lockers across the country. At least 400 locked devices are in the possession of the Los Angeles Police Department and the L.A. County Sheriff’s Department.
“From all the chiefs that I’ve talked to, we’re hopeful this will give us some insight into how we’re going to be able to get into some of the phones sitting in all of our evidence rooms,” said Terry Cunningham, police chief in Wellesley, Mass., and president of the International Assn. of Chiefs of Police. “We’re clearly anxious to learn what they did and how they did it and if it can be replicated.”
Federal investigators have said little about how they gained access to Farook’s phone. The iPhone 5c was at the center of a looming court battle between the FBI and Apple, which rose out of a court order demanding that Apple create software that would allow the FBI to access encrypted data on the device.
Farook disabled the phone’s iCloud backup feature six weeks before the Dec. 2 attack, according to court filings. He had also enabled an auto-erase feature that would permanently destroy all data on the phone after 10 consecutive failed attempts to enter the device’s password.
A third party provided the FBI with a way to disable the password entry limit, according to a law enforcement official with knowledge of the investigation. The official also requested anonymity because they were not authorized to discuss the case.
Despite the success involving Farook’s phone, it is unlikely that the process could be replicated on other devices, the official said.
Internal government policy might also limit what, if anything, the FBI could share about the method used to crack Farook’s phone, according to Andrew Crocker, a staff attorney with the Electronic Frontier Foundation, a digital rights advocacy group.
If the government exploited a flaw in Apple’s security measures, it could be required to disclose that information to Apple under the “Vulnerabilities Equities Process,” Crocker said. The policy is weighted toward disclosure, but the government has successfully fought to keep such details private before.
Government agencies are allowed to share information about digital security flaws with one another, he said. But if the government chose not to share that information with Apple, it could also conceivably be barred from telling police agencies about the process used to unlock Farook’s phone.
“They certainly can share it within the federal government without disclosing it to Apple,” Crocker said. “The way I read the policy, sharing it with local police would be a dissemination outside the government.”
Though the debate over Farook’s phone did not land in criminal court, the fight between law enforcement and Silicon Valley over access to encrypted data is far from over. Though the FBI may have claimed a victory this week, some police leaders fear it won’t take long for Apple or another company to build tougher encryption methods.
“If the FBI did in fact find some type of a flaw that they were able to exploit, clearly the industry is going to say ‘We’ve got to find a way to plug that hole,'” Cunningham said.