The FBI Is Looking For A Fight Over Encryption

Uploaded on 2016-06-09 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

FBI Direcor James Comey

After buying a software tool to access a dead terrorist’s encrypted iPhone, the FBI is exploring how to make broader use of the hack while bracing for a larger battle involving encrypted text messages, e-mails and other data, Director James Comey said.

The tool used to get into the phone used by Syed Rizwan Farook, who with his wife carried out a deadly December attack in San Bernardino, California, could "in theory be used in any case where there’s a court order" to access data on an iPhone 5c running Apple’s iOS 9 operating system, Comey told reporters in Washington recently.

However, accessing content on a phone, known as “data at rest”, is only part of the challenge that encryption poses for US investigators. Software applications and other services that encrypt texts, e-mails and other information in transit over the Internet, known as “data in motion”, are “hugely significant,” especially for national security investigations, Comey said.

"The data at rest problem affects non-national security law enforcement overwhelmingly," Comey said. "The data in motion, at least today, overwhelmingly affects our national security work. Terrorists and their fellow travelers are increasingly using end-to-end encrypted apps."

Comey said criminals are increasingly using services that encrypt data in motion, and he didn’t rule out litigation against companies such as Facebook Inc.’s mobile messaging service WhatsApp, which has more than 1 billion subscribers worldwide.

WhatsApp has been embroiled in a legal dispute in Brazil, with judges twice in the last six months temporarily ordering the service blocked for failing to turn over data in response to court orders. A Facebook executive in Brazil also was detained in March for allegedly failing to cooperate with orders.

"WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house."

Comey said he currently doesn’t have plans to bring a legal case against WhatsApp. "Whether there will be litigation down the road, I don’t know," he said.

Hacking Tool

The FBI served Apple with a court order in February compelling the company to help break into an encrypted iPhone used by Farook. Apple resisted, and the FBI dropped the case last month after saying it bought a tool from a private entity it hasn’t identified to break into the phone.

State and local law enforcement agencies say they have hundreds of encrypted iPhones that they could use the FBI’s help getting into.

From October 2015 to March of this year, New York City police have been locked out of 67 Apple devices lawfully seized during investigations into 44 violent crimes, including murders, rapes and the shootings of two officers, Thomas Galati, chief of the New York City Police Department’s intelligence bureau, told a House Energy and Commerce subcommittee last month.
The FBI is trying to figure out how to allow "law enforcement around the county with court orders to be able to use our tool," Comey said.

It’s "tricky," he said, because using the tool to help state and local criminal investigations could mean that it would have to be revealed in a court proceeding if there isn’t a procedure in place to prohibit testimony about how it works.

"If we use it in a criminal case in such a way that it becomes a feature of litigation, then the nature of the tool may be exposed and utility may be significantly decreased," Comey said.

"I expect in the near future we’ll have figured out how we’re going to do it," he said. "Then we’ll tell local law enforcement, ‘If you send us a phone here are the rules.’"

Information-Management:

« 12% Of Bank CEOs Don’t Even Know If They’ve Been Hacked
First LinkedIn, Now Twitter ... Hacked User IDs For Sale »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Purdicom

Purdicom

Purdicom (formerly known as Selcoms) is an award winning distributor specialising in Wireless, Cloud & Security technologies.

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

Secardeo

Secardeo

Secardeo is a provider of corporate solutions using digital signatures and certificates. Our solutions enable the user transparent end-to-end encryption of e-mails between organizations.

Startups.be

Startups.be

Startups.be helps tech entrepreneurs to be successful by providing quality access to service providers, business partners, customers and investors.

GoSecure

GoSecure

GoSecure Managed Detection and Response helps all organizations reduce dwell time by preventing breaches before they happen.

OWN

OWN

OWN (formerly SEKOIA) is a major French player in cybersecurity providing tailor-made, informed and adapted cyber support thanks to its DNA of passionate and committed experts.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Filigran

Filigran

Filigran provides threat intelligence, adversary simulation and crisis response open solutions to thousands of cybersecurity and crisis management teams across the world.

Kahootz

Kahootz

Kahootz is a highly secure cloud collaboration platform helping teams to work together across organisations.

Barrier Networks

Barrier Networks

Barrier Networks are a Cyber Security Managed Service Provider that specialises in Network and Application security.

SOC-E

SOC-E

SOC-E is a leading technology provider for high-availability and deterministic networking, sub-microsecond synchronization and cybersecurity solutions for critical sectors.

Deimos

Deimos

Deimos is a technology, cloud, hybrid and multi-cloud focused, professional services company. Our expertise and focus is on cloud native Developer and Security Operations.