The FBI Is Looking For A Fight Over Encryption

FBI Direcor James Comey

After buying a software tool to access a dead terrorist’s encrypted iPhone, the FBI is exploring how to make broader use of the hack while bracing for a larger battle involving encrypted text messages, e-mails and other data, Director James Comey said.

The tool used to get into the phone used by Syed Rizwan Farook, who with his wife carried out a deadly December attack in San Bernardino, California, could "in theory be used in any case where there’s a court order" to access data on an iPhone 5c running Apple’s iOS 9 operating system, Comey told reporters in Washington recently.

However, accessing content on a phone, known as “data at rest”, is only part of the challenge that encryption poses for US investigators. Software applications and other services that encrypt texts, e-mails and other information in transit over the Internet, known as “data in motion”, are “hugely significant,” especially for national security investigations, Comey said.

"The data at rest problem affects non-national security law enforcement overwhelmingly," Comey said. "The data in motion, at least today, overwhelmingly affects our national security work. Terrorists and their fellow travelers are increasingly using end-to-end encrypted apps."

Comey said criminals are increasingly using services that encrypt data in motion, and he didn’t rule out litigation against companies such as Facebook Inc.’s mobile messaging service WhatsApp, which has more than 1 billion subscribers worldwide.

WhatsApp has been embroiled in a legal dispute in Brazil, with judges twice in the last six months temporarily ordering the service blocked for failing to turn over data in response to court orders. A Facebook executive in Brazil also was detained in March for allegedly failing to cooperate with orders.

"WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house."

Comey said he currently doesn’t have plans to bring a legal case against WhatsApp. "Whether there will be litigation down the road, I don’t know," he said.

Hacking Tool

The FBI served Apple with a court order in February compelling the company to help break into an encrypted iPhone used by Farook. Apple resisted, and the FBI dropped the case last month after saying it bought a tool from a private entity it hasn’t identified to break into the phone.

State and local law enforcement agencies say they have hundreds of encrypted iPhones that they could use the FBI’s help getting into.

From October 2015 to March of this year, New York City police have been locked out of 67 Apple devices lawfully seized during investigations into 44 violent crimes, including murders, rapes and the shootings of two officers, Thomas Galati, chief of the New York City Police Department’s intelligence bureau, told a House Energy and Commerce subcommittee last month.
The FBI is trying to figure out how to allow "law enforcement around the county with court orders to be able to use our tool," Comey said.

It’s "tricky," he said, because using the tool to help state and local criminal investigations could mean that it would have to be revealed in a court proceeding if there isn’t a procedure in place to prohibit testimony about how it works.

"If we use it in a criminal case in such a way that it becomes a feature of litigation, then the nature of the tool may be exposed and utility may be significantly decreased," Comey said.

"I expect in the near future we’ll have figured out how we’re going to do it," he said. "Then we’ll tell local law enforcement, ‘If you send us a phone here are the rules.’"

Information-Management:

« 12% Of Bank CEOs Don’t Even Know If They’ve Been Hacked
First LinkedIn, Now Twitter ... Hacked User IDs For Sale »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

Paramount Computer Systems

Paramount Computer Systems

Paramount is a regional leader in the Middle East for cybersecurity solutions and consulting services.

Usenix

Usenix

Usenix brings together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of computing.

Inspired eLearning

Inspired eLearning

Inspired eLearning deliver solutions that help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations.

Cybercrime Investigation & Coordinating Center (CICC)

Cybercrime Investigation & Coordinating Center (CICC)

The Cybercrime Investigation and Coordinating Center (CICC) is an attached agency of the Philippines Department of Information and Communications Technology (DICT).

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

Xiarch Solutions

Xiarch Solutions

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Istari

Istari

ISTARI is a new kind of cyber risk management company. We’re an agile collective of best-in-class capabilities and experts, who build ongoing partnerships with clients.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

AKS iQ

AKS iQ

AKS iQ leads the RegTech sector with AI, automating regulatory compliance in the banking industry and ensuring paperless TBML and CFT adherence in finance.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.

Hartman Executive Advisors

Hartman Executive Advisors

Hartman Executive Advisors is an unbiased IT and cyber advisory firm uniquely designed to help mid-market executives maximize their IT investments.

Accompio

Accompio

Accompio offer comprehensive support in the digitalisation of your business processes.