The FBI Is Looking For A Fight Over Encryption

FBI Direcor James Comey

After buying a software tool to access a dead terrorist’s encrypted iPhone, the FBI is exploring how to make broader use of the hack while bracing for a larger battle involving encrypted text messages, e-mails and other data, Director James Comey said.

The tool used to get into the phone used by Syed Rizwan Farook, who with his wife carried out a deadly December attack in San Bernardino, California, could "in theory be used in any case where there’s a court order" to access data on an iPhone 5c running Apple’s iOS 9 operating system, Comey told reporters in Washington recently.

However, accessing content on a phone, known as “data at rest”, is only part of the challenge that encryption poses for US investigators. Software applications and other services that encrypt texts, e-mails and other information in transit over the Internet, known as “data in motion”, are “hugely significant,” especially for national security investigations, Comey said.

"The data at rest problem affects non-national security law enforcement overwhelmingly," Comey said. "The data in motion, at least today, overwhelmingly affects our national security work. Terrorists and their fellow travelers are increasingly using end-to-end encrypted apps."

Comey said criminals are increasingly using services that encrypt data in motion, and he didn’t rule out litigation against companies such as Facebook Inc.’s mobile messaging service WhatsApp, which has more than 1 billion subscribers worldwide.

WhatsApp has been embroiled in a legal dispute in Brazil, with judges twice in the last six months temporarily ordering the service blocked for failing to turn over data in response to court orders. A Facebook executive in Brazil also was detained in March for allegedly failing to cooperate with orders.

"WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house."

Comey said he currently doesn’t have plans to bring a legal case against WhatsApp. "Whether there will be litigation down the road, I don’t know," he said.

Hacking Tool

The FBI served Apple with a court order in February compelling the company to help break into an encrypted iPhone used by Farook. Apple resisted, and the FBI dropped the case last month after saying it bought a tool from a private entity it hasn’t identified to break into the phone.

State and local law enforcement agencies say they have hundreds of encrypted iPhones that they could use the FBI’s help getting into.

From October 2015 to March of this year, New York City police have been locked out of 67 Apple devices lawfully seized during investigations into 44 violent crimes, including murders, rapes and the shootings of two officers, Thomas Galati, chief of the New York City Police Department’s intelligence bureau, told a House Energy and Commerce subcommittee last month.
The FBI is trying to figure out how to allow "law enforcement around the county with court orders to be able to use our tool," Comey said.

It’s "tricky," he said, because using the tool to help state and local criminal investigations could mean that it would have to be revealed in a court proceeding if there isn’t a procedure in place to prohibit testimony about how it works.

"If we use it in a criminal case in such a way that it becomes a feature of litigation, then the nature of the tool may be exposed and utility may be significantly decreased," Comey said.

"I expect in the near future we’ll have figured out how we’re going to do it," he said. "Then we’ll tell local law enforcement, ‘If you send us a phone here are the rules.’"

Information-Management:

« 12% Of Bank CEOs Don’t Even Know If They’ve Been Hacked
First LinkedIn, Now Twitter ... Hacked User IDs For Sale »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

Onapsis

Onapsis

Onapsis is a pioneer in cybersecurity and compliance solutions for cloud and on-premise ERP and business-critical applications.

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

Phew

Phew

Phew are New Zealand cyber security specialists with expertise and experience forged in global financial markets, IT&T, management consulting and SME business management.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

CyberClan

CyberClan

CyberClan’s carefully selected team of experts is capable of solving complex cyber security challenges – keeping your data secure and your businesses running as usual.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

Liquid Intelligent Technologies

Liquid Intelligent Technologies

Liquid Intelligent Technologies is a leading communications solutions provider across Africa, providing reliable connectivity, hosting, co-location, and digital services including cyber security.

Getronics

Getronics

Getronics guides customers through their own transformation journeys, leveraging an integrated and secure-by-design IT portfolio.

8com

8com

8com is an established Managed Security Service Provider (MSSP) with over 75 employees and customers in over 40 countries.

McKinsey & Company

McKinsey & Company

McKinsey & Company is a global management consulting firm. We are trusted advisor to the world's leading businesses, governments, and institutions.

Cura Technology

Cura Technology

Cura Technology offers a wide array of security solutions meticulously designed to address specific facets of your security requirements.

Omnex

Omnex

Omnex provides consulting and training services in Quality, Environmental, and Health and Safety standards-based management systems including Automotive Cybersecurity.

Nordic Defender

Nordic Defender

Nordic Defender is the first crowd-powered modern cybersecurity solution provider in the Nordic region.