FBI's "Outside Party" Revealed as Bureau Angles to Keep New Hack Secret

The Verge notes that the company "has a sole-source contract with the FBI that it signed in 2013 specifically to help with mobile forensics and data extraction, exactly the task presented by the San Bernardino case." (Photo: iphonedigital/flickr/cc)

FBI's "Outside Party" Revealed as Bureau Angles to Keep New Hack Secret

FBI is getting help from an Israeli software company in effort to unlock San Bernardino phone

The FBI wants to classify its new "alternate" method of unlocking the suspected San Bernardino shooter's iPhone, keeping it secret even from Apple itself, according to new reporting.

The Guardianconfirmed with government officials on Wednesday that the technique does enable the FBI to get into Syed Farook's iPhone. That means the agency can back off from its legal battle with Apple, which has accrued widespread support from consumers and privacy advocates in its refusal to create decryption software.

The FBI made its announcement on Monday, a day before it was due in court to continue seeking an order to force Apple to unlock Farook's phone, which Apple has said would weaken its users' privacy rights.

However, "the government now has to be very cautious about when to use the method, which was provided by an 'outside party', according to court filings," the Guardian's Danny Yadron writes.

And according to additional reporting by Reuters on Wednesday, the "outside party" is an Israeli software company called Cellebrite, which creates, among other things, "a forensics system used by law enforcement, military and intelligence that retrieves data hidden inside mobile devices."

As The Vergenotes, Cellebrite's involvement in the case is not a total surprise. The company has "a sole-source contract with the FBI that it signed in 2013 specifically to help with mobile forensics and data extraction, exactly the task presented by the San Bernardino case," writes Ashley Carman.

Carman explains:

[E]xperts speculate the attack is based on a NAND mirroring technique, which involves essentially copying the flash memory of the device so it can be restored after a lockscreen wipe. US Representative Darrel Issa directly asked FBI Director James Comey about the possibility of using this technique during a House Judiciary hearing last month. The bureau is now well aware of its existence, and there's no reason to believe it won't work on the iPhone 5C in question. Notably, this method will run into problems on phones with a Secure Enclave, ruling out any phones beyond the 5S.

Apple's attorneys said Monday they would request the FBI inform them of the security flaw they discovered and how they were able to exploit it.

As Bloomberg explains, the FBI may in fact be subject to a little-known process called the "equities review," which was created by the Obama administration to determine if security flaws should be disclosed.

"I do think it should be subjected to an equities review," Chris Inglis, former National Security Agency (NSA) deputy director, told Bloomberg. "The government cannot choose sides in the tension between individual and collective security so the equities process should be run to put both on a level playing field."

Nate Cardozo, staff attorney at the digital rights group Electronic Frontier Foundation, added, "The equities process is supposed to apply to anytime the government discovers, learns of, buys or uses vulnerabilities of any kind. If it's anything where they're attacking the phone in software, it would be subject to the equities review."

At any rate, as civil liberties advocates said this week, the showdown between Apple and the FBI is far from over. Alex Abdo, an attorney with the ACLU's Speech, Privacy, and Technology Project, wrote in a blog post published Tuesday that "[e]ven if the FBI gets access to the San Bernardino phone using the new method it is exploring, it is inevitable that the FBI will come knocking again," particularly as Apple and other tech companies begin to bolster their existing security systems in response to consumer demand.

The FBI's sudden discovery of the new hacking method also strains trust in the agency's technical expertise, Abdo writes, adding, "We have already explained that a key premise of the government's argument--that it would lose the data if it tried to guess the passcode too many times--was false. And now the FBI is acknowledging that its previous statements that only Apple could help may also have been wrong."

Surveillance blogger Marcy Wheeler also noted that the Department of Justice (DOJ) has claimed at least 19 times that the only way it could get into Farook's phone was with Apple's help, a claim which security experts consistently disputed. And as digital rights group Fight for the Future said Wednesday, the DOJ never named Cellebrite as an option in its previous court filings.

Fight for the Future campaign director Evan Greer said the latest developments indicate that the FBI is backing down because it is losing public trust and is increasingly unlikely to set the precedent that Apple unlock an iPhone on the bureau's command. "The FBI's last minute excuse is about as believable as an undergrad who comes down with the flu the night before their paper is due," Greer said. "They should come clean immediately, and admit that they mislead the court and the public, to avoid further damaging what's left of their credibility."

Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.