FBI Director Christopher Wray on Encryption: We Can’t Have an ‘Entirely Unfettered Space Beyond the Reach of Law Enforcement’

Encryption should not provide an "unfettered space" for criminals to hide behind, FBI Director Christopher Wray said today in an interview at the RSA conference, a cybersecurity event in San Francisco.

As noted by CNET, Wray said that while the FBI is not seeking backdoors in electronics, encryption needs to have limitations.

"It can't be a sustainable end state for there to be an entirely unfettered space that's utterly beyond law enforcement for criminals to hide," Wray said, echoing a position that law enforcement officials have taken on encryption time and time again.

Apple and other technology companies have been clashing with law enforcement agencies like the FBI and fighting anti-encryption legislation for years now. Apple's most public battle with the U.S. government was in 2016, when the Cupertino company was ordered to help the FBI unlock the iPhone used by Syed Farook, a shooter in the 2015 attacks in San Bernardino.

Apple opposed the order and said that it would set a "dangerous precedent" with serious implications for the future of smartphone encryption. Apple held its ground and the U.S. government backed off after finding an alternate way to access the data on the device, but Apple is continually dealing with additional law enforcement attempts to weaken encryption.

Multiple tech companies, Apple included, have formed the Reform Government Surveillance coalition to promote strong device encryption and fight against legislation calling for backdoor access into electronic devices.

Apple has argued that strong encryption is essential for keeping its customers safe from hackers and other malicious entities. A backdoor created for government access would not necessarily remain in government hands and could put the company's entire customer base at risk.

During the interview, Wray said that encryption is a "provocative subject" and he provided no additional insight into how tech companies might provide strong encryption for customers while also acquiescing to law enforcement demands for device access.

Wray did say that the U.S. is seeing an uptick in threats from "various foreign adversaries" that are using criminal hackers, which suggests the need for strong encryption is greater than ever.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "FBI Director Christopher Wray on Encryption: We Can't Have an 'Entirely Unfettered Space Beyond the Reach of Law Enforcement'" first appeared on MacRumors.com

Discuss this article in our forums

First Case Surfaces of Law Enforcement Forcing Suspect to Unlock iPhone With Face ID

A Forbes report has highlighted the first known case of law enforcement forcing a suspect to unlock an iPhone using Face ID.

The incident reportedly happened in August when federal agents obtained a warrant to search the house of a man in Columbus, Ohio, as part of a child abuse investigation.

Apple marketing image for Face ID

According to case documents, FBI agents got 28-year-old Grant Michalski to put his face in front of his iPhone X to activate the Face ID facial authentication.

After the device was unlocked, investigators looked through Michalski's chat history, photos, and other files stored on the phone. Evidence discovered on the device was used to charge the suspect later that month with receiving and possessing child pornography.

Several previous cases have occurred where law enforcement has gained access to digital data by forcing people to unlock mobile devices using their fingers. One case even reportedly involved trying to use the finger of a dead person to unlock a phone, which ultimately didn't work.

However, this appears to be the first case in which Face ID has been used, so it's likely to reignite debate over where the law stands in relation to biometric authentication methods.

In the United States, forcing someone to give up a password is interpreted as self-incrimination, which is protected by the fifth amendment and against the law. Nevertheless, courts have ruled that there's a difference between a biometric recognition system like Touch ID and a passcode that you type into your phone.

In the case highlighted by Forbes, the FBI was eventually locked out of the phone and had to gain a second search warrant to allow them to conduct a more thorough search of the device using a third-party unlocking solution, likely similar to Grayshift.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: FBI, Face ID, law

Discuss this article in our forums

FBI Forensic Examiner Stephen Flatley Calls Apple ‘Jerks’ and ‘Evil Geniuses’ for Encrypting iPhones

Senior FBI forensic examiner Stephen R. Flatley spoke at the International Conference on Cyber Security yesterday, and during the talk he discussed Apple and the FBI's differing opinions on the topic of smartphone encryption. According to Motherboard, Flatley described the company as "jerks" and "evil geniuses" for creating iOS device encryption that is so powerful as to prevent Apple itself from entering users' iPhones.

Flatley said that recent updates to Apple device encryption have made password guesses slower, by increasing hash iterations from 10 thousand to 10 million, "making his and his colleagues' investigative work harder." This extended brute force crack time from a few days to two months, leading to Flatley stating that Apple is "pretty good at evil genius stuff." No detailed context was given regarding his "jerks" comment.

Image of Stephen Flatley taken by Lorenzo Franceschi-Bicchierai via Motherboard
That means, he explained, that “password attempts speed went from 45 passwords a second to one every 18 seconds,” referring to the difficulty of cracking a password using a “brute force” method in which every possible permutation is tried. There are tools that can input thousands of passwords in a very short period of time—if the attempts per minute are limited, it becomes much harder and slower to crack.

"Your crack time just went from two days to two months," Flatley said. “At what point is it just trying to one up things and at what point is it to thwart law enforcement?" he added. "Apple is pretty good at evil genius stuff."
Flatley's comments come nearly two years after the Apple-FBI dispute began, when a federal judge ordered Apple to help the FBI enter the iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino. The FBI said it wanted Apple's help to enter just Farook's iPhone 5c, but Apple explained that the software it was asked to create could become a "master key" and be able to get information from any iPhone or iPad.

For this reason, Apple denied the request and CEO Tim Cook penned an open letter describing the potential for setting a "dangerous precedent" if the company did go along with the order. The battle eventually ended a few months later after the government discovered an alternative way of entering Farook's iPhone 5c, reportedly with the help of Israeli firm Cellebrite.

Flately mentioned Cellebrite as well during the security conference, describing the firm as "another evil genius" that counters Apple's encryption and can help the FBI when it needs to enter a smartphone. The forensic examiner was described as not clearly stating Cellebrite's name, but "facetiously coughing" at the same time to somewhat obscure the comment.

Although the Apple-FBI dispute has ended, debates over smartphone encryption have remained ongoing the past few years. In October 2017, a report came out stating that the FBI was unable to retrieve data from 6,900 mobile devices it had attempted to gain access to over the previous 11 months. That number accounted for half of the total devices the FBI tried to get into, and FBI Director Christopher Wray described the FBI's inability to retrieve information from these devices as a "huge, huge problem."

At the end of the case in 2016, Apple issued a statement explaining that the company will continue to assist the FBI when it can, but not at the expense of the data protection, security, and privacy of its customers: "Apple believes deeply that people in the United States and around the world deserve data protection, security, and privacy. Sacrificing one for the other only puts people and countries at greater risk."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

FBI Didn’t Ask Apple for Help Unlocking Texas Shooter’s iPhone in First 48 Hours

In the aftermath of a deadly shooting at a Texas Church on November 5th, the FBI and other law enforcement agencies failed to immediately ask Apple for help unlocking shooter Devin Patrick Kelley's iPhone, reports Reuters.

According to a source that spoke to Reuters, the FBI did not contact Apple for about 48 hours after the shooting, missing a critical window where the iPhone in question might have been easier to unlock.

If the iPhone had Touch ID enabled, the shooter's finger might have been able to be used to unlock the device. But that unlocking method would have needed to be used within a 48 hour window, as Touch ID is disabled after 48 hours have passed since it was last activated or when the iPhone is powered off.

Christopher Combs, head of the FBI's San Antonio field office, said on Tuesday that the shooter's smartphone is being transferred to the FBI's crime lab in Quantico, Virginia as authorities have not been able to unlock it.

Little is known about the shooter's smartphone at this time. Sources told the Washington Post that it's an iPhone, but it's not known which iPhone it is nor which version of iOS it's running. It's also not known if Touch ID was indeed enabled on the phone at this point.

As we learned with the San Bernardino case, Apple will not provide authorities with the tools to unlock the iPhone, but the company can and will provide iCloud data if compelled by court order. It is not known if Apple has already received a court order asking for iCloud information.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: FBI, Apple-FBI

Discuss this article in our forums

FBI Unable to Retrieve Encrypted Data From 6,900 Devices Over the Last 11 Months

The United States Federal Bureau of Investigation was unable to retrieve data from 6,900 mobile devices that it attempted to access over the course of the last 11 months, reports the Associated Press.

FBI Director Christopher Wray shared the number at an annual conference for the International Association of Chiefs of Police on Sunday.

During the first 11 months of the current fiscal year, Wray says the 6,900 devices that were inaccessible accounted for half of the total devices the FBI attempted to retrieve data from. Wray called the FBI's inability to get into the devices a "huge, huge problem."
"To put it mildly, this is a huge, huge problem," Wray said. "It impacts investigations across the board -- narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation."
Wray did not specify how many of the 6,900 devices the FBI could not access were iPhones or iPads running a version of Apple's iOS operating system, but encryption has been an issue between Apple and the FBI since last year when the two clashed over the unlocking of an iPhone 5c owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino.

The FBI took Apple to court in an attempt to force Apple to create a version of iOS that would disable passcode security features and allow passcodes to be entered electronically, providing the FBI with the tools to hack into the device.

Apple refused and fought the court order, claiming the FBI's request could set a "dangerous precedent" with serious implications for the future of smartphone encryption. Apple ultimately did not capitulate and the FBI enlisted Israeli firm Cellebrite to crack the device.

Following the incident, there was a push for new encryption legislation, but it largely fizzled out after it was described by tech companies as "absurd" and "technically inept." Apple's fight with the FBI is far from over, though, as there was no final resolution following the San Bernardino dispute.

At the conclusion of the FBI lawsuit, Apple said the case "should never have been brought" and vowed to continue to increase the security of its products.

"Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one or the other only puts people and countries at greater risk," Apple said in a statement.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums