Mike Peterson
The American Civil Liberties Union is suing for more information about the FBI's ability to break the encryption of smartphones, including Apple's iPhone.
On Tuesday, the ACLU filed a lawsuit demanding information about the FBI's Electronic Device Analysis Unit. The civil rights group believes that the EDAU has been quietly breaking into iPhones and other devices.
"The FBI is secretly breaking the encryption that secures our cell phones and laptops from identity thieves, hackers, and abusive governments, and it refuses to even acknowledge that it has information about these efforts," the ACLU wrote in its announcement.
The ACLU's Freedom of Information Act lawsuit, lodged in a San Francisco court on Tuesday, cites a handful of cases in which prosecutors submitted a "Mobile Device Unlock Request" and received data from previously locked devices.
Publicly available information indicates that the EDAU has previously put in requests to acquire tools, like the GrayKey, that would allow it to break the encryption on iPhones. The ACLU also notes that the EDAU has sought to hire an electronics engineer whose responsibilities would include "forensic extractions and advanced data recovery on locked and damaged devices."
The FBI has made few public acknowledgments of the EDAU. In June 2018, in fact, the ACLU filed requests for records related to the forensics outfit. In response, the FBI refused to confirm that any such records actually exist.
After a string of FOIA appeals, the ACLU is now taking its case to the federal court. It's asking the attorney general and the FBI inspector general to make EDAU records available.
"We're demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption," the ACLU said.
The case is likely to be of particular interest to iPhone users, since Apple has long positioned its encryption as one of the strongest on the market. Apple has also refused to comply with requests to build backdoors into its platforms for government investigators, most notably in 2016 in the aftermath of the San Bernardino mass shooting.
Court records do indicate that the FBI and other law enforcement agencies have the capability to unlock iPhones. The FBI has also inflated the number of devices that it can't access.
Although the FBI's current encryption-breaking ability isn't clear, a report from January indicated that it was able to unlock an iPhone 11 Pro Max running the latest available software with a GrayKey tool.
AppleInsider Staff
Andrew Orr
Amber Neely
William Gallagher
Christine McKee
24 Comments
This is short-sighted of the ACLU. They should be suing the FBI for a list if all investigative techniques that the FBI uses against suspects. Why only this one?
Sometimes the ACLU doesn't have ACLU.
In the game of Chess; which is what Intelligence is all about - there is no obligation on either side to tell you their plan or strategy. One could easily argue that this is a National Defense secret.
That's why Apple is constantly updating their Secure Enclave and iOS several times a year. A stationary target, is a dead target.
I fully expect the response to be "go pound sand". The Oxley-Sarbanes Act of 2002 put in place incentives for companies to be forthright and honest when dealing with privacy issues. Jobs and Cook are both on the record of doing what they can to maintain customer privacy, further they say that Apple does not have a means to gather, nor intention to monetize privacy issues. A CEO or executive that violates this act, can be PERSONALLY held responsible, fined $5 Million and/or 20 Years.
What they find out today may be completely irrelevant in six months or a year. As attack vectors are constantly being created, old holes closed only for new ones to be discovered, what the ACLU discovers now will be irrelevant after the next OS upgrade.
For prior first hand knowledge, what the ACLU is asking for is usually deemed investigation technique. By law investigative techniques are not subject to discovery although the information obtained from using techniques are discoverable and must be share with all parties directly involved subject to a courts protective orders.