FBI Complains Device Encryption Locked Them Out of 7K Phones
FBI boss Christopher Wray complains the agency has been shut out of almost 7,000 seized mobile phones due to encryption.
This seems to be a never-ending battle for law enforcement agencies who have been complaining about device encryption for ages. One particular famous case involved the iPhones of one of the San Bernardino shooters. The FBI sued Apple to unlock the phone, but Apple shrugged its shoulders and said that was impossible because they did not hold the key to open the phone's encryption. Before the court could force the issue, the case was dropped because the FBI found a way to unlock the device.
The method was kept secret, but one senator revealed the effort cost the Bureau some $900,000 and resulted in pretty much nothing worthwhile. Although the FBI was sued by several entities to reveal how they cracked the iPhone's protections, the court sided with the Bureau, and they are not obligated to share this little bit of information. Furthermore, the agency claims it may very well re-use the same method in the future, so it needs to protect its secret.
There are several theories going up online, including one tying the FBI's sudden iPhone decoding technique to an Israeli company called Cellebrite, but none have been confirmed.
Wray lamented about the situation during the International Association of Chief of Police conference held in Philadelphia, in the US. He said that device encryption has kept them out of more than 6,900 mobile devices that they had the legal authority to check.
"It impacts investigations across the board: narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation," he pointed out.
And that is, of course, a valid concern. While device encryption was meant to protect users in case their phones get stolen, for instance, the feature has also been used by criminals to hide the content of their devices from law enforcement. Many times over the past few years there has been a call for so-called encryption backdoors, which would allow police officers to decrypt data on locked phones. This, of course, is not a viable solution because it would weaken protections to such an extent that they'd practically be inexistent. Not only could hackers eventually be able to get their hands on those decryption keys, but they could also crack the encryption on their own, which is something no one wants.
"I get it, there's a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe," Wray said.
A possible resolution to the encryption problem
One solution would be to let Artificial Intelligence step in and help out. How, you ask? Well, one way would be to allow a device-based AI to go through all data on our phones. Eventually, that AI will learn everything it needs to know about the user, which data is pertinent, which should be protected and which is not so important. The AI that would ideally be built into our phones would understand us, and our own system of norms, since those vary so much from one individual to another. This would result in a situation where, in case law enforcement ever needs something from that device, a request could be made, and the AI would pull up exactly the data they request, and nothing more. This would still allow people to have their privacy and protection against thieves, for instance, but also get to be held accountable for their bad deeds. Our need to protect our cyber-secrets - those things we want to keep hidden from the world - would still be met, while law enforcement agencies won't be able to abuse their power to get their hands on just about any data we have on our devices. And that's a balance most people could work with.
The theory belongs to Arthur Keleti, Cyber-Secret Futurist, and is described at length in his book "The Imperfect Secret," and it seems to be the perfect response to the fight between the notion of privacy protected by encryption which we all need right now and the need for law enforcement to get the data they need to solve their cases.
Even better, his theory may soon see the light of day. Ken Bodnar, Principal Consultant for the Blockchain Associates and Member of the Fintech Working Group for the Bahamas Financial Service Board, recently published an article on LinkedIn in which he states he's trying to figure out a primordial AI machine to do just this - dole out secrets on an as-needed basis.
“It is very early in the project for me. However, I do have an Artificial Neural Network started. The way that I think it will work, is that a blockchain will securely hold the data. It will be server-centric,” Bodnar explains to The Cyber Secret Futurist. The iOS and Android devices will have a connection to the AI machine, and the AI machine will be the guardian of the private blockchain.
Unfortunately, Bodnar doesn’t believe a mobile device will be able to have enough computing power to drive this technology, but it doesn’t reall matter in the end. “We are coming into the age of connected computing and edge computing. I do blieve that apps will no longer be downloaded binaries. All of the computing will be done in the cloud or in the edges.”
While we may still be some steps away from this type of technology not only existing but also being implemented in mobile operating systems by default, it's good to have a direction to walk towards.
A Massive Problem
That being said, the situation the FBI is in right now is nothing new. In fact, they've been complaining about the same thing for years now; and not just the FBI. The Manhattan District Attorney's office said it has some 200 phones that have been seized and cannot be decrypted. The US has some 18,000 police forces, and each agency has different resources and different experiences with encryption. Let's assume that even half of these agencies have half of what the Manhattan DA is struggling with - so 100 locked phones - that could very well be nearly a million devices they've seized and can't open across all of the USA.
This is obviously a frustrating situation for law enforcement agencies. Furthermore, there's a precedent where a court ruled that forcing someone to surrender their password and decryption keys would be the same as making them self-incriminate, which could very well be used by anyone pressured to open their device.
On the other hand, police officers face a dilemma. They are bound by honor and duty to "serve and protect," but modern times have made this goal harder to define. Do they need to protect people, or their privacy? Nowadays, our phones hold dozens, hundreds, thousands of our secrets - those tidbits of information that we aren't too keen to let out. Whether they're white secrets, which would just make us uncomfortable if others discovered them, or black secrets, which Keleti defines as something we are ashamed of, and in the case of law enforcement, which might even put us in jail, it's beyond the point.