Why the NSA is staying out of Apple’s fight with the FBI
March 10, 2016
Shah Sheikh (1172 articles)

Why the NSA is staying out of Apple’s fight with the FBI

From the beginning of Apple’s fight with the FBI, there’s been an inconvenient question: why can’t the NSA just break into the San Bernardino iPhone? We know from Edward Snowden that the agency has eyes nearly everywhere, amassing data in transit and developing exploits to break specific devices like the iPhone at the center of this case. What could we be looking for in the San Bernardino phone that the NSA can’t somehow pry loose?

But while the FBI has pulled no punches in going after Apple, the NSA has largely stayed out of the fight. In a judiciary committee hearing last week, FBI Director James Comey said he had asked for a way to open the phone from “anybody who will talk to us” but came up empty. He declined to name the NSA specifically, but the implication was clear. The agency has now denied the FBI even political cover, with Reuters reporting that “several key officials” in the NSA opposed the move against Apple.

It’s puzzling from the outside, but the encryption divide between the NSA and FBI is just one sign of a growing split in the way the government investigates cases and infiltrates technology. The NSA and FBI both deal with locked iPhones, but they come at them with very different tools and very different goals. The FBI’s fight with Apple has thrust that divide into the spotlight. While the FBI is pushing for court-mandated access through Apple, the NSA and other intelligence agencies specialize in a much more covert and adversarial approach. With so much pressure on accessing the San Bernardino phone, exploits seem like an easy compromise, a way to give feds the evidence they want without compelling Apple’s help or setting any ugly precedents. But relying on exploits would set a precedent of its own, and that tactic could have more consequences than Apple defenders realize.

First, there’s good reason to think that the NSA really could help with at least some of the phones that the FBI is looking at. The phone in the New York unlocking case, which has played out in parallel to the San Bernardino trial, is still running iOS 7, making it vulnerable to a $350 lockscreen-breaking device that’s commercially available to law enforcement agencies. The same device could handle at least 11 of the 12 other Apple devices identified as under FBI order. There are plenty of similar tools available, as detailed here, and it’s genuinely unclear why the feds haven’t used them to unlock at least some of the phones. All of the attacks take advantage of bugs that were closed in more recent versions of iOS, and while we still don’t know if there’s an outstanding bug for iOS 9 — that is, a bug that could get into the specific San Bernardino phone at the center of all this — the broader picture is clear. There’s been some bug in the lockscreen protections of every previous version of iOS. It would be foolish to think iOS 9 is the exception.

Many of these attacks would be possible even without the NSA’s help. But while those bugs would get the FBI into some of the phones, the solution wouldn’t be as clean as the GovtOS system proposed in the San Bernardino case. A string of exploits isn’t as reliable as a legally mandated backdoor, and it’s a poor substitute. It’s the difference between climbing up your neighbor’s drainpipe and making a copy of his keys. If the FBI really has the legal right to compel Apple’s help — as Comey clearly believes — it would be foolish to settle for exploits like this.

There are also structural forces keeping the FBI out of the exploit business. The NSA can put some of the nation’s smartest researchers to work finding iOS bugs, or buy them from freelancers on the open market. Once they’ve got a good way in, the agency can deploy it in conditions of extreme secrecy, making sure news of its use never leaves Fort Meade. There are only a limited number of ways to break into a given phone — a number that dwindles with each security update — and extreme secrecy ensures the NSA will make the most of each technique.

The FBI can’t play that game. It’s a law enforcement agency rather than an intelligence agency, which means most of its work eventually ends up in open court. The data on the San Bernardino phone isn’t just intelligence, it’s evidence. If FBI agents did manage to unlock the phone, they’d be expected to explain how they did it in public court. News of the technique would quickly work its way back to Apple, and a fix would be put in place shortly after. The next time a locked phone came up, the FBI would need a brand new way in. At that rate, the bureau would run out of workable exploits long before they make a dent in the growing pile of iPhone search warrants.

That’s why, from the beginning, the anti-encryption fight has been waged by the FBI, prosecutors, and local police — all law enforcement groups in the business of presenting evidence in court. Director Comey planted the flag in 2014 with his “Going Dark” initiative, and the message was picked up by affiliated groups like the IACP and APA. When bills banning iPhone encryption surfaced in California and New York state legislatures, it was because of active lobbying efforts from local District Attorneys.

The exploit divide also explains why intelligence agencies like the CIA and NSA have been mostly indifferent to the fight. They don’t care about evidence, just intelligence — and intelligence can be collected much easier. The NSA doesn’t ask for help cracking individual devices, and doesn’t have much use for warrants either. It’s playing a different game, and Comey’s fight for judicial power simply doesn’t do it any good.

That’s a particularly bitter pill for Director Comey because the NSA is a big part of why Apple pushed for device encryption in the first place. The Snowden documents hit Silicon Valley hard, particularly the news that the NSA had broken into private networks run by Google and Yahoo. It’s no coincidence that iOS 8’s stronger encryption features arrived less than a year after that news broke. Discontent around the NSA also undercuts FBI claims that the use of the proposed GovtOS will be limited. The biggest protection is that it will only be used with a warrant — but how much does that protection mean when a FISA court can issue a single warrant for the phone records of every US citizen?

At the same time, the split between the NSA and FBI means that a win for Apple won’t be entirely good news for civil libertarians. As Apple fights to maintain a balance between users and the government, there’s another balance being struck between law enforcement and intelligence agencies within the government. If the FBI loses its case, the CIA and the NSA will be left as the only ones with a shot at breaking the iPhone’s last line of defense, which will tip the balance in their favor. In cases like San Bernardino where local crimes are linked to international conflicts, it’s easy to imagine the CIA stepping in, producing intelligence where evidence collection is impossible. There’s also the chance that, faced with a loss in court, the FBI will try to take up intelligence methods to solve cases without giving too much detail in court. In the case of the Stingray, that meant entering evidence while actively concealing where that evidence came from, a tactic that proved disastrous once the defendants caught on.

For those focused on Apple’s current legal fight, all of this might seem beside the point. The FBI’s proposed backdoor is still invasive, and would set a terrible precedent for technology companies around the world. And for now, that stockpile of exploits is still a useful talking point in fending off FBI demands. As the bureau tries to prove it has exhausted every avenue, civil libertarians can point at hacking techniques as evidence that there’s another way in, and that the FBI doesn’t need the backdoor it’s trying to build.

But after the trial is over, those same attacks become much more troubling. As invasive as the FBI’s proposal is, the NSA alternative is near anarchy, simply breaking whatever can be broken and grabbing whatever can be grabbed. If that becomes the standard for digital evidence collection, the future may be even bleaker than we thought.

Source | TheVerge