ACLU sues for information about FBI iPhone unlocking capabilities

Posted:
in General Discussion
The American Civil Liberties Union is suing for more information about the FBI's ability to break the encryption of smartphones, including Apple's iPhone.

Credit: Apple
Credit: Apple


On Tuesday, the ACLU filed a lawsuit demanding information about the FBI's Electronic Device Analysis Unit. The civil rights group believes that the EDAU has been quietly breaking into iPhones and other devices.

"The FBI is secretly breaking the encryption that secures our cell phones and laptops from identity thieves, hackers, and abusive governments, and it refuses to even acknowledge that it has information about these efforts," the ACLU wrote in its announcement.

The ACLU's Freedom of Information Act lawsuit, lodged in a San Francisco court on Tuesday, cites a handful of cases in which prosecutors submitted a "Mobile Device Unlock Request" and received data from previously locked devices.

Publicly available information indicates that the EDAU has previously put in requests to acquire tools, like the GrayKey, that would allow it to break the encryption on iPhones. The ACLU also notes that the EDAU has sought to hire an electronics engineer whose responsibilities would include "forensic extractions and advanced data recovery on locked and damaged devices."

The FBI has made few public acknowledgments of the EDAU. In June 2018, in fact, the ACLU filed requests for records related to the forensics outfit. In response, the FBI refused to confirm that any such records actually exist.

After a string of FOIA appeals, the ACLU is now taking its case to the federal court. It's asking the attorney general and the FBI inspector general to make EDAU records available.

"We're demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption," the ACLU said.

The case is likely to be of particular interest to iPhone users, since Apple has long positioned its encryption as one of the strongest on the market. Apple has also refused to comply with requests to build backdoors into its platforms for government investigators, most notably in 2016 in the aftermath of the San Bernardino mass shooting.

Court records do indicate that the FBI and other law enforcement agencies have the capability to unlock iPhones. The FBI has also inflated the number of devices that it can't access.

Although the FBI's current encryption-breaking ability isn't clear, a report from January indicated that it was able to unlock an iPhone 11 Pro Max running the latest available software with a GrayKey tool.
«1

Comments

  • Reply 1 of 24
    This is short-sighted of the ACLU. They should be suing the FBI for a list if all investigative techniques that the FBI uses against suspects. Why only this one?

    Sometimes the ACLU doesn't have ACLU.

    n2macsolsbloggerblograzorpit
  • Reply 2 of 24
    hodarhodar Posts: 336member
    In the game of Chess; which is what Intelligence is all about - there is no obligation on either side to tell you their plan or strategy.  One could easily argue that this is a National Defense secret.

    That's why Apple is constantly updating their Secure Enclave and iOS several times a year.  A stationary target, is a dead target.

    I fully expect the response to be "go pound sand".  The Oxley-Sarbanes Act of 2002 put in place incentives for companies to be forthright and honest when dealing with privacy issues.  Jobs and Cook are both on the record of doing what they can to maintain customer privacy, further they say that Apple does not have a means to gather, nor intention to monetize privacy issues.  A CEO or executive that violates this act, can be PERSONALLY held responsible, fined $5 Million and/or 20 Years.
    viclauyycSpamSandwichwatto_cobra
  • Reply 3 of 24
    sflocalsflocal Posts: 5,602member
    What they find out today may be completely irrelevant in six months or a year.  As attack vectors are constantly being created, old holes closed only for new ones to be discovered, what the ACLU discovers now will be irrelevant after the next OS upgrade.

    I'm a little mixed about this.  I demand privacy, yet if the FBI has some way of breaking into a terrorist's phone using some temporary exploit, I dunno... ugh.
    NotoriousDEVwatto_cobra
  • Reply 4 of 24
    For prior first hand knowledge, what the ACLU is asking for is usually deemed investigation technique. By law investigative techniques are not subject to discovery although the information obtained from using techniques are discoverable and must be share with all parties directly involved subject to a courts protective orders. 
    watto_cobra
  • Reply 5 of 24
    sflocal said:
    What they find out today may be completely irrelevant in six months or a year.  As attack vectors are constantly being created, old holes closed only for new ones to be discovered, what the ACLU discovers now will be irrelevant after the next OS upgrade.

    I'm a little mixed about this.  I demand privacy, yet if the FBI has some way of breaking into a terrorist's phone using some temporary exploit, I dunno... ugh.
    Why ugh?  The FBI still has to obtain a court order to unlock the phone.  They cannot simply willy nilly unlock whatever they please whenever they please.
    Oferwatto_cobra
  • Reply 6 of 24
    BeatsBeats Posts: 2,285member
    goofy1958 said:
    sflocal said:
    What they find out today may be completely irrelevant in six months or a year.  As attack vectors are constantly being created, old holes closed only for new ones to be discovered, what the ACLU discovers now will be irrelevant after the next OS upgrade.

    I'm a little mixed about this.  I demand privacy, yet if the FBI has some way of breaking into a terrorist's phone using some temporary exploit, I dunno... ugh.
    Why ugh?  The FBI still has to obtain a court order to unlock the phone.  They cannot simply willy nilly unlock whatever they please whenever they please.

    Yes because cops, the FBI, politicians and people of authority follow the rules.
    NotoriousDEVelijahgrazorpitGeorgeBMacDogperson
  • Reply 7 of 24
    It’s the proverbial Slippery Slope. Today terrorists; tomorrow kidnappers; two weeks from now it’s a guy being accused of anything by an ex-wife.....

    goofy1958 said:
    sflocal said:
    What they find out today may be completely irrelevant in six months or a year.  As attack vectors are constantly being created, old holes closed only for new ones to be discovered, what the ACLU discovers now will be irrelevant after the next OS upgrade.

    I'm a little mixed about this.  I demand privacy, yet if the FBI has some way of breaking into a terrorist's phone using some temporary exploit, I dunno... ugh.
    Why ugh?  The FBI still has to obtain a court order to unlock the phone.  They cannot simply willy nilly unlock whatever they please whenever they please.

    elijahgwatto_cobra
  • Reply 8 of 24
    The other AI article on this topic has some really interesting info on how one researcher suspects the FBI does it:

    https://forums.appleinsider.com/discussion/219412
    muthuk_vanalingamwatto_cobra
  • Reply 9 of 24
    This doesn’t fall under discovery as it’s not a trial with evidence at issue. 

    Rather it’s, as noted, a Freedom of Information Act lawsuit intended to reveal whether FBI is lawfully conducting its searches. 
    watto_cobraGeorgeBMac
  • Reply 10 of 24
    JFC_PA said:
    This doesn’t fall under discovery as it’s not a trial with evidence at issue. 

    Rather it’s, as noted, a Freedom of Information Act lawsuit intended to reveal whether FBI is lawfully conducting its searches. 
    It is a fishing expedition on the part of the ACLU. They seem to be  trying to use FOIA to gain knowledge of investigation techniques. Good luck with that use of FOIA to obtain information that not even revealed  in a criminal case. Investigative techniques and confidential resources/sources are not subject to a FOIA request or a subpoenas not even in a criminal case which has the highest level of discovery in American Courts. 
    edited December 2020 watto_cobra
  • Reply 11 of 24
    glennh said:
    For prior first hand knowledge, what the ACLU is asking for is usually deemed investigation technique. By law investigative techniques are not subject to discovery although the information obtained from using techniques are discoverable and must be share with all parties directly involved subject to a courts protective orders. 

    glennh said:
    JFC_PA said:
    This doesn’t fall under discovery as it’s not a trial with evidence at issue. 

    Rather it’s, as noted, a Freedom of Information Act lawsuit intended to reveal whether FBI is lawfully conducting its searches. 
    It is a fishing expedition on the part of the ACLU. They seem to be  trying to use FOIA to gain knowledge of investigation techniques. Good luck with that use of FOIA to obtain information that not even revealed  in a criminal case. Investigative techniques and confidential resources/sources are not subject to a FOIA request or a subpoenas not even in a criminal case which has the highest level of discovery in American Courts. 

    No, you're talking about international espionage, not domestic espionage on American citizens.   There are no protections on "investigative techniques" there -- except where the bad cops can hide it.

    edited December 2020
  • Reply 12 of 24

    Why does law enforcement ever want access to a device like an iPhone?  To check for information connected with criminal activity.

    Lockouts, or encryption are meant to handle situations like a person losing their iPhone (or having it stolen), someone else obtaining it, and trying to see what it contains.  This makes sense, but it should not subvert law enforcement efforts, per se.

    What I mean is, if law enforcement has a legitimate reason for seeing what is in an iPhone, they should ask the owner to unlock it.  Should they refuse, they should then lose the iPhone, which should then be completely wiped of all data (in my opinion law enforcement should then be free to sell the iPhone as used, but that’s just my opinion).

    An iPhone should never be a device that criminals may use to lock out law enforcement, it should only lock out other persons the owner does not want viewing their data.

    An iPhone should never be a criminal’s tool.

  • Reply 13 of 24
    glennh said:
    For prior first hand knowledge, what the ACLU is asking for is usually deemed investigation technique. By law investigative techniques are not subject to discovery although the information obtained from using techniques are discoverable and must be share with all parties directly involved subject to a courts protective orders. 

    glennh said:
    JFC_PA said:
    This doesn’t fall under discovery as it’s not a trial with evidence at issue. 

    Rather it’s, as noted, a Freedom of Information Act lawsuit intended to reveal whether FBI is lawfully conducting its searches. 
    It is a fishing expedition on the part of the ACLU. They seem to be  trying to use FOIA to gain knowledge of investigation techniques. Good luck with that use of FOIA to obtain information that not even revealed  in a criminal case. Investigative techniques and confidential resources/sources are not subject to a FOIA request or a subpoenas not even in a criminal case which has the highest level of discovery in American Courts. 

    No, you're talking about international espionage, not domestic espionage on American citizens.   There are no protections on "investigative techniques" there -- except where the bad cops can hide it.

    Your comment is way off base. You need either consent, a probation/parole search conditional waiver, a search warrant signed by a judge or very limited exigence circumstances as defined by SCOTUS to obtain any information from device in the U.S. otherwise the information obtained from the device is not admissible thus “a fruit from a poison tree” and a complete waste of time and resources. In the movies law enforcement can search what they want but in the real world there are personal, criminal and civil liabilities associated with ignoring the rules governing search and seizure! 
  • Reply 14 of 24
    crowleycrowley Posts: 7,804member
    cgoolsby said:

    What I mean is, if law enforcement has a legitimate reason for seeing what is in an iPhone, they should ask the owner to unlock it.  Should they refuse, they should then lose the iPhone, which should then be completely wiped of all data (in my opinion law enforcement should then be free to sell the iPhone as used, but that’s just my opinion).

    You think law enforcement should be able to seize and sell your property and destroy your data just because they had a suspicion that you may have committed a crime and refused to give the passcode to your phone?

    Needless to say, wow.
    citylightsapplemuthuk_vanalingam
  • Reply 15 of 24

    Re: post by Crowley:

    Yes, absolutely.  Perhaps the context in which I mean this was not written clearly (or perhaps you just disagree).  Apple has come under fire recently for having encoding/security that law enforcement cannot breach.  They want Apple to incorporate some type of “back door” to allow access.  I don’t see that as a good idea.

    As mentioned by another, “You need either consent, a probation/parole search conditional waiver, a search warrant signed by a judge or very limited exigence circumstances as defined by SCOTUS to obtain any information from device in the U.S. otherwise the information obtained from the device is not admissible thus ‘a fruit from a poison tree’.”

    If all of this is done and the owner of the device fails to comply and unlock the iPhone, then what I said about destroying your data seems reasonable to me.  Again this is because an iPhone should never be a criminal’s tool.

    At any rate, my best wishes to you, writer Crowley.

  • Reply 16 of 24
    glennh said:
    glennh said:
    For prior first hand knowledge, what the ACLU is asking for is usually deemed investigation technique. By law investigative techniques are not subject to discovery although the information obtained from using techniques are discoverable and must be share with all parties directly involved subject to a courts protective orders. 

    glennh said:
    JFC_PA said:
    This doesn’t fall under discovery as it’s not a trial with evidence at issue. 

    Rather it’s, as noted, a Freedom of Information Act lawsuit intended to reveal whether FBI is lawfully conducting its searches. 
    It is a fishing expedition on the part of the ACLU. They seem to be  trying to use FOIA to gain knowledge of investigation techniques. Good luck with that use of FOIA to obtain information that not even revealed  in a criminal case. Investigative techniques and confidential resources/sources are not subject to a FOIA request or a subpoenas not even in a criminal case which has the highest level of discovery in American Courts. 

    No, you're talking about international espionage, not domestic espionage on American citizens.   There are no protections on "investigative techniques" there -- except where the bad cops can hide it.

    Your comment is way off base. You need either consent, a probation/parole search conditional waiver, a search warrant signed by a judge or very limited exigence circumstances as defined by SCOTUS to obtain any information from device in the U.S. otherwise the information obtained from the device is not admissible thus “a fruit from a poison tree” and a complete waste of time and resources. In the movies law enforcement can search what they want but in the real world there are personal, criminal and civil liabilities associated with ignoring the rules governing search and seizure! 
    Your comment is way off base.  
    I was replying to one stating that no one is permitted to reveal the "Investigative techniques" of domestic investigative and policing agencies and they are above Freedom of Information act laws.   i pointed out that their methods and techniques are not protected like those of the CIA are.

    edited December 2020
  • Reply 17 of 24
    crowley said:
    cgoolsby said:

    What I mean is, if law enforcement has a legitimate reason for seeing what is in an iPhone, they should ask the owner to unlock it.  Should they refuse, they should then lose the iPhone, which should then be completely wiped of all data (in my opinion law enforcement should then be free to sell the iPhone as used, but that’s just my opinion).

    You think law enforcement should be able to seize and sell your property and destroy your data just because they had a suspicion that you may have committed a crime and refused to give the passcode to your phone?

    Needless to say, wow.
    They've been doing that for years.   And yes, "Wow!"

    "Civil forfeiture allows police to seize — and then keep or sell — any property they allege is involved in a crime. Owners need not ever be arrested or convicted of a crime for their cash, cars, or even real estate to be taken away permanently by the government."

    Forfeiture was originally presented as a way to cripple large-scale criminal enterprises by diverting their resources. But today, aided by deeply flawed federal and state laws, many police departments use forfeiture to benefit their bottom lines, making seizures motivated by profit rather than crime-fighting. For people whose property has been seized through civil asset forfeiture, legally regaining such property is notoriously difficult and expensive, with costs sometimes exceeding the value of the property."


    In my own experience:  when a poor, black, mentally ill patient of mine was arrested for something or other, police took her phone and then, after her release, it simply disappeared into their system.  When she and I went to the police station to retrieve it nobody knew anything about it.  All we got were blank stares and shrugs.




  • Reply 18 of 24

    Let us all calm down, and reasonably consider things.

    I honestly fail to see the problem here.  Let us say a person is suspected of illegal activity in their home.  This is their home, and they should be able to keep it securely locked (similarly, the iPhone is secure when it is locked).  Yet law enforcement may obtain a search warrant and check the property, under certain circumstances.  If nothing is found, no problem.

    The situation with access to the iPhone is similar, in my opinion.  What is the problem with this?  Should law enforcement simply give the locked iPhone back to the owner, with no consequences?  Does that make sense?

    If the iPhone owner's issue is that they have "questionable" (yet not illegal) photos or something like that on the device, and they don't want others to see this, that is another issue entirely--I will not comment on that.

    However, going back to the case of someone's home, if the owner of the home fails to provide access, law enforcement will break the door down, if necessary, to gain access.  What would be the equivalent procedure with an iPhone?  It is also property, owned by someone.  And we are hypothesizing a legal order for access.  Does law enforcement simply give up?  Having "back door" access would be like law enforcement having keys to your home.  Would anyone be satisfied with that?  I don't think so.

    So, what is the solution?

  • Reply 19 of 24
    cgoolsby said:

    Let us all calm down, and reasonably consider things.

    I honestly fail to see the problem here.  Let us say a person is suspected of illegal activity in their home.  This is their home, and they should be able to keep it securely locked (similarly, the iPhone is secure when it is locked).  Yet law enforcement may obtain a search warrant and check the property, under certain circumstances.  If nothing is found, no problem.

    The situation with access to the iPhone is similar, in my opinion.  What is the problem with this?  Should law enforcement simply give the locked iPhone back to the owner, with no consequences?  Does that make sense?

    If the iPhone owner's issue is that they have "questionable" (yet not illegal) photos or something like that on the device, and they don't want others to see this, that is another issue entirely--I will not comment on that.

    However, going back to the case of someone's home, if the owner of the home fails to provide access, law enforcement will break the door down, if necessary, to gain access.  What would be the equivalent procedure with an iPhone?  It is also property, owned by someone.  And we are hypothesizing a legal order for access.  Does law enforcement simply give up?  Having "back door" access would be like law enforcement having keys to your home.  Would anyone be satisfied with that?  I don't think so.

    So, what is the solution?


    It's still the same situation.
    If they have a search warrant you have to give them access or go to jail.   I don't see how it should matter if it is a locked safe or a locked iPhone.

    If you have pictures of your naked girl friend on it, they've probably seen better any number of times (First responders get to see a LOT!).
    If you have some child porn on it, then you have a second problem.

    This shouldn't be complicated.
    edited December 2020
  • Reply 20 of 24
    crowleycrowley Posts: 7,804member
    cgoolsby said:

    Let us all calm down, and reasonably consider things.

    I honestly fail to see the problem here.  Let us say a person is suspected of illegal activity in their home.  This is their home, and they should be able to keep it securely locked (similarly, the iPhone is secure when it is locked).  Yet law enforcement may obtain a search warrant and check the property, under certain circumstances.  If nothing is found, no problem.

    The situation with access to the iPhone is similar, in my opinion.  What is the problem with this?  Should law enforcement simply give the locked iPhone back to the owner, with no consequences?  Does that make sense?

    If the iPhone owner's issue is that they have "questionable" (yet not illegal) photos or something like that on the device, and they don't want others to see this, that is another issue entirely--I will not comment on that.

    However, going back to the case of someone's home, if the owner of the home fails to provide access, law enforcement will break the door down, if necessary, to gain access.  What would be the equivalent procedure with an iPhone?  It is also property, owned by someone.  And we are hypothesizing a legal order for access.  Does law enforcement simply give up?  Having "back door" access would be like law enforcement having keys to your home.  Would anyone be satisfied with that?  I don't think so.

    So, what is the solution?

    Law enforcement can't burn your house to the ground and then sell the land. 

    I don't have any issue with a due process court order for a person to give access to their phone, which they are then legally obligated to do, on penalty of imprisonment.
    muthuk_vanalingam
Sign In or Register to comment.