In the wake of a damning report by the DOJ Office of Inspector General (OIG), Congress is asking questions about the FBI’s handling of the locked iPhone in the San Bernardino case and its repeated claims that widespread encryption is leading to a “Going Dark” problem. For years, DOJ and FBI officials have claimed that encryption is thwarting law enforcement and intelligence operations, pointing to large numbers of encrypted phones that the government allegedly cannot access as part of its investigations. In the San Bernardino case specifically, the FBI maintained that only Apple could assist with unlocking the shooter’s phone.
But the OIG report revealed that the Bureau had other resources at its disposal, and on Friday members of the House Judiciary Committee sent a letter to FBI Director Christopher Wray that included several questions to put the FBI’s talking points to the test. Not mincing words, committee members write that they have “concerns that the FBI has not been forthcoming about the extent of the ‘Going Dark’ problem.”
In court filings, testimony to Congress, and in public comments by then-FBI Director James Comey and others, the agency claimed that it had no possible way of accessing the San Bernardino shooter’s iPhone. But the letter, signed by 10 representatives from both parties, notes that the OIG report “undermines statements that the FBI made during the litigation and consistently since then, that only the device manufacturer could provide a solution.” The letter also echoes EFF’s concerns that the FBI saw the litigation as a test case: “Perhaps most disturbingly, statements made by the Chief of the Cryptographic and Electronic Analysis Unit appear to indicate that the FBI was more interested in forcing Apple to comply than getting into the device.”
Now, more than two years after the Apple case, the FBI continues to make similar arguments. Wray recently claimed that the FBI confronted 7,800 phones it could not unlock in 2017 alone. But as the committee letter points out, in light of recent reports about “the availability of unlocking tools developed by third-parties and the OIG report’s findings that the Bureau was uninterested in seeking available third-party options, these statistics appear highly questionable.” For example, a recent Motherboard investigation revealed that law enforcement agencies across the United States have purchased—or have at least shown interest in purchasing—devices developed by a company called Grayshift. The Atlanta-based company sells a device called GrayKey, a roughly 4x4 inch box that has allegedly been used to successfully crack several iPhone models, including the most recent iPhone X.
The letter ends by posing several questions to Wray designed to probe the FBI’s Going Dark talking points—in particular whether it has actually consulted with outside vendors to unlock encrypted phones it says are thwarting its investigations and whether third-party solutions are in any way insufficient for the task.
EFF welcomes this line of questioning from House Judiciary Committee members and we hope members will continue to put pressure on the FBI to back up its rhetoric about encryption with actual facts.