CRYPTO WARS —

iPhone crypto hid al-Qaida link to naval base shooting, AG fumes

Investigators say they spent 4 months and huge sums to decrypt suspected iPhones.

A man in a suit speaks at a podium.
Enlarge / Attorney General William Barr at a press conference discussing the iPhone showing al-Qaida ties to Mohammed Saeed Alshamrani, who is suspected of killing 3 and wounding 8 in the December 6, 2019, shooting at the Naval Air Station in Pensacola, Florida.

The US Department of Justice is using a newly discovered al-Qaida terrorist plot as fresh ammunition in its high-stakes fight against encryption in iPhones and other technologies.

Mohammed Saeed Alshamrani is suspected of carrying out the December 6 shooting that killed three people and wounded eight others at the Naval Air Station in Pensacola, Florida. Although the FBI obtained a search warrant to examine two iPhones he used, investigators were unable to guess the passcodes needed to decrypt the contents. Complicating matters, Alshamrani—a 21-year-old second lieutenant for the Saudi Air Force who was training with the US military at the time of the killings—fired a round into one of the phones.

Declaring the shooting an act of terrorism, the FBI called on Apple to help defeat the encryption. Apple officials said they turned over all data in their possession to investigators and would continue to support them. US Attorney General William Barr countered that Apple had provided no "substantive assistance" in the case.

The FBI on Monday said that after four months of painstaking work, investigators finally unlocked the Apple devices. The contents, the FBI said, revealed that Alshamrani hadn't been radicalized after coming to the United States but years before that. Included in the unearthed data were conversations with a known operative of AQAP, or al-Qaida in the Arabian Peninsula, and a will that explained his motivations for the killings. The AQAP later released the same document in taking responsibility for the attack.

The FBI and DOJ quickly accused Apple, claiming that its lack of help cost investigators valuable time in establishing key facts in the case.

"Because the crucial evidence on the killer's phones was kept from us, we did all that investigating not knowing what we do now: valuable intelligence about what to ask, what to look for," FBI Director Christopher Wray wrote on Twitter. "If we had, our round-the-clock, all-hands effort would have been a lot more productive." He also said, "Cybercrime, opioid trafficking, child sexual exploitation, you name it. Lack of lawful access affects every fight we're in, and Americans need to understand that this isn't just an issue for law enforcement."

A social decision

At a press conference in Washington, DC, Barr reiterated that he has "seen no sign that Apple has moved the needle or is willing to try to move the needle" in the ongoing standoff. Although he has long sounded such refrains, his language Monday was the strongest yet.

Among other things, he hinted at the possibility of the US government using its legal authority to force concessions from technology companies. In response to a question from a Fox News reporter who asked if there was any indication Apple would capitulate, Barr said:

Businesses frequently make products that, if allowed out in the market in the form that the business may optimally want, could create dangers to public safety. Normally, what we do in that circumstance is we don't leave the decision up to the business about the exact details and configuration of their products if we feel that it will cause harm to the public. That decision is not left to the business. It is a social decision that is made by our society, made by the public, in the public interest. We see that with restrictions or limitations or required features that are sometimes imposed on manufacturers to make sure the public is not put in danger. This is nothing new. This is what we normally do, but for some reason there are some tech companies who feel that they are above that and that they, unilaterally, can make decisions based on their business interests and regardless of the dangers posed to the public and we cannot let that happen.

In a statement, Apple officials wrote:

On this and many thousands of other cases, we continue to work around-the-clock with the FBI and other investigators who keep Americans safe and bring criminals to justice. As a proud American company, we consider supporting law enforcement's important work our responsibility. The false claims made about our company are an excuse to weaken encryption and other security measures that protect millions of users and our national security.

It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor—one which will make every device vulnerable to bad actors who threaten our national security and the data security of our customers. There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations.

Customers count on Apple to keep their information secure and one of the ways in which we do so is by using strong encryption across our devices and servers. We sell the same iPhone everywhere, we don't store customers' passcodes and we don't have the capacity to unlock passcode-protected devices. In data centers, we deploy strong hardware and software security protections to keep information safe and to ensure there are no backdoors into our systems. All of these practices apply equally to our operations in every country in the world.

The FBI went on to say that Alshamrani was "meticulous" in planning the shooting. Besides the will, the FBI said he made pocket-cam videos of his classroom building. The data on the iPhones showed the cadet wasn't "just coordinating with [AQAP] about planning and tactics—he was helping the organization make the most it could out of his murders. And he continued to confer with his AQAP associates right until the end, the very night before he started shooting." In a statement, Wray added:

We are still exploiting the evidence we've now obtained from al-Shamrani's phones. And we're continuing to run our investigation, now with the benefit of a lot more insight into the murderer's mind and intentions, his relations with AQAP, and his tactics.

We have more to learn. But we know enough now to see al-Shamrani for what he was—a determined AQAP terrorist, who spent years preparing to attack us.

The FBI provided few details about how investigators unlocked the iPhones except to say that "FBI technical experts succeeded in accessing the phones' contents." Officials also said the success wasn't likely to carry over to new cases.

"Unfortunately, the technique that we developed is not a fix for our broader Apple problem—it's of pretty limited application," Wray said in Monday's statement. "But it has made a huge difference in this investigation."

Perennial fight

The federal government has battled technology companies over cryptography since the mid-1990s, when strong encryption was classified as a munition and officials toyed with the idea of putting a so-called Clipper chip in devices that would make backdoors available to law enforcement.

A new chapter in this fight began in 2016, when the FBI obtained a court order requiring Apple to help unlock and decrypt the iPhone used by Syed Rizwan Farook, who killed 14 people and injured 17 others in a 2015 shooting rampage in San Bernardino, California.

The FBI wanted Apple to create a custom iOS firmware version that would bypass a protection that wipes an iPhone clean after 10 failed attempts to enter a passcode. In court documents and congressional testimony, FBI officials said they had no other way to access the contents of the iPhone so that investigators could determine if Farook and his wife, who also participated and died in the shooting, acted in concert with others to carry out the deadly attack. The government invoked an 18th-century law called the All Writs in seeking Apple's assistance.

Apple vigorously resisted the FBI request. In a letter to Apple customers, company CEO Tim Cook warned that once such a backdoor existed, it would pose a threat to all iPhone users. Cook argued that if Apple was compelled to bypass the protections on the shooter's iPhone, it would set a dangerous precedent that would undermine the privacy and security of people everywhere.

"The government suggests this tool could only be used once, on one phone," he wrote. "But that's simply not true. Once created, the technique could be used over and over again, on any number of devices."

The dispute ended six weeks after the government obtained the order when government lawyers dropped the case and reported that FBI investigators had decrypted Farook's iPhone 5C and no longer needed Apple's help. Then-FBI Director James Comey later suggested that the agency paid more than $1.3 million to an unnamed company to crack the phone's encryption.

Defenders of strong encryption blasted the FBI on Monday.

"Every time there's a traumatic event requiring investigation into digital devices, the Justice Department loudly claims that it needs backdoors to encryption, and then quietly announces it actually found a way to access information without threatening the security and privacy of the entire world," the American Civil Liberties Union said. "The boy who cried wolf has nothing on the agency that cried encryption."

The heated debate has raged ever since then. The new revelations about Alshamrani's ties to AQAP are likely to further heighten the controversy.

Listing image by Andrew Cunningham

Channel Ars Technica