The Government's Quest to Crack Into iPhones
Good afternoon everyone and thank you for joining us on Monday. US Attorney General. William Bar held a press conference to share the results of an investigation into a Saudi gunman's attack in Florida last month Mohammed Sayyed Al Sham. Ronnie on a entered a building on grounds of the Pensacola Naval Air Station and killed three. US sailors and severely wounded eight. Other Americans bar called the attack inactive terror but he also did something else the attorney general point a finger at the company he said stood in the way a of the FBI investigation apple. We have asked apple for their help. In unlocking the shooter's phones so far apple has not given any substantive assistance this shooters to iphones potentially some of the most valuable evidence the F. B. I. has remain locked we call on apple and other technology companies to help us find a solution so that we can better protect the lives of the American people and prevent future tax but there was something curious about bars announcement. The Attorney General was saying the government couldn't get into this terrace iphone but law on forcement has been able to get into iphones for years today on the show the standoff between the US government and Apple. Paul and why. The IPHONE is at the center of debates over privacy and national security. Welcome to the Journal. Our show Joe about money and power. I'm Ryan Knutson and I'm Caitlyn. Balk is Thursday January sixteenth. MM-HMM BOB mcmillen covers cybersecurity. He says the skirmish between Barin apple is the latest in a struggle between tech and law enforcement. That first exploded into view seven years ago. If you wanted to pinpoint date that this all really took off. It would be the summer of twenty thirteen. Gene when Edward snowden started leaking classified documents from the Archives The Washington Post is reporting noting that the National Security Agency and the FBI are mining the servers of nine leading US Internet companies the federal government tracking. Our phone calls not to mention the information we've given to companies like facebook Google and Apple. Everyone kind of knew that these intelligence is agencies were in the business of collecting data largely from computers. What snowden showed was that the scope of the collection was much greater than people thought the techniques leaks were more sophisticated than people knew and that I think really kind of woke everyone up everyone including apple? Aw before this known. Revelations apples relationship with law enforcement had been relatively smooth in the olden days law enforcement if they were doing investigation they already knew that these phones were very important investigative tools. They would often simply send them to apple. An apple would be able to provide the data that was on the phone. During this period investigators could get a warrant send a phone to Cupertino an apple would be able to send back the motherload emails. Contact lists call records records photos video but slowly apple had been tightening. Its security so beginning. Around the the apple four timeframe mm-hmm they started adding these very strong security measures to the phones and the one that the law enforcement people really care about. Is this technology that not not only encrypt the data on your phone but also protects it with a pass code and post note in apple double down those security features it encrypted and more of its users data and it changed its passcode from a four digit number to a more secure six digit number so they basically locked it down and they did a number number of very clever technically sophisticated things and they were very much. The leader on mobile phone security at this time apple made insurance customers knew about it by touting the security moves in its marketing like when it released its IOS eight operating system apple posted a note to its website assuring during customers that with new encryption passcode security. Not even apple could extract data from a locked eight phone. They built the iphone with such a intense level of security that in this one circumstance. If you have your hands on a phone and you don't have the pass code and you WanNa read what's on it. Nobody nobody can do that. Apple couldn't do that themselves so they basically went from a situation where they could take phone. Download the data Senate to law enforcement to a situation where they take phone. Look at it. Go out it's a modern iphone. We can't do it. We can't do anything with this. Customers might have liked the extra security thirty enraged law enforcement and in two thousand fifteen. Something happened to bring this standoff between apple and law enforcement to a head welcome back everybody. We have breaking news coming to out of California San Bernardino where we have the sheriff's Office confirming that they've had an active shooter where they have to San Bernardino attack. In December December of two thousand fifteen was a terror attack by husband and wife team who opened fire on a county Christmas party. Two suspects have been identified Vita twenty-eight-year-old Saieed for Ruch and twenty-seven-year-old. Tush fien Melik authorities. Say they do not have a motive at this point and are not ruling out terrorism and again after the attack was over law enforcement. Had this phone they had An Apple iphone Five C and they couldn't get into it because it was is locked down and they wanted to know with our other leads that they should be link. There'd be another attack for example that was being planned but try as they might the FBI could not crack it and this was when the government very publicly put in name to the thing they wanted from apple the thing that would solve the frustration. They'd been having for years now. Federal investigators wanted a back door. They wanted apple to write software to crack. Its own phones so that that investigators could get a warrant and just walk through that door. So what was the government's philosophical argument for a back door. Well it was just I. It remains that there should be a way for us to get data. The idea that we can't get data off of this widely used digital device. That's crucial to investigations. This is simply unacceptable. So it's kind of like. Hey we can get a warrant and searched your house. So why can't we get a warrant and search your phone. Yeah or they'll say like for the longest time we've had a way of wire tapping telephones. People are okay with that because you know. There's a precedent for getting a Legitimate Authority to do that and not everybody's phone gets taft. And you know why. Can't we have something like that for the iphone. What kind of leads needs? Can you get out of a fun. Well the most obvious thing is seeing what people have been saying to the suspect. You can see text messages. You can see who they know their list of contacts. You can find a browser history. You can see evidence of where they've been there sort of ways of tracking where where where people actually been taking the phone you know this is basically the the home of your digital life nowadays so if you WanNa profile someone the the phone is really the best place to start to try to build that profile for the San Bernardino shooters. The Justice Department tried to force apple to create a back door by taking the company to court and Apple went to the mattresses to fight it. Apple was not having it. They decided to put all chips in on this issue and to me. That's it was a very interesting acting decision. What they want is they want us to develop a new operating system that takes out the security precautions? Tim Cook appeared on national television and made the argument that the privacy of their users was paramount to this company and the only way it could truly be maintained was by building systems without these back doors. Cook argued that if apple created a back door sure the good guys could get in the good the bad guy. One of the bad guys knew that that existed target that is this is Obama's justice department had gone gone after apple very publicly but if it expected a groundswell of support it was mistaken. Customers stuck with apple no one proposed a law mandating. The back door apple really was able to. I think control the narrative around this just by really pushing this idea that they were taking users observers and their privacy seriously and his the federal government with just years earlier has been largely criticized for widespread surveillance programs. You no saying Oh we need more surveillance you know they were. It was sort of set up for them to smash this one in and And they did. So what happened with the San Bernardino phones was the FBI able to get in at the end of the day. The sembene a phone is an iphone five C and the FBI FBI paid a third party to gain access to it. So yeah they got into it. Cost them a million dollars but they got into it. This was the situation for law enforcement trying to get into an iphone in two thousand sixteen. It was a black box apple. Wouldn't hack it for you and if you wanted in you'd have to pay a million dollars to an anonymous attacker but since then that has radically changed. What changes that business businessmen? The profit imperative changed at after the break. The rise of the iphone crackers. My name is Dr Alexandra socks. I'm a psychiatrist. And the host of the Gimblett Podcast Motherhood sessions which is back for a second season each episode. I sit down with women who've come in with a question or a problem and we work on it together her. When was the last time you tax? I think it was like two years ago. I just I feel like the sexual part of me is just doesn't exist anymore. You can listen to the new the season of motherhood sessions for free on spotify or wherever you get your podcast. Welcome welcome back. The cracking of the San Bernardino phone in two thousand sixteen proved that federal law enforcement wanted into iphones and and that they were willing to pay for it to the tune of one million dollars and with that kind of price tag. Some people sensed an opportunity entrepreneurs stepped in in and in two thousand sixteen a company called Grey shift was founded grey shift employed at least one former apple security expert and and their mission was to hack the IPHONE. It took gray shift a few years to figure this out but by the spring of two thousand eighteen. The company was ready to Demo. So it's new product. It was a small black box about the size of a jewelry box. They called it. The Grey Kitty. Yes so I was down in Myrtle beach at a forensics conference. And as far as I know this was the first public demonstration of the great heap. Gray shift had picked it audience. Wisely as Louis Bob says the conference room was filled with law enforcement. Detectives cops all the law enforcement. Investigators who for years have been just like totally frustrated by apple's inability to give them data this company shows up and they say we have away in the gray gray shift executive pulls out an iphone and this kind of black box device. That has a white cable plugs into the IPHONE. He hits a button in and it begins the extraction. Normally if you tap too many wrong passwords into an iphone if freezes it could make you wait five or fifteen minutes before for you can try another password. Some iphone users set up their phones to erase all of their data after ten wrong tries but the gray key turns off that protection action mechanism. So that the little box can try entering thousands of passwords in a row. The exact way that it's able to do this they don't tell you but if if I were doing it I would start with a certain number of known popular pass keys like one two three four five six six five four three two one or something like that. You can take days or months to get the correct password depending on how the phone set up the phone and the demo has six digit password and within thirty minutes it had unlocked the phone and then once the phone was unlock. It's just took seconds really to start downloading all of the data that was available on the phone. You could just feel the relief in the air as it cracked into this phone. The sense of amazement in the audience that there was finally you know. Promise promise for them to to be able to get data off of these devices to be able to move their investigations forward after years of not being able to do it in the past two years grave shift has sold old products to the US Bureau of prisons the Drug Enforcement Administration the IRS and the FBI the FBI has spent over a million Leeann dollars on grave shift products and a million dollars can buy a lot of tech. And how much is one of these devices. Will starting price fifteen thousand dollars. It's pretty cheap. It's cheap enough that a county investigative office can afford it and could i. I buy one like can individuals by these boxes. No that's part of what was brilliant about their business model was they only sell to. US law enforcement and it was something that they were taking very seriously the security of this device I remember there was an armed guard next to it at all time to make sure that you know wouldn't get taken and this is at a conference like filled with cops right so gracious only sells to US law enforcement but not all of its competitors operate this way way another company that popped up to crack. Apple's iphones isn't Israeli company called NSA group facebook recently sued NSO Group for selling a hacking service that facebook says was used to illegally spy on fourteen hundred. What's APP users in response to that lawsuit? NSO Group said it sells its software to governments on the condition that they use it only to target spies criminals and terrorists but according to a research group called citizen lab over one hundred activists and journalists were targeted last year by a hacks using NSO group technology. Thanks to all these new products in companies investigators finally had away into iphones and ushered in. What some experts? Call the Golden Age of IPHONE investigations. I I spoke with an investigator Gwinnett. County Georgia who put out the call in early twentieth eighteen when he obtained one of these great he devices devices and he said. Listen if you have an investigation that stymied because you can't get onto an iphone bring my office and we'll see what we can do. By the end of the year he had dumped data from three hundred phones. How aware do you think? Apple's consumers are of this vulnerability. Nobody no other. They're completely unaware unaware of this. Like no no consumers have no idea that that this is all going on. And what about Apple. What did they think about these companies cracking into their products? It's a love hate relationship. It's more hate than than love admit. Love is probably not even the right word. It's a it's a hate tolerate relationship. Let's say so apple hates having security flaws in its devices right. They've bet the company on Security and privacy and when there's a bug found found especially when they can't patch that's an embarrassment to them so these companies are basically making their living on finding stuff. That apple is is ashamed of but it keeps law enforcement off their back. It sure does you know. And they have to be cognizant of that right like there's a way for law enforcement to get in if they really me too but it's not so easy that they're just doing widespread surveillance. It's not so easy that they're abusing it. There is a way in which this is a better situation for apple than it was a few years ago in a statement this week. Apple pointed out that law enforcement today has unprecedented access. To Data uh-huh quote Americans. Do not have to choose between weakening encryption and solving investigations. Apples navigated this fine line. Ever since San Bernardino law enforcement can get into iphones but apple is an on the hook to compromise users data. That uneasy truce is what Attorney General Bill Bar. You're upset on Monday so going back to the AG. In the Pensacola shooting. If they're all these IPHONE cracking services out there why does the FBI need apples help. That is a really good question. I'm not sure if you look at Apple. It seems pretty clear that in in many cases law enforcement is able to get data off of these phones. They're able to get much more data than they were a few years ago but there are going to be cases where they're stymied. Some users have passwords longer than six digits and the longer the passcode. The harder it is to guess for every additional digit. There are ten times more permutations. It's that could be the case with the Pensacola shooters phones from the FBI's perspective. They tried to get on these phones. They were unable to to get the pass code which to be fair. If it's a really complicated Pasco can take a long time to get so. They said they've given it a month and they've brought in outside contractors and they're not able to get it they were able to get it with the five c two years ago but in this case with an iphone five and iphone seven. They say they can't do do it. And far is saying that this isn't good enough. He kind of is going back to the argument from San Bernardino and saying we want in. That's right right now. There's a percentage of phones that they're not able to get data on but there's also a large percentage that they can get data on. So is that acceptable. Twenty sixteen after San Bernardino. The debate was whether the government should get a back door now. The government has a back door in most cases but not on every phone and not thanks to Apple. The question now is whether that Jerry rigged. Compromise is really a solution. Like that's really what the debate I think should be is the status quo that we have right now. Is this good enough to meet the needs of law enforcement. And does it protect the privacy of users and you know it often plays out in these very high stake realms such as terrorist investigations. What's the right call to make when lives are on the line in technology? -nology is an impediment to an investigation after bars comment on Monday. Apple released a statement the company. Nobody said it was devastated by the terror attack and rejected the FBI's characterization that it had not been helpful quote our responses to their many requests since the attack have been timely thorough and our ongoing apple also repeated. Its position that it would not build a back door quote. There is no such thing as a back door just for the good guys officials. Say the Pensacola. Gunman's phones have still not been cracked That's all for today. Thursday January Sixteenth Journal is a CO production of Gimblett and the Wall Street Journal. If you like the show follow us on spotify or wherever you get get your podcast. We come out every weekday afternoon. Thanks see you tomorrow.