FBI security expert: Apple are “jerks” about unlocking encrypted phones

Getty Images | Boonrit Panyaphinitnugoon

Federal Bureau of Investigation officials are continuing to voice their displeasure with Apple’s approach to iPhone security, with one FBI official reportedly calling the company “jerks” and an “evil genius” this week.

Apple has repeatedly made it more difficult to access data on encrypted iPhones, making Apple customers safer from hackers but also preventing the FBI from breaking into phones used by suspected criminals.

“At what point is it just trying to one-up things and at what point is it to thwart law enforcement?” FBI forensic expert Stephen Flatley said yesterday while speaking at the International Conference on Cyber Security in Manhattan, according to a report by Motherboard. “Apple is pretty good at evil genius stuff.”

Flatley also used the word “jerks” to describe Apple and its approach to iPhone security, according to Motherboard. The story also says:

For example, Flatley complained that Apple recently made password guesses slower, changing the hash iterations from 10,000 to 10,000,000.

That means, he explained, that “password attempts speed went from 45 passwords a second to one every 18 seconds,” referring to the difficulty of cracking a password using a “brute force” method in which every possible permutation is tried. There are tools that can input thousands of passwords in a very short period of time—if the attempts per minute are limited, it becomes much harder and slower to crack.

By contrast, the Motherboard report says that Flatley praised another company, Cellebrite, which sells technology the FBI uses to break into iPhones.

Flatley is a senior forensic examiner in the FBI’s New York division. He appeared at the security conference to discuss the challenges of running a large forensic lab, according to the conference website.

We emailed Flatley this morning to ask if he’d like to provide further details or explanation of his views on Apple’s approach to encryption. We’ll update this story if we get a response.

Apple: Encryption is vital for customer safety

While Apple has assisted the FBI in some cases, the company has held firm in its stance that strong encryption is vital for keeping its customers safe.

“For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe,” Apple says in a “message to customers” posted on its website since 2016. “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”

Apple CEO Tim Cook previously argued that intentionally including vulnerabilities in consumer products to help law enforcement would also help criminals hack everyday people who rely on encryption to ensure their digital safety.

FBI says encryption “urgent public safety issue”

Flatley’s comments came one day after FBI Director Christopher Wray called phone encryption “an urgent public safety issue.”

“In fiscal year 2017, we were unable to access the content of 7,775 devices—using appropriate and available technical tools—even though we had the legal authority to do so,” Wray said in a speech at the security conference. “Each one of those nearly 7,800 devices is tied to a specific subject, a specific defendant, a specific victim, a specific threat.”

The problem makes it harder for the FBI in investigations related to “human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation, and cyber,” he said.

Wray said the FBI “supports information security measures, including strong encryption,” but he said technology companies should give more help to law enforcement agencies that want to access encrypted data.

“We need them to respond to lawfully issued court orders, in a way that is consistent with both the rule of law and strong cybersecurity. We need to have both, and can have both,” he said.

Wray’s comments were just the latest example of federal officials calling for greater access to encrypted devices. Instead of encryption that can’t be broken, tech companies should implement “responsible encryption” that allows law enforcement to access data, Deputy Attorney General Rod Rosenstein said in a speech in October.

Unbreakable encryption “is a huge, huge problem,” Wray said at another conference in October.

Leave a Reply