4th Amendment? What's That?
Federal law enforcement has been asking for a backdoor to read Americans’ encrypted communications for years now. FBI Director Christopher Wray did it again last week in testimony to the Senate Judiciary Committee. As usual, the FBI’s complaints involved end-to-end encryption employed by popular messaging platforms, as well as the at-rest encryption of digital devices, which Wray described as offering “user-only access.”
The FBI wants these terms to sound scary, but they actually describe security best practices. End-to-end encryption is what allows users to exchange messages without having them intercepted and read by repressive governments, corporations, and other bad actors. And “user-only access” is actually a perfect encapsulation of how device encryption should work; otherwise, anyone who got their hands on your phone or laptop—a thief, an abusive partner, or an employer—could access its most sensitive data. When you intentionally weaken these systems, it hurts our security and privacy, because there’s no magical kind of access that only works for the good guys. If Wray gets his special pass to listen in on our conversations and access our devices, corporations, criminals, and authoritarians will be able to get the same access.
It’s remarkable that Wray keeps getting invited to Congress to sing the same song. Notably, Wray was invited there to talk, in part, about the January 6th insurrection, a serious domestic attack in which the attackers—far from being concerned about secrecy—proudly broadcast many of their crimes, resulting in hundreds of arrests.
It’s also remarkable what Wray, once more, chose to leave out of this narrative. While Wray continues to express frustration about what his agents can’t get access to, he fails to brief Senators about the shocking frequency with which his agency already accesses Americans’ smartphones. Nevertheless, the scope of police snooping on Americans’ mobile phones is becoming clear, and it’s not just the FBI who is doing it. Instead of inviting Wray up to Capitol Hill to ask for special ways to invade our privacy and security, Senators should be asking Wray about the private data his agents are already trawling through.
Police Have An Incredible Number of Ways to Break Into Encrypted Phones
In all 50 states, police are breaking into phones on a vast scale. An October report from the non-profit Upturn, “Mass Extraction,” has revealed details of how invasive and widespread police hacking of our phones has become. Police can easily purchase forensic tools that extract data from nearly every popular phone. In March 2016, Cellebrite, a popular forensic tool company, supported “logical extractions” for 8,393 different devices, and “physical extractions,” which involves copying all the data on a phone bit-by-bit, for 4,254 devices. Cellebrite can bypass lock screens on about 1,500 different devices.
How do they bypass encryption? Often, they just guess the password. In 2018, Prof. Matthew Green estimated it would take no more than 22 hours for forensic tools to break into some older iPhones with a 6-digit passcode simply by continuously guessing passwords (i.e. “brute-force” entry). A 4-digit passcode would fail in about 13 minutes.
That brute force guessing was enabled by a hardware flaw that has been fixed since 2018, and the rate of password guessing is much more limited now. But even as smartphone companies like Apple improve their security, device hacking remains very much a cat-and-mouse game. As recently as September 2020, Cellebrite marketing materials boasted its tools can break into iPhone devices up to “the latest iPhone 11/ 11 Pro / Max running the latest iOS versions up to the latest 13.4.1”
Even when passwords can’t be broken, vendors like Cellebrite offer “advanced services” that can unlock even the newest...
In all 50 states, police are breaking into phones on a vast scale. An October report from the non-profit Upturn, “Mass Extraction,” has revealed details of how invasive and widespread police hacking of our phones has become. Police can easily purchase forensic tools that extract data from nearly every popular phone. In March 2016, Cellebrite, a popular forensic tool company, supported “logical extractions” for 8,393 different devices, and “physical extractions,” which involves copying all the data on a phone bit-by-bit, for 4,254 devices. Cellebrite can bypass lock screens on about 1,500 different devices.
How do they bypass encryption? Often, they just guess the password. In 2018, Prof. Matthew Green estimated it would take no more than 22 hours for forensic tools to break into some older iPhones with a 6-digit passcode simply by continuously guessing passwords (i.e. “brute-force” entry). A 4-digit passcode would fail in about 13 minutes.
That brute force guessing was enabled by a hardware flaw that has been fixed since 2018, and the rate of password guessing is much more limited now. But even as smartphone companies like Apple improve their security, device hacking remains very much a cat-and-mouse game. As recently as September 2020, Cellebrite marketing materials boasted its tools can break into iPhone devices up to “the latest iPhone 11/ 11 Pro / Max running the latest iOS versions up to the latest 13.4.1”
Even when passwords can’t be broken, vendors like Cellebrite offer “advanced services” that can unlock even the newest...
Read More HERE
1 comment:
I hand high school girl friends from DC who talked about how easy it is to pick up diplomats for free . Watergate was Nixon covering up for Senators picking up teenaged girls. I want FBzi to unclassify that.
Post a Comment