The U.S. government’s revelation that it had accessed the San Bernardino shooter’s iPhone without the help from Apple that it had so desperately sought indicates the FBI was either disguising its technical capabilities or its agents and employees remain outmatched by tech workers in the private sector, according to current and former bureau officials and legal scholars.
The bureau in recent years has launched a recruiting blitz to attract employees with cyber expertise, and the National Science Foundation has even made scholarship money available to students who study cybersecurity and later work in government. But former FBI officials said the bureau will always face an uphill battle against private firms, which can offer much more money, a less rigorous code of conduct and more opportunities to do creative work.
Ernest Hilbert, a former FBI special agent focusing on cybercrimes, said the bureau had lost tech talent in recent years. “The most an agent can make is 180K,” he said. “That’s like a starting salary in the private sector. You have a big push by private industry to pull out these individuals.”
That bureau officials were able to access Syed Rizwan Farook’s phone allows the government to avoid — at least for now — a showdown with Apple over the extent U.S. law compels the company to help in a criminal investigation.
But the high-profile fight over the San Bernardino phone also exposes that Apple’s phone has some vulnerability, further motivating it and other companies to strengthen the security of their devices and forcing the government to keep up with new security measures, technology executives and security analysts said.
“They’re in an arms race,” said Matthew Blaze, a cryptography researcher and professor at the University of Pennsylvania. “The FBI is trying to find new ways in, and Apple is trying to find new ways to defend against that.”
In interviews, engineers across Silicon Valley said they thought the case would impact the way products are built going forward at both start-ups and large companies.
The case “will reinforce people’s arguments” for tougher encryption, said Cameron Walters, an engineer who was an early engineer at payments start-up Square. “It might push them to do it — if it was a question of effort versus return.”
The cloud-computing company Box, which filed a legal brief supporting Apple in the San Bernardino case, is one of the many tech firms rushing to offer new encryption-related security features. It recently launched a product, KeySafe, that allows corporate customers to hold on to their own encryption keys — a move co-founder and chief executive Aaron Levie said was as much about fighting off hackers as about fending off government surveillance. The implementation of KeySafe means the company cannot collect and hand over a customer’s private information even when the authorities have a warrant.
Lawyers and people in the tech industry claim that the FBI’s sudden arrival at a solution — a month ago it was claiming it could not get into Farook’s phone without Apple’s help — raises questions about law enforcement’s handling of the matter. FBI officials have offered their version of what happened in court documents and sworn affidavits, and have disputed any insinuation they did wrong.
On this much, many agree: The case shows that the FBI is lagging behind when it comes to some technical capabilities.
“I think the bureau is absolutely in an uphill battle, desperately trying to keep up pace, and they are not,” said Ronald T. Hosko, a former assistant director in charge of the FBI’s criminal division who is now president of the Law Enforcement Legal Defense Fund.
The FBI devotes significant resources to cybersecurity investigations and its operational-technology division. The bureau’s fiscal 2017 budget proposal asked for $85.1 million more for cybersecurity and an additional $38.3 million for an initiative meant to help investigators beat encryption when appropriate.
Robert Anderson, a former executive assistant director of the bureau’s Criminal, Cyber, Response and Services Branch who now works as a managing director at Navigant, a business consulting firm, said that two years ago the bureau began an “unbelievable nationwide hunt, search and hiring program” for people with computer expertise. The bureau, he said, is “the best in its 100-plus-year history” on tech.
Farook and his wife, Tashfeen Malik, were killed in a shootout with police in December after they launched an attack that killed 14 people at the Inland Regional Center in San Bernardino, Calif.
The bid to access the phone used by Farook was meant to further the FBI’s investigation. The Justice Department obtained a court order compelling Apple’s assistance under the All Writs Act, a centuries-old law that gives courts the power to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”
Federal prosecutors initially said they had no way into the phone without Apple’s help. Apple resisted, arguing that complying with the government’s request would infringe customers’ privacy.
Last week, on the eve of a hearing in the case, prosecutors for the first time suggested there might be a way in without Apple, writing in a court filing that “an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone.” The method apparently worked; prosecutors wrote in another court filing Monday that they had “successfully accessed the data stored on Farook’s iPhone,” and a judge formally vacated an order compelling Apple’s assistance Tuesday.
The FBI has not disclosed how it got in, other than to say it no longer needed Apple’s help. An official familiar with the matter, while declining to discuss the San Bernardino case in particular, said, “Whether a solution comes ultimately from our own personnel, from another federal agency or other entity is less important than whether the solution addresses the requirements to investigate major crimes and terrorist attacks.” The official spoke on the condition of anonymity to discuss internal bureau operations.
Alex Abdo, a staff attorney with the American Civil Liberties Union, said that “the speed with which they were able to verify this new technique is a reason to be skeptical” of officials’ previous claims.
“The FBI sat on this phone for two months, then made a deliberate decision to very publicly fight with Apple over the unlocking mechanism, and then made very strong statements about their inability to get in without Apple’s help. And, on a dime, that all changed,” Abdo said.
FBI and Justice Department officials have bristled at the notion that they misled the public or that agents were not working hard to access the phone. Deputy Attorney General Sally Q. Yates said at a recent news conference that FBI agents had “been working hard all along” and that officials at the Justice Department were “a little surprised” to learn there might be another solution.
FBI Director James B. Comey wrote in a letter to the Wall Street Journal that he was “not embarrassed to admit that all technical creativity does not reside in government.”
That the FBI got in without Apple’s help leaves unresolved a critical question: Can the government use the All Writs Act to compel others to take the steps it wanted Apple to take? That matter, legal experts said, will be left for Congress or another court case.
Andrea Peterson contributed to this report.