Keeping the Panda at Arm’s Length: The China Factor in the Apple/FBI Battle

I take perverse pleasure (note to self: discuss with analyst!) in parting company with my libertarian/lefty buddies on the issue of the FBI’s demand that Apple assist in accessing an iPhone phone of the San Bernardino shooter.

The shadow of the People’s Republic of China—and the demands it plans to impose on US vendors of telecom/IT equipment in China once the Obama administration has established the benchmark for law enforcement intrusion—hangs over the whole debate.

And I believe the Obama administration has done a pretty canny job of getting law enforcement’s foot in the door while not letting the CCP panda completely in the tent.

First off, some techy details, as I understand them.  (If I misunderstand them, and somebody points them out, I will happily and humbly correct.)

On older iPhones, if the user was lazy and stuck with a four position numerical passcode instead of choosing a fancier, longer option, local enforcement could attach a “crappy Chinese box”, in the words of an iPhone forensics expert (costing a mere $355 and well within the reach of local cops), to brute force the passcode. i.e. input four-digit numbers into the phone until it hit the right combo.  No more.

A few years ago, Apple updated its security strategy and created unique difficulties to law enforcement.  Specifically, the phone’s memory is wiped (actually the decryption key needed to access the encrypted data gets “forgot” by the phone) if 10 unsuccessful attempts are made to enter the passcode.

To make things extra difficult, Apple installed a separate processor on the new iOS8 iPhones in an area called “Secure Enclave” to handle the passcode/encryption duties.  It includes some circuitry with burned-in random numbers (unique to each phone and “forgotten” i.e. subsequently unknown by Apple) that can’t be read for the purpose of “mirroring” or copying the phone’s memory.  If the phone’s memory can’t be mirrored, it can’t be loaded into a computer or a bazillion computers to attack the mirrors simultaneously to try to hit the passcode.  

There are tech rumblings that the burned-in numbers might be vulnerable to physical inspection i.e. peeling off the chip’s epoxy coating without destroying it and reading the circuits with a scanning electron microscope for mirroring.  But not yet.

Supposedly, even if Apple helps out by disabling the wipe function, the FBI still can’t mirror the new phones for parallel attacks; the only phones they’ll be able to break are the ones that a) they have in their physical possession and b) have rather lame, un-terrorist-worthy four digit numerical passcodes that can be bruteforced through sequential attempts on the phone itself.  Gotta wonder if this is really the case, given the FBI’s avid interest in this capability. 

The government’s demand that Apple provide a firmware update that will disable the wipe function on this one phone has elicited a chorus of heroic squealing both from Apple jefe Tim Cook and the privacy/tech/Apple-adoring segments of the Internet, complaints that I find unconvincing and, I suspect, the Obama administration finds rather irritating.

A lot of thought, I believe, has gone into the government’s case, and it is designed to split the baby into three parts that satisfy a) privacy advocates b) law enforcement and c) the US government’s anxieties about inevitable PRC demands for reciprocal treatment from US tech companies.

The symbolic/precedent setting character of this demand is clear from the fact that the specter of the terrorist bogeyperson has been unleashed by invocation of the San Bernardino shooting even though it’s not terribly likely that Farouk kept a lot of vital info about his rampage on his employer-provided/four digit passcode phone (a phone, by the way, that could have been made transparent to his employer with a $20 piece of software); and the fact that the FBI made its demand public instead of just talking to Apple privately.

I will also add my suspicion that the FBI already knows what's on the phone, or simply doesn't care.  Supposedly, in some goof-up during the investigation, the FBI botched a password reset attempt to gain access to the iCloud account linked to the phone, so that the phone couldn't back up its precious contents to the cloud--where Apple apparently can help extract them.  Oops, so sorry, here comes the All Writs Warrant for Apple to create the firmware bypass to the 10-and-out function on the phone itself.

Anyway, the US government is not demanding a back door that would enable the FBI to eavesdrop on the phone covertly while it’s in the hand of the user; instead it wants Apple to develop a utility that allows the FBI to attack an encrypted phone that is in its physical custody and obtained, presumably, under color of law in a criminal investigation.  And it’s only asking for a one-time firmware update prepared by Apple itself and then destroyed, with Apple exclusively handling its signing certificate, thereby denying the US government a real “backdoor” tool, the ability to deliver certified firmware updates into any and all iPhones.

So, no apparent surveillance capabilities (unless the assumption is that the government will do some TAO operation, acquire a target phone, spend a few days burning it up to read the hardwired factors and bruteforcing the passcode, extract the encrypt/decrypt key, and then covertly return the phone to the hapless enduser in order to spy on him or her; yes, inevitably there will be plans of this sort, but only at the outer limits of practicality), to keep the privacy advocates happy; a legup to the FBI on a rather knotty encryption problem; and relatively limited benefits to the PRC, which craves a universal backdoor into the iPhone for nefarious realtime surveillance of targeted individuals and, instead can only occupy itself with extracting one-time assistance from Apple for single phones in law enforcement custody, presumably only for the noblest and best-articulated of reasons.

And I think Apple understands it too, and what we are seeing with this massive Apple-polishing privacy campaign is an elaborate piece of kabuki whose major purpose is to demonstrate both to its customer base and to the PRC government that it will not provide phone-forcing utilities unless it’s a one-phone deal in response to categorical formal legal compulsion, and executed only by Apple and not by turning over the software fix (probably not terribly fancy) and, most importantly, its signing certificate over to some government agency for repeated use at the government’s discretion and maybe without crossing the search warrant/due process/human rights Ps and Qs.

If I was Apple (and the Obama administration and, for that matter, people who worry about PRC bullying of US IT firms for access to source code, surveillance utilities and the like) I would look for a graceful way to cave in response to a one-time demand through a court in a single case.  Better to button up this issue now, in other words, rather than open the door for the Congress to pass a CALEA-style law with a blanket obligation for Apple to cooperate on issues of this sort--a precedent that would make the PRC pretty happy.

Cynic that I am, I would not be surprised if this public spectacle was paralleled in private by a side deal between Apple and the US government to diddle with the physical encapsulation of the Secure Enclave chip to make it accessible to the FBI, and maybe get more liberal with sharing the signing certificate.  After all Apple, though a relatively insignificant provider of goods and services to the US government compared to behemoth spook servicers Google and Microsoft, is facing uncomfortable scrutiny over a $30 billion/year income tax diddle it's conducting through its (physically nonexistent) Irish affiliate; so the Apple executive agenda probably doesn’t include scorched-earth opposition to the United States or, for that matter, against the People’s Republic of China, which now accounts more than 25% of Apple profits.

In other words, a solution cleverly designed to completely please no own.  And, by that criterion, apparently a signal success!

Updated on Feb. 23, 2016 with some additional observations on the San Bernardino phone and the court order vs. legislation angle.

Now Trending: FBI Informants

Lot of talk about bad guys being FBI assets recently.  Thanks to his lawyers, the Interwebs are ahum with speculation that the FBI neglected to hoover up Tamerlan Tsarnaev a.k.a. the Elder before the Boston marathon bombing because the Bureau was already in touch with him and trying to turn him as an asset, not because the Russians withheld crucial information.

Today it also transpired that Glenn Miller, the white supremacist linked to the shootings in Overland Park, had allegedly worked with the FBI as an informer.  Over at CounterPunch, James Ridgeway quotes an aggrieved white supremacist outlet that accused Miller:

“In the 1980′s Glenn Miller was a self-styled KKK leader in North Carolina. He made contact with The Order, which was famous for armored car heists. Apparently he convinced The Order to make him part of an “above ground/legal” wing of the group. He then provided information to the FBI and testified against other members of the “legal” wing that were receiving money obtained from the armored car heists.

This sort of risky business looks suspiciously like FBI standard procedure.

Reading Kevin Cullen and Shelley Murphy’s biography of Whitey Bulger, the notorious—and notoriously protected—Boston gangster who parlayed his FBI relationship into legal impunity and a municipal crime empire, one learns that this sort of arrangement spanned generations in the Bureau:

[Boston crime figure Frank] Salemme claims [FBI agent Paul] Rico’s animosity toward the McLaughlin gang stemmed from the McLaughlins’ typically careless and insulting ways—specifically their bawdy claims that Rico and FBI director J. Edgar Hoover were lovers…Rico…got even by helping [rival gang] Winter Hill pick off the Mclaughlin gang, one by one.  He helped Winter Hill set up the 1964 murder of Ronnie Dermody….But Dermody was small change.  

It might be worth noting that Dermody, while being small change, was also Rico’s informant.  But in order to ingratiate himself with a higher level gangster, Rico set up the hit by booking a meeting with Dermody, but arranging for the gunman to show up instead…and then let the gunman lie low at his house for a couple days. 

And there’s more:

Rico and [his partner Dennis Condon] wanted …”Punch” McLaughlin…in the grave…Rico followed Punch…then told [gangster Steve] Flemmi that Punch was taking the bus…Flemmi fired six times into Punchy’s chest as he was boarding the bus.  The next time Flemmi saw Rico, the FBI agent told him, “Nice shooting”.[Cullen and Murphy Whitey Bulger W.W. Norton & Co., 2013 pp. 78-79]

This was several years before Flemmi became an FBI official informant and his case would presumably subject to some kind of formal supervision.  Before then, apparently, orchestrating gang hits off the books was simply part of the creative, improvisational side of Paul Rico.   After Rico and Condon retired, John Connolly took over as the FBI Boston office go-to guy for handling informants.  He gave Whitey Bulger free rein in return for suspiciously meager tips and suspiciously large handouts, a combination that landed Connolly in federal prison for racketeering and, in 2011, confinement in Florida state prison to serve the rest of a 40-year sentence for second degree murder as an accessory to a Bulger rubout.

In Boston, the justification was always that the FBI was using “good” (or not-as-bad) gangsters to take down worse gangsters—the McClaughlin gang for Rico and Condon, and the New England Mafia for John Connolly.

If this reminds you of something, well it should.  For the edification of readers, here is the Wikipedia entry for Tsarist Russia’s Department for Protecting the Public Security and Order, colloquially known as the Okhrana:

The Okhrana used many seemingly unorthodox methods in the pursuit of its mission to defend the monarchy; indeed, some of the Okhrana’s activities even contributed to the wave of domestic unrest and revolutionary terror that they were intended to quell…The exposure of Yevno Azef (who had organized many assassinations, including that of Plehve) and Dmitri Bogrov (who assassinated Stolypin in 1911) as Okhrana double agents put the agency's methods under great suspicion…

And, in the category of Nobody Could Have Foreseen:

Just as the Okhrana had once sponsored trade unions to divert activist energy from political causes, so too did the secret police attempt to promote the Bolshevik party, as the Bolsheviks seemed a relatively harmless alternative to more violent revolutionary groups. Indeed, to the Okhrana, Lenin seemed to actively hinder the revolutionary movement by denouncing other revolutionary groups and refusing to cooperate with them.  To aid the Bolsheviks at the expense of other revolutionaries, the Okhrana helped Roman Malinovsky, a police spy who had managed to rise within the group and gain Lenin’s trust, in his bid to become a Bolshevik delegate to the Duma. To this end, the Okhrana sequestered Malinovsky’s criminal record and arrested others candidates for the seat.  Malinovsky won the seat and led the Bolshevik delegation in the Fourth Duma until 1914, but even with the information Malinovsky and other informants provided to the Okhrana, the police were unprepared for the rise of Bolshevism in 1917.

Don’t be surprised if the US government is keeping tabs on and, indeed, keeping in touch with bad guys.  And, I suppose, when a bad guy predictably does something bad, don’t be surprised if the US government isn’t particularly eager to reveal everything it actually knew.

It’s a long tradition.