The FBI must be more transparent about its ability to break into people’s mobile devices, the American Civil Liberties Union says, and the group is suing for information about what the feds have in their toolkit.
The ACLU says the bureau should come clean about what its Electronic Device Analysis Unit (EDAU) is using “to unlock and decrypt information that is otherwise securely stored on cell phones.” The group filed a Freedom of Information Act lawsuit Monday in a San Francisco federal court.
“We’re demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption,” the ACLU says in a news release.
The suit is the latest offensive in what some call the Crypto Wars — an ongoing legal and policy struggle over how much power the government should have over the encryption in consumer devices. Law enforcement agencies say that allowing average people to “go dark” with powerful encryption also serves the interests of criminals. Privacy and civil liberties advocates argue that any demand for backdoors into devices undermines the whole purpose of strong encryption.
The ACLU says, in essence, that any request for encryption backdoors might be a moot point, given the powers the EDAU already seems to possess. The lawsuit cites court papers and other public documents that hint at the unit’s existing capabilities. The lawsuit cites the FBI’s 2018 call for bids for providing a “forensic workstation” using the GrayKey phone-cracking software, as well as a 2017 contract with Checkpoint Technologies for a version of its InfraScan technology, which “appears to permit detailed microscopic views of electronics hardware in a way that could assist investigators with determining secret encryption keys stored on hardware like the Apple iPhone.”
The ACLU lawsuit is a followup to a 2018 FOIA request that was met with a “Glomar” response from the FBI, meaning the bureau refused to confirm or deny even the existence of any records pertaining to the EDAU.
FBI officials have made it clear that the bureau can break into mobile devices when they need to. But they’ve also kept up the pressure on Silicon Valley to build-in access mechanisms into encrypted consumer products. Earlier this year, when the bureau announced it had broken into the phone of the perpetrator of a shooting at a Florida military base, Director Christopher Wray used it as an opportunity to chide Apple for providing “no help.”
Other examples of law enforcement’s ability to crack encryption include a case in Europe this summer. Police busted a criminal network by breaking into a bespoke encrypted phone system.
The pressure for encryption backdoors extends far beyond the U.S., too. In late 2018, Australia passed the world’s first law requiring tech companies to build decryption mechanisms into products. The law was possible because Australia does not have a bill of rights, and it was significant because of that country’s membership in the Five Eyes intelligence alliance of English-speaking countries.
Opponents of built-in backdoors say the Crypto Wars represent nothing but an attempted power grab. Giving the feds that kind of access to devices would also mean a shift for tech companies, too, Rep. Ro Khanna, D-Calif. said earlier this year during CyberTalks.
“What I worry about is at a time where we already have an imbalance between the power of the U.S. government and the power of corporations and the individual, is it would shift more power to the tech companies and the government,” Khanna said. “If you care about the state not having power over an individual, or of corporations not having power over individuals, then you should be for encryption.”