The ACLU is suing for more information about the FBI’s phone-hacking lab
What happens in the FBI’s Electronic Device Analysis Unit?
On Tuesday, the American Civil Liberties Union filed a new lawsuit demanding information about the FBI’s Electronic Device Analysis Unit (EDAU) — a forensic unit that the ACLU believes has been quietly breaking the iPhone’s local encryption systems.
“The FBI is secretly breaking the encryption that secures our cell phones and laptops from identity thieves, hackers, and abusive governments,” the ACLU said in a statement announcing the lawsuit, “and it refuses to even acknowledge that it has information about these efforts.”
The FBI has made few public statements about the EDAU, but the lawsuit cites a handful of cases in which prosecutors have submitted a “Mobile Device Unlock Request” and received data from a previously locked phone. The EDAU also put in public requests for the GrayKey devices that found success unlocking a previous version of iOS.
In June 2018, the ACLU filed a FOIA request for records relating to the EDAU, but the FBI has refused to confirm any records even exist. After a string of appeals within the FOIA process, the group is taking the issue to federal court, calling on the attorney general and FBI inspector general to directly intervene and make the records available.
“We’re demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption,” the ACLU said in a statement. . .
---------------------------------------------------------------------------------------------------------------
More
ACLU sues FBI for information about its encryption-cracking skills
The FBI must be more transparent about its ability to break into people’s mobile devices, the American Civil Liberties Union says, and the group is suing for information about what the feds have in their toolkit.
The ACLU says the bureau should come clean about what its Electronic Device Analysis Unit (EDAU) is using “to unlock and decrypt information that is otherwise securely stored on cell phones.” The group filed a Freedom of Information Act lawsuit Monday in a San Francisco federal court.
". . .The suit is the latest offensive in what some call the Crypto Wars — an ongoing legal and policy struggle over how much power the government should have over the encryption in consumer devices. Law enforcement agencies say that allowing average people to “go dark” with powerful encryption also serves the interests of criminals. Privacy and civil liberties advocates argue that any demand for backdoors into devices undermines the whole purpose of strong encryption.
The ACLU says, in essence, that any request for encryption backdoors might be a moot point, given the powers the EDAU already seems to possess. The lawsuit cites court papers and other public documents that hint at the unit’s existing capabilities. The lawsuit cites the FBI’s 2018 call for bids for providing a “forensic workstation” using the GrayKey phone-cracking software, as well as a 2017 contract with Checkpoint Technologies for a version of its InfraScan technology, which “appears to permit detailed microscopic views of electronics hardware in a way that could assist investigators with determining secret encryption keys stored on hardware like the Apple iPhone.”. .
The pressure for encryption backdoors extends far beyond the U.S., too. In late 2018, Australia passed the world’s first law requiring tech companies to build decryption mechanisms into products. The law was possible because Australia does not have a bill of rights, and it was significant because of that country’s membership in the Five Eyes intelligence alliance of English-speaking countries.
Opponents of built-in backdoors say the Crypto Wars represent nothing but an attempted power grab. Giving the feds that kind of access to devices would also mean a shift for tech companies, too, Rep. Ro Khanna, D-Calif. said earlier this year during CyberTalks.
“What I worry about is at a time where we already have an imbalance between the power of the U.S. government and the power of corporations and the individual, is it would shift more power to the tech companies and the government,” Khanna said. “If you care about the state not having power over an individual, or of corporations not having power over individuals, then you should be for encryption.”
No comments:
Post a Comment