Over and over again as people keep talking about the Apple / FBI encryption stuff, I keep seeing the same line pop up. It’s something along the lines of “but the FBI needs to know what’s on that phone, so if Apple can help, why shouldn’t it.” Let’s debunk that myth. The FBI absolutely does not need to know what’s on that phone. It might not even care very much about what’s on that phone. As the Grugq ably explained last week, there’s almost certainly nothing of interest on the phone. As he notes, Farook destroyed his and his wife’s personal phones, indicating that if there were anything truly important, he would have destroyed the last phone too. Also:
FBI already has a massive amounts of data, all of which indicates that Farook and Malik were not in contact with a foreign terrorist organisation, nor were they in contact with any other unknown terrorists.
Even if, despite all evidence to the contrary, Farook and Malik were somehow in invisible traceless contact with an ISIS handler, that handler would not have revealed information about other cells, because that would violate the most basic tenet of security — need to know.
Other information, including things like who they were in contact with could be obtained from other sources — either service providers for metadata or from the phones of those they were in contact with.
There’s another post by forensic scientist Jonathan Zdziarski that provides even more reasons why there’s almost certainly nothing of use on the phone — noting that Farook left the “track my phone” feature on, even though it’s on the same settings page as turning off the iCloud backup, which the FBI claims he turned off.
But let’s get beyond even that. Assume that there actually is something interesting or useful on the phone. That still doesn’t mean the FBI “needs” the information. In basically any situation where crime has occurred, there is a ton of information that might be useful, but that is far frommandatory. Hell, in this case alone, there were the destroyed phones. It’s much more likely that there would have been useful information on those phones. But no one’s talking about how the FBI “needs” that information, because everyone knows the FBI can’t get it. And, since much of the planning for this attack must have happened between Farook and Malik in their home, the FBI isnever going to know what they said to each other as they sat around the kitchen table, or on the sofa, or in bed. And, again, no one is upset about this information that is “not accessible” because there’s always information that’s not accessible.
In some cases, it’s because it was destroyed. In some cases, it’s because it was verbal communications that were never stored anywhere. In some cases, it’s because people communicated in a code that only they know. In some cases, it’s because information wasn’t found. There are dozens of reasons why information that might be useful isn’t accessible to the government during criminal investigations.
And you know what: it’s not the end of the world.
Hell, in almost every criminal case, there’s a ton of missing information. The cases are about taking all the evidence that they do have and making inferences on the rest. And no one whines about that.
So why are so many people insisting that the FBI “needs” the information on this particular phone?
There are a few possible reasons, but none of them are very convincing or compelling. There’s just the simple fact that the information is there and, it appears, if Apple is forced to create this special operating system (creatively called FBiOS by some), it will remove the security features that otherwise block the FBI from brute forcing Farook’s passcode. Of course, no one seems to be mentioning that if he has a really long passcode, brute forcing it might not work either (perhaps because that’s unlikely). But, again, that’s another situation under which the information wouldn’t actually be available.
Honestly, the only reason that the FBI wants to force Apple to create the special operating system for this particular phone is the precedent that it can go to court and force a company to build special hacking tools to remove security features from customers. That’s a big deal. The information on the phone is almost certainly not a big deal at all.