The widespread encryption versus law enforcement debate started by the FBI’s attempts to unlock the iPhone of Syed Rizwan Farook, a shooter in the deadly December 2015 attack in San Bernardino, California, may never have occurred if the FBI had been better at communicating with its technology staff.
A March 27, 2018, Department of Justice Office of Inspector General report found that then-Director James Comey had reason to believe in his Feb. 9, 2016, and March 1, 2016, congressional testimonies that the FBI had no other way to access potentially critical information held on the shooter’s phone than to legally require the phone’s developer, Apple, to help them break into it.
However, the report also found the FBI had insufficiently communicated with members of the FBI Operational Technology Division’s (OTD) Remote Operations Unit (ROU), which ultimately provided the third-party vendor that had unlocked the phone. This lack of communication resulted in a Feb. 16 court order for Apple’s assistance occurring prior to the FBI’s exploration of all other options.
“The FBI failed to engage key personnel in attempts to unlock on the eve of the Feb. 16 court filing, the ROU chief had only just begun the process of contacting vendors about a possible technical solution for the Farook iPhone, including contacting an outside vendor who he knew was almost 90 percent finished with a technical solution that would permit the exploitation of the Farook iPhone,” the report said.
In fact, the ROU was not asked to assist the Cryptographic and Electronic Analysis Unit (CEAU), originally tasked with the search for a solution to the Farook iPhone problem, until a Feb. 11, 2016, managers meeting, just days before the FBI’s court filing.
It was only in the days after that meeting that the ROU was formally asked to check with trusted vendors to see if anyone had a solution to the problem.
Amy Hess, then-FBI executive assistant director, expressed concern to the OIG that the CEAU chief may have remained silent on a potential solution to the encrypted iPhone in order to get a favorable court ruling against Apple. While the OIG did not find evidence to support that concern, the report said that their inquiry suggested “that CEAU did not pursue all possible avenues in the search for a solution.”
In addition, the CEAU chief told the OIG that after the outside vendor came forward, he became frustrated that the case against Apple could no longer go forward.
The ROU chief told the OIG that he believed the lack of communication was down to a long-standing policy of not crossing the tools of criminal and national security investigations.
“From the time he had become the unit chief in 2010, he was told that ROU’s classified techniques could not be used in criminal cases. He said that this dividing line between criminal and national security became part of the culture in OTD and inhibited communication between the criminal and national security components,” the report said.
The CEAU chief, however, said that the senior engineer assigned to search for technical solutions to the iPhone issue had confirmed that he had checked with “everybody” in his search, though there was no documentation of communications with ROU.
“Regardless of what informal discussions may have occurred at the engineer level, it appears that no one in CEAU consulted the ROU chief, a step that we believe should have been taken before making any conclusions about ROU’s capabilities or the larger question about whether compelling Apple to provide technical assistance was truly necessary,” the report said.
According to the report, the FBI is already pursuing efforts to resolve communication issues between different departments, which the OIG characterized as a worthwhile endeavor.
Jessie Bur covers federal IT and management.