Tuesday, 22 December 2020

ACLU: The FBI is Secretly Breaking Into Encrypted Devices. We’re Suing.

The FBI is Secretly Breaking Into Encrypted Devices. We’re Suing.

The FBI is secretly breaking the encryption that secures our cell phones and laptops from identity thieves, hackers, and abusive governments, and it refuses to even acknowledge that it has information about these efforts — even though some details have been filed publicly in federal court. We’re suing to get some answers.
 
Between our emails, text messages, location information, social media activity, and more, our cell phones hold almost our entire lives. In recent years, governments have stepped up efforts to gain access to the information on our cell phones and personal computers. The federal government has been pressuring companies to build encryption backdoors that would severely undermine our digital privacy and security, and both federal and state governments have regularly paid third-party vendors to break into people’s encrypted devices.
 
Now, it appears the FBI has built an in-house capability to break into these devices. Publicly available information indicates that the Electronic Device Analysis Unit (EDAU), a team within the FBI, has acquired or is in the process of acquiring software that allows the government to unlock and decrypt information that is otherwise securely stored on cell phones. Public court records also describe instances where the EDAU appeared capable of accessing encrypted information off of a locked iPhone. And beyond that, the EDAU even sought to hire an electronics engineer whose major responsibilities would include “perform[ing] forensic extractions and advanced data recovery on locked and damaged devices.”
 
To learn more about the EDAU and its capabilities, we filed a request under the Freedom of Information Act asking that the Department of Justice and the FBI disclose records relating to the EDAU and its technological capabilities for retrieving information from locked electronic devices. The FBI responded in part by issuing what’s known as “Glomar” responses to two of our requests — which means that the agency refuses to even confirm or deny the existence of any records pertaining to the EDAU.
 
A valid Glomar response is rare, as there are only extremely limited instances where its invocation is appropriate — that is, only where the existence or nonexistence of records is itselfexempt under FOIA. The problem with the FBI’s Glomar response is that, as detailed above, we already know records pertaining to the EDAU exist because information about the unit is already public. The fact that all of this information is already publicly known deeply undercuts the FBI’s Glomar theory. The FBI itself has made clear that it is attempting to access and decrypt personal electronic devices, so the claim that it can’t even acknowledge whether these records exist is implausible.
 
Seeking some much-needed transparency, today we asked a federal court to intervene and order the DOJ and the FBI to turn over all responsive documents pertaining to the EDAU. We’re demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption.
 
By invoking the Glomar response, the federal government is sending a clear message: It aims to keep the American public in the dark about its ability to gain access to information stored on our personal mobile devices. But it’s not that the FBI has just shut the door on this information — they’ve shut the door, closed the windows, drawn the shades, and refused to acknowledge whether the house that we’re looking at even exists. It’s imperative that the public gets meaningful access to these records regarding the federal government’s capabilities to access our phones and computers. Our privacy and security is at stake.



Published December 22, 2020 at 09:50PM
via ACLU https://ift.tt/3mJNAuo

No comments:

Post a Comment