圣貝納迪諾恐襲案背后秘史:FBI本可攻破iPhone加密程序
近來隨著關(guān)于智能手機(jī)加密防護(hù)的爭論再次升溫,該領(lǐng)域曾經(jīng)發(fā)生過的一場重要爭論也再次引起了人們的關(guān)注。據(jù)最新披露的一份報告顯示,2015年的圣貝綱迪諾恐襲案發(fā)生后,美國聯(lián)邦調(diào)查局本可不依賴蘋果公司的協(xié)助,自行解鎖一名槍手使用的iPhone。但這樣做會大大降低FBI通過法律途徑向蘋果施壓的力度,從而無法為今后要求蘋果提供協(xié)助創(chuàng)下前例。FBI最終還是訴諸法律途徑,跟蘋果打起了官司。 這段歷史為什么又引起了人們的注意?因?yàn)樽罱乩势照噲D強(qiáng)迫智能手機(jī)制造商在手機(jī)中留下“后門”,以便執(zhí)法部門讀取用戶的加密信息。多數(shù)專家表示,此舉將弱化所有手機(jī)用戶的敏感信息保護(hù)力度。今年一月,F(xiàn)BI局長克里斯托弗·雷在講話中表示,F(xiàn)BI需要手機(jī)留下某種形式的后門,因?yàn)槿ツ暝摼钟?,000多部涉案手機(jī)無法讀取數(shù)據(jù),從而造成了“重大的公共安全問題”。而一向反對政府給手機(jī)開后門的參議員羅恩·維頓則表示,F(xiàn)BI局長的看法是“欲蓋彌彰”,其用心“昭然若揭”。 圍繞圣貝納迪諾恐襲案的涉案手機(jī)解鎖問題,2016年FBI曾與蘋果公司曾爆發(fā)過一場大規(guī)模的法律戰(zhàn)。就在手機(jī)加密問題再次引發(fā)雙方激辯的同時,不久的一份新報告卻披露了那場法律戰(zhàn)背后一些不為人知的秘密。 不過這些信息看來對FBI十分不利。 2015年12月2日,兩個名叫薩伊德·里茲萬·法魯克和塔什芬·瑪利克的槍手在加州的圣貝納迪諾炮制了一樁槍擊案,造成14人死亡。案發(fā)后,執(zhí)法部門發(fā)現(xiàn)了一部屬于法魯克的iPhone 5C手機(jī),這部手機(jī)設(shè)有密碼。2016年2月,F(xiàn)BI請求法院要求蘋果公司重寫iPhone軟件,以允許FBI破解手機(jī)密碼。當(dāng)時FBI表示,沒有蘋果的幫助,F(xiàn)BI無法繞過這部涉案手機(jī)的加密程序。時任FBI局長的詹姆斯·科梅伊兩次在國會作證時作了同一表態(tài)。但由于法律程序遷延日久,最終FBI還是在沒有蘋果協(xié)助的情況下將這部手機(jī)解鎖了。據(jù)稱它采用的是由外部專家研發(fā)的一種技術(shù)。(解鎖這部手機(jī)的團(tuán)隊(duì)并非之前所傳的以色列安全公司Cellebrite。) 一段秘史 上周二,美國司法部監(jiān)察長披露了一份關(guān)于此事的11頁的報告,并將報告的PDF版本公布在了司法部網(wǎng)站上。報告認(rèn)為,科梅伊和FBI向法院申請強(qiáng)制蘋果解鎖涉案手機(jī)時并未撒謊,他們確實(shí)認(rèn)為自己沒有這個能力,不過這僅僅是因?yàn)镕BI高層當(dāng)時沒有咨詢該局最先進(jìn)的網(wǎng)絡(luò)部門的意見。后來FBI的“遠(yuǎn)程操作部門”(ROU)接到任務(wù)后,聯(lián)系了一家外部“廠商”,最終搞出了能攻破iPhone防護(hù)措施的解決方案。 從報告中看,F(xiàn)BI在2015年12月3日就獲得了法魯克的iPhone。破解這部手機(jī)的任務(wù)落到了FBI的操作技術(shù)處(OTD),該處包括ROU和CEAU(加密與電子分析部門)兩個部門,其中ROU主要負(fù)責(zé)國家安全案件,而CEAU主要負(fù)責(zé)一般刑事案件的調(diào)查。不過那次破解任務(wù)以CEAU為主,破解也沒有成功,并且當(dāng)時并未尋求外部協(xié)助。 ROU直到2月11日才知道這件事,這時離政府檢察官向法庭申請強(qiáng)制蘋果解鎖只有不到一個星期了。不過當(dāng)時ROU已經(jīng)知道有一家外部廠商擁有攻克蘋果安全防護(hù)的技術(shù),而且這項(xiàng)技術(shù)的完整度已達(dá)90%。ROU要求該廠商全力完成破解方案,到了3月16日,這項(xiàng)技術(shù)已經(jīng)可以使用了。不到一周后,政府的律師就撤銷了對蘋果的指控。 該報告認(rèn)為,司法部監(jiān)察長“未發(fā)現(xiàn)任何證據(jù)表明,在時任FBI局長科梅伊向國會作證以及向法庭申請強(qiáng)制執(zhí)行時,OTD已擁有了破解法魯克的iPhone手機(jī)的能力。因此我們認(rèn)定,F(xiàn)BI的國會證詞以及向法院提交的申請并非是失實(shí)的。” 不過故事到這里還不算完,報告還指出: 不過,F(xiàn)BI對國會和檢察官辦公室所作的關(guān)于其沒有能力破解法魯克iPhone數(shù)據(jù)的證詞,乃是基于OTD的部門和人員已經(jīng)進(jìn)行過有效溝通協(xié)調(diào),而且CEAU已經(jīng)窮盡了所有技術(shù)方案的前提。然而我們認(rèn)為,這種理解和假設(shè)并無事實(shí)支持。 該報告還指出,當(dāng)?shù)弥槍μO果的指控已經(jīng)撤銷后,CEAU的負(fù)責(zé)人還很不高興。“外部廠商介入后,他對針對蘋果的訴訟無法繼續(xù)進(jìn)行而感到沮喪,甚至向ROU的負(fù)責(zé)人發(fā)泄了自己的不滿。他坦承,在與ROU負(fù)責(zé)人交談過程中,他公開表達(dá)了自己對聘請外部廠商破解法魯克iPhone的失望,并質(zhì)問ROU的負(fù)責(zé)人:‘你為什么要那樣做?’” 沖突本可避免 報告指出,問題的癥結(jié)在于,F(xiàn)BI在嘗試所有可能的解決方案之前,本不應(yīng)該動用法律手段解決問題。“我們認(rèn)為,CEAU應(yīng)該已經(jīng)向它信任的各家廠商咨詢了可能的解決方案,在被告知無果后,才向OTD和FBI高層(乃至美國聯(lián)邦檢察官辦公室)表示,沒有其他替代的技術(shù)方案能攻破法魯克的iPhone,必須請求蘋果的技術(shù)援助。” 蘋果拒絕向《財富》就這份報告發(fā)表評論。不過蘋果早先曾就美國政府要求手機(jī)廠商給手機(jī)留“后門”一事發(fā)表過聲明。蘋果公司高級副總裁克雷格·費(fèi)德里吉在聲明中稱:“用戶依靠我們的產(chǎn)品來保護(hù)他們的個人信息,運(yùn)營他們的企業(yè),甚至是管理電網(wǎng)、交通系統(tǒng)等重要基礎(chǔ)設(shè)施。鑒此,削弱手機(jī)的安全性是沒有道理的。保護(hù)別人的隱私,就是保護(hù)我們所有人的隱私,所以我們應(yīng)當(dāng)摒棄保護(hù)隱私必然妨害安全的錯誤思維。實(shí)際上,這是一個安全對安全的問題。” 在與該報告一并發(fā)布的一封信中,F(xiàn)BI也強(qiáng)調(diào)了報告的結(jié)論,稱FBI在此案中并沒有作任何虛假證詞,并承諾將在OTD部門內(nèi)部進(jìn)一步加強(qiáng)“溝通協(xié)調(diào)”。(財富中文網(wǎng)) 譯者:樸成奎 |
With the debate over encryption on smartphones heating up yet again, one of the most important past controversies in the area needs to be revisited. According to a new report, the FBI could have unlocked the iPhone used by one of the San Bernardino shooters without Apple’s help possibly more quickly than it did. But that would have undercut the bureau’s legal efforts to force Apple’s hand and set a precedent requiring future assistance. The history is suddenly relevant again as the Trump administration is trying to revive proposals to force smartphone makers to add a “backdoor” for law enforcement agencies to get access to users’ encrypted information. Most outside experts warn that approach would weaken the protection of sensitive data for all phone users. The new plans follow a speech in January by FBI director Christopher Wray, who said the bureau needed some kind of backdoor because it was locked out of almost 8,000 phones last year creating “a major public safety issue.” Senator Ron Wyden, who has long opposed weakening encryption, blasted Wray’s view as “ill-informed” and “debunked.” But just as both sides are reengaging in well-worn arguments, detailed information emerged on Tuesday shedding new light on the massive legal battle between the FBI and Apple in 2016 over the difficulties of decrypting an iPhone used by one of the San Bernardino shooters. And the new information doesn’t look good for the FBI. After the December 2, 2015 shooting by Syed Rizwan Farook and Tashfeen Malik in San Bernardino, Calif. during which 14 people were killed, law enforcement officials found an iPhone 5C belonging to Farook. The phone was locked with a passcode. In February, 2016, the FBI went to court seeking to force Apple to rewrite the software running on iPhones to allow the bureau to crack the passcode. Without Apple’s aid, the FBI said it had no way to get past the phone’s encryption. Then-FBI-director James Comey repeated that story twice in Congressional testimony. But as the legal efforts dragged on, the FBI ultimately was able to unlock the phone without Apple’s help by relying on a technique developed by outside experts. (Though not, as was once rumored, Israeli security firm Cellebrite.) A Secret History On Tuesday, the Inspector General of the Justice Department released an 11-page report on the incident and posted a PDF version on the department’s web site. The report concluded that Comey and the FBI’s court filing told the truth about the bureau’s inability to unlock the phone. But that was only because top FBI officials hadn’t asked one of the bureau’s most sophisticated cyber units for help. As soon as the group, known as the Remote Operations Unit or ROU, was asked, it connected with an outside “vendor” that created a solution to crack the iPhone’s security. According to the timeline uncovered by the Inspector General, the FBI seized Farook’s iPhone on December 3, 2015. The task of cracking the encryption fell to the bureau’s Operational Technology Division, including both the Remote Operations Unit, which tends to focus on national security matters, and a section called the Cryptographic and Electronic Analysis Unit, or CEAU, which aids most criminal inquiries. But only CEAU started working on the phone, failed to crack it, and did not seek outside assistance. The ROU wasn’t informed about the challenge until February 11, less than a week before government prosecutors went to court in their effort to force Apple to help. And the ROU already knew about an outside vendor who had a technique to crack the iPhone that was 90% complete. Once the ROU asked the vendor to prioritize finishing the cracking scheme, it was ready to use by March 16. Less than a week later, government lawyers dropped the case against Apple. The Inspector General “found no evidence that OTD had the capability to exploit the Farook iPhone at the time of then-Director Comey’s Congressional testimony and the Department’s initial court filings,” the new report concludes. “We therefore determined that neither the Congressional testimony nor the submissions to the Court were inaccurate when made.” But that wasn’t the whole story, the report continues: However, FBI statements in Congressional testimony and to the (U.S. Attorney’s Office) regarding its capabilities to access the data on the Farook iPhone were based on understandings and assumptions that people and units in OTD were effectively communicating and coordinating from the outset and that CEAU had searched for all possible technical solutions, points that were not borne out by the facts, as we determined them And, according to the report, the head of the CEAU unit wasn’t happy that the case against Apple had to be dropped. “After the outside vendor came forward, he became frustrated that the case against Apple could no longer go forward, and he vented his frustration to the ROU Chief,” the report says. “He acknowledged that during this conversation between the two, he expressed disappointment that the ROU Chief had engaged an outside vendor to assist with the Farook iPhone, asking the ROU Chief, ‘Why did you do that for?'” The Confrontation Could Have Been Avoided The bottom line was that the FBI should not have gone to court against Apple before comprehensively checking for possible solutions, the Inspector General noted. “We believe CEAU should have checked with OTD’s trusted vendors for possible solutions before advising OTD management, FBI leadership, or the (U.S. Attorney’s Office) that there was no other technical alternative and that compelling Apple’s assistance was necessary to search the Farook iPhone,” the report concludes. Apple declined to comment to Fortune on the new report. The company had earlier issued a statement on the government’s renewed efforts at forcing backdoors in phones. “Weakening security makes no sense when you consider that customers rely on our products to keep their personal information safe, run their businesses or even manage vital infrastructure like power grids and transportation systems,” Apple senior vice president Craig Federighi said in the statement. “Ultimately protecting someone else’s data protects all of us so we need to move away from the false premise that privacy comes at the cost of security when in truth, it’s a question of security versus security.” In a letter accompanying the report, the FBI highlighted the conclusion that no inaccurate testimony had been given and committed to improve “communication and coordination” within the bureau’s Operational Technology Division. |
-
熱讀文章
-
熱門視頻