Gartner Blog Network


Stop Bullying Apple Around and Do Some Intelligence Homework

by Avivah Litan  |  January 14, 2020  |  Submit a Comment

Apple is once again being ordered by the U.S. Department of Justice to unlock terrorist iphones, and once again they are refusing. In the latest case DOJ is trying to unlock two iphones used by an aviation student from Saudi Arabia who killed three people at a Florida Navy base last month.

   

This same clash between DOJ’s FBI and Apple happened back in 2015 and 2016 during the well-publicized December 2015 San Bernardino mass shooting terrorist attack. See  Wikipedia on 2015 San Bernardino Attack

This time around Americans are likely more concerned about their privacy and less trusting of their government than they were way back in 2016 (and iPhone hacking tools are reportedly much more readily available and at a lower price of around $15,000).

The issue and questions around balancing privacy vs. security is a difficult one. But before we debate that balance, it would be helpful to know that law enforcement has done all it can do in triangulating and analyzing Apple phone and cloud data that they already have access to.

Here’s are two blogs I wrote after the San Bernardino shooting, after consulting former intelligence officers and other security professionals who conduct(ed) these types of investigations for a living. The same principals which applied then hold true today.

Here are key excerpts from those blogs that are still relevant to the latest incident:

Stop Bullying Apple around and Start Doing some Intelligence Homework

“There is in fact lots of data available to the FBI even if they can’t read the actual contents of the terrorists’ communications, for example if they were encrypted or if some of them are actually on Farook’s personal iPhone that Apple will not help unlock. In fact I’ve been told many times that reading lots of communications in the form of emails and chats, or listening to lots of phone calls, can be very time consuming for an investigation and is generally not worth the effort unless an investigator knows exactly which communications to read or listen to.

Instead, using the cellular network data, the FBI and its agents can discover the communications between Farook’s and his wife’s various phones, and discover the patterns of communications that indicate the linkages with other fellow terrorists and sympathizers. The law enforcement agents can also link the various IP addresses or phone numbers/devices that are discovered to other information they can cull from other sources.

For example, by establishing these linkages, they could discover a chat room or forum where the terrorists meet to collaborate and they could cull the logs from those forums to look for patterns and meaningful information that might indicate prominent actors involved in the actual attacks. The former intelligence officer that explained all this to me also told me many months ago that it’s best to focus on and analyze network behavior and not the actual content of communications, since the content is ‘a waste of time with the volume of noise vs signals in them.’

“Intelligence has become a data science job. Here’s how my colleague summed it up: “the daily challenge of the modern intelligence officer is to link data coming from human intelligence, signal intelligence, visual intelligence, financial intelligence, cyber intelligence… in part to make up for gaps that encrypted data communications and lack of associated metadata creates.” This is predicated on the human ability to mine the data, and the machines’ abilities to bring all kinds of data together with advanced algorithms and analytics running on top of it.”

Why the Government needs to leave Apple and Google Encryption Alone

”…it doesn’t make any sense to put so much pressure on Apple or Google when in the end, they don’t control all the keys to the kingdom, even for apps on their smartphones.”

_________________________________________________________________

There’s plenty of data out there for the DOJ and other agencies to work with. I wish they would stop bullying Apple and the technology industry around and spend their time and energy instead on figuring out how to rise to the challenge.  When trust is running so low, it behooves them to do so.

 

 

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: 

Avivah Litan
VP Distinguished Analyst
19 years at Gartner
34 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Ms. Litan's areas of expertise include endpoint security, security analytics for cybersecurity and fraud, user and entity behavioral analytics, and insider threat detection. Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.