San Bernardino Shooters’ Phones Had ‘Built-In Encryption,’ Just Like Every Phone
Investigators also found: battery, screen, antenna.
Surveillance-friendly US officials have been itching to point their fingers at encryption after the recent attacks in Paris and San Bernardino. Various politicians and talking heads have already taken swipes at the strong security measures implemented by the likes of Apple and WhatsApp—even though everything up to now suggests the attackers in both cases did little, if anything to hide their communications.
Lately it seems they're getting a bit desperate. Last night, CBS News uncritically printed vague statements from a "senior law enforcement official," claiming that investigators have found "levels of built-in encryption" in the phones of Syed Farook and Tashfeen Malik, the married couple who killed 14 in a mass-shooting in San Bernardino, California. Authorities also admitted they "did not know if the couple used the encryption to conceal conversations because technicians at the FBI lab have been unable to get into certain parts of the devices' memory," according to the report.
As many in the security world quickly pointed out, the claim is both vague and nonsensical: Every phone and computing device currently sold in the US has "levels of built-in encryption." If they didn't, criminals would still be able to easily intercept your calls when your phone connects to a cell tower, and a common thief who steals your device would get access to your bank account info, login details, pictures, and any other sensitive data you stored on it.
In other words, saying you found "built-in encryption" in a modern cellphone is about as meaningful as saying you found a battery and a touchscreen.
With no other details, it seems like the Feds are trying to conflate these lesser forms of encryption with the strong end-to-end variety they've been railing against in recent weeks. The FBI and others have argued the need for backdoors into these encryption systems, which prevent anyone, including the companies that deploy them, from accessing a user's unencrypted messages and data. More recently, FBI director James Comey suggested that companies might need to "change their business model" to make devices and services more surveillance-friendly.
The suggestion that Farook and Malik may have use encryption also hardly seems to matter given other aspects of the case. According to the New York Times, Malik "talked openly on social media about her views on violent jihad." Farook also spoke about terrorist plots while drinking at a local tavern, according to one patron quoted by CBS.
Even if the attackers did benefit from strong, default encryption, law enforcement already has ways of getting around it, such as targeted hacking—even though that may not be the convenient solution they're looking for.