Gartner Analyst to FBI: Stop Bullying Apple

Analyst firm Gartner has hit out at the FBI’s continued attempts to force Apple into circumventing iOS security, arguing that it should focus its efforts away from the courtroom and on traditional intelligence work.

Gartner distinguished analyst Avivah Litan argued in a blog post that rather than going through the courts to “strong arm” Apple into writing code “that potentially harms the rest of us in significant ways,” the Feds should take a data science-led approach, analyzing metadata with advanced algorithms and analytics to help with their investigation.

Although the shooters destroyed two devices, likely to have been used to organize the attack, the FBI knows the number of the personal/work iPhone that is at the center of the current court case.

“Its agents can obtain location and cellular records on other phones that traveled alongside that iPhone as the terrorists moved around,” she explained. “It can be reasonably assumed that the San Bernardino terrorists carried both their personal and ‘work’ phones on them together at the same time, most of the time for the mere sake of convenience.”

Citing an unnamed former intelligence officer, she claimed the FBI could first make several assumptions about the attack: that the two shooters used a dedicated device to organize the plot; visited the scene of the attack at least once in the days leading up to the incident; and that they turned the “operational” device off shortly beforehand.

“A good investigator could take the assumptions above and then go scan cellular network records (which they already have the right to obtain) to try and find this assumed pattern of behavior – starting with the shooter’s iPhone as an anchor data element,” Litan explained.

“Using data mining and various algorithms, they could pinpoint the attackers’ communications and discover the network of individuals they communicated with, some of which no doubt would be the collaborators the FBI and the rest of us are so eager to find. (For whatever it is worth, I doubt very much Farook left a trail of any collaborators on his work/personal iPhone when he went to the trouble to smash two other phones he possessed into smithereens before his attack).”

Even if Apple were to grant the FBI access to the iPhone in question, using this kind of metadata should be more efficient than listening to hours of phone conversations or reading reams of texts and emails, where any important information can be hard to spot, she added.

That’s an argument also made by former NSA technical director, William Binney, who testified to the Joint Committee on the Draft Investigatory Powers Bill in January that mass surveillance has cost lives in the past because it inundates analysts with data.

“The alternative approach based on experience is to use social networks as defined by metadata relationships and some additional rules to smartly select data from the tens of terabytes flowing by,” he said at the time.

By analyzing the metadata culled from the San Bernardino investigation, the FBI could discover patterns of communications indicating links with fellow terrorists and sympathizers, and from there link to the IP addresses and phone numbers of these people.

“There’s plenty of data out there for the FBI to work with,” concludes Litan. “I wish they would stop bullying Apple and the technology industry around and spend their time and energy instead on figuring out how to rise to the challenge.”

Apple got a boost in its legal battle with the US Justice Department this week when a Brooklyn magistrate in a separate case backed the tech giant, claiming the All Writs Act of 1789 couldn’t be used to compel Apple to circumvent the security of a device.

What’s Hot on Infosecurity Magazine?