Many years ago, the Church of Scientology created a one-act play featuring a conversation between an intrepid newspaper reporter and a disgruntled ex-Scientologist. The character of the ex-Scientologist was based on a real person, who had written a debunking paper that the church wished to discredit. The intrepid newspaper reporter was Lois Lane of the Daily Planet, and the play also features her co-workers Clark Kent and Jimmy Olsen.
An agent of the Federal Bureau of Investigation obtained a draft of this play and added it to the FBI's extensive collection of documents relating to Scientology. Last year, an investigative journalist submitted a request for those documents to the FBI under the Freedom of Information Act, and the FBI has gradually released a few of them, including the drama.
The FBI redacted the names of Lois Lane and Clark Kent, citing privacy concerns.
“The FBI Redacted the Names of DC Comic Book Characters to Protect Their Non-Existent Privacy”
Dell Cameron, Gizmodo, April 30, 2018
“Kryptonians are entitled to just as much privacy as other Americans.”
In 2016, the Federal Bureau of Investigation felt so strongly that it needed to access the contents of a suspected terrorist's encrypted iPhone that it persuaded the Department of Justice to lean on Apple, threatening to prosecute under the All Writs Act of 1789 unless Apple agreed to develop a tool for breaking into encrypted iPhones and to provide it to the FBI. Apple declined, and eventually the FBI hired a company that had already developed such a tool to do the job for them, thus eliminating the threat against Apple. (The terrorist's iPhone contained nothing of interest.)
This episode struck people as sufficiently stupid and disgusting that the Department of Justice asked its Office of the Inspector General to prepare a report explaining exactly what happened and why. The report is now available (with redactions):
“A Special Inquiry Regarding the Accuracy of FBI Statements concerning Its Capabilities to Exploit an iPhone Seized during the San Francisco Terror Attack Investigation”
Oversight and Review Division, Office of the Inspector General, U.S. Department of Justice, March 2018
According to the report, one branch of the FBI, the Remote Operations Unit (ROU) of the Operational Technology Division, had already hired another outside company to develop a tool that would break into that iPhone, and this vendor successfully demonstrated the tool on March 16, 2016. However, the ROU didn't tell anyone else in the FBI about this accomplishment, and the separate branch of the FBI that was responsible for the investigation of the suspected terrorist never asked the ROU about it, partly, perhaps, because the FBI wanted to establish a legal precedent for bullying Apple and other tech companies into doing their work for them, but also because most of the stuff that the ROU develops is classified, and using classified tools to acquire key evidence in a criminal case is a generally a bad idea, since the discovery process can easily reveal the existence and nature of those tools.
In practice, the Department of Justice frequently uses classified tools to acquire key evidence in criminal cases because they can often get away with it, but it still isn't a good idea, and the FBI shouldn't promote it.
However, the Inspector General's report recommends that the various branches of the FBI shouldn't withhold information about hacking tools from one another and encourages the FBI to complete the reorganization that it has already begun “to consolidate resources to address the ‘Going Dark’ problem and improve coordination between the units that work on computer and mobile devices.”
The Cryptography Fellow at the Stanford Center for Internet and Society points out the foreseeable consequences:
“The Dark Side of the ‘Apple vs. FBI’ OIG Report”
Riana Pfefferkorn, Center for Internet and Society, April 18, 2018
If the OIG report prompts the FBI to give the CEAU [Cryptographic and Electronic Analysis Unit], which focuses on criminal matters, more access to tools developed or acquired by ROU, which focuses on national security matters, that could have a detrimental effect on federal criminal cases. When seeking search and seizure warrants, the FBI may not fully explain to judges that they are asking for authorization to use sophisticated, technological techniques to extract evidence from defendants' devices. In the resulting prosecutions, the government may refuse to disclose information about the classified technique, or even its existence, to defense counsel or experts. That secrecy will impair the court's truth-seeking function as well as the defendant's ability to mount a defense.
What is more, removing the divide between criminal and national security tools could ultimately hurt the FBI, too. If courts do order disclosure of the FBI's techniques in criminal cases, the FBI's national security and intelligence units might decide that they cannot risk using those techniques anymore. That is a significant reason why the wall was there in the first place: to protect those missions. …
It is ironic that the OIG report into the FBI's behavior during Apple vs. FBI may lead to the FBI's criminal investigators achieving that case's objective: getting more capabilities to crack into digital devices.
The ethical and prudential faults in this situation just go on and on: A company that discovers flaws in iPhone security has an ethical responsibility to report those flaws to Apple so that they can be fixed, instead of concealing the vulnerabilities and selling exploitation tools to other parties. The FBI certainly should not be hiring companies to produce such tools. If it does acquire such tools, the FBI also has an ethical responsibility to report the flaws to Apple instead of exploiting them. It also has an ethical responsibility to try to get them declassified before exploiting them, since a domestic law-enforcement organization does not need and should not have national-security clearances and should not rely on them in day-to-day operations if they do have them.
If the Remote Operations Unit does acquire and exploit classified system-cracking tools, it has a prudential obligation to make its resources available wherever they are needed within the agency and so should not conceal such tools from other branches of the FBI. But the CEAU should not use such tools in criminal investigations, for the reasons that Pfefferkorn explains: Doing so breaks the prosecution of such cases. Indeed, the Department of Justice should not even use evidence acquired through the use of classified system-cracking tools, precisely because judges should exclude such evidence and any inferences based on it.
Our institutions are so thoroughly shot through with unethical, unprofessional, and corrupt misbehavior that it is hard even to figure out where a reform project should begin.
“The Problems with FISA, Secrecy, and Automatically Classified Information”
David Ruiz, Deeplinks, Electronic Frontier Foundation, February 26, 2018
The gist: The key question raised in the Nunes and Schiff memos is whether the evidence supporting the Federal Bureau of Investigation's applications for a surveillance order against a prominent Republican, formerly an advisor to the President, consisted entirely of biased information funded by political opponents of the President. But neither side knows the answer to that question, because it's classified, and no member of the House Permanent Select Committee on Intelligence could provide the answer in public even if they did know it, for the same reason. The general public will never have enough evidence to answer this question or even to form a reliable opinion about it. The House Permanent Select Committee on Intelligence will never have even enough information to carry out their duty to oversee the implementation of the Foreign Intelligence Surveillance Act.
The optimists at the Electronic Frontier Foundation believe that it will someday be possible to repeal the Foreign Intelligence Surveillance Act and to restore a measure of transparency to the operations of the government's counterterrorism agencies. My own view is that those agencies are above the law and permanently out of its reach.