A federal lawsuit filed by the American Civil Liberties Union (ACLU) charges that the FBI Electronic Device Analysis Unit (EDAU) — a specialized forensics unit—has been quietly breaking into cell phones’ local encryption systems, The Verge reports.
The lawsuit filed last week comes after the FBI responded to the ACLU’s Freedom of Information Act request to learn more about the “phone-hacking lab” by issuing a “Glomar” response — essentially putting a lid on the issue by neither confirming nor denying the existence of the unit’s capabilities.
“The FBI is secretly breaking the encryption that secures our cell phones and laptops from identity thieves, hackers, and abusive governments, and it refuses to even acknowledge that it has information about these efforts — even though some details have been filed publicly in federal court,” the ACLU said in a statement announcing their lawsuit.
Cell phones essentially hold our lives in a single device, the ACLU explains, between our private emails, text messages, location data information, social media activity, photos and more — and the government and FBI have repeatedly “stepped up efforts to gain access to the information.”
The ACLU goes on to say that the federal government has long pressured companies to build encryption backdoors that allow those of authority to break into people’s encrypted devices, so there’s been fair warning that our digital privacy and security would be at risk, the ACLU writes.
See Also: ACLU Sues for Info on Feds’ Cellphone Location Tracking
A recent example of this relates to how the FBI wanted a back door coded into every iteration of the iPhone following the agency’s desire to crack the iPhone of Syed Farook, a suspect in the 2015 San Bernardino Shooting, Wired reports.
To that end, Apple CEO Tim Cook took a stand against the FBI’s position of including a backdoor into their iOS, telling Apple customers that if he complied with the FBI’s demands, it would threaten “the security of our customers” and that “the implications of the government’s demands are chilling,” the Wired quotes.
The ACLU says it’s concerned that the FBI has built, or has access to, an in-house “software that allows the government to unlock and decrypt information that is otherwise securely stored on cell phones.”
According to public requests made by the EDAU, the unit has also looked to obtain GrayKey devices — iPhone cracking devices that plug in through the port to bypass the password.
Because of the success with GrayKey devices being used in at least five state and five federal agencies, Apple developers included an update in the iOS 12 in 2018 to block the tool’s abilities, but its success has been disputed as cybersecurity researchers have found loopholes, the Verge reports.
Publicly available information from court records tipped off the ACLU to the EDAU’s behavior. Documents describe instances where the EDAU appeared to be able to access information off of a locked iPhone.
“We can’t let the FBI keep the public in the dark about its ability to gain access to information stored on our personal mobile devices,” the ACLU wrote of the situation.
Freedom of Information Act Blocked by “Glomar”
After the ACLU became aware of the EDAU’s apparent capabilities, they filed a Freedom of Information Act request asking the Department of Justice and FBI to comply and disclose records relating to the unit’s capabilities for retrieving encrypted data from locked devices.
To their surprise, the FBI responded to the request by issuing a “Glomar response” — which means that the agency refuses to even confirm or deny the existence of the records pertaining to the EDAU’s abilities, despite the fact that there are plenty of public records that acknowledge this information, the ACLU writes.
In the name of transparency, the ACLU is moving to take the matter to a federal court so that the DOJ and FBI could turn over all documents pertaining to the EDAU.
“But it’s not that the FBI has just shut the door on this information — they’ve shut the door, closed the windows, drawn the shades, and refused to acknowledge whether the house that we’re looking at even exists,” the ACLU further explains.
“It’s imperative that the public gets meaningful access to these records regarding the federal government’s capabilities to access our phones and computers,” the ACLU concluded in their public statement.
“Our privacy and security are at stake.”
Additional Reading: Is Your Phone Safe? The Dangers of Police Access to Private Digital Data
Andrea Cipriano is a TCR staff writer.