Investigation finds FBI did not exhaust all options before taking Apple to trial in San Bernardino case

According to a report (PDF link) from the Office of the Inspector General, the FBI and its staff were not untruthful in their official reckoning of events leading up to the Apple court case, but a deeper look into the proceedings reveals a messy web of intertwining and sometimes contradictory narratives.

As summarized by TechCrunch, the investigation stems from concerns Amy Hess, a former FBI Executive Assistant Director, aired to the OIG in 2016. Specifically, Hess detailed alleged discord between segments of the FBI Operational Technology Division regarding its ability to unlock or gain access to an iPhone used by terror suspect Syed Rizwan Farook.

Of note, Hess was concerned an OTD unit had access to techniques that would exploit Farook's iPhone, or could gain access to such methods through outside parties. If that were the case, statements from Hess and then-director James Comey would be rendered false. Both Hess and Comey offered testimony to Congress in 2016, saying the FBI lacked the capability to access the iPhone in question, thus warranting its lawsuit against Apple, which was refusing to help willingly.

For its part, Apple called FBI requests to create an iPhone backdoor "dangerous," noting that doing so would put millions of other devices in jeopardy. The company fought the lawsuit until the FBI obtained an unlock procedure from a third-party, prompting the Department of Justice to drop its case just one day before hearings were scheduled to commence.

The case sparked a wider debate over device encryption, or what the FBI calls the "Going Dark" challenge.

In its report, the OIG found a number of incongruities in the statements of key FBI officials, particularly if and when they were informed about the Farook iPhone, as well as whether their respective departments were asked for help in accessing the device. Further, it appears certain officials purposely blocked communication to forward the case to court.

For example, the Remote Operations Unit chief said he found out in February 2016 that the Cryptographic and Electronic Analysis Unit was preparing for court after running into problems with the Farook device. The unnamed official said he was never asked if his unit was capable of unlocking the phone, and only began seeking a solution after his superior, the Digital Forensics and Analysis Section chief, cast a wide net for an answer.

Notably, the ROU chief revealed a third-party vendor was "almost 90 percent finished" with a technical solution that would enable the FBI to exploit Farook's phone. The vendor was subsequently asked to put the project on the "front burner," a move that ultimately resulted in the unlocking of the device in March.

"As described earlier, our inquiry did not reveal that anyone in OTD had withheld knowledge of an existing FBI capability, as EAD Hess had feared," the report reads. "However, our inquiry suggests that CEAU did not pursue all possible avenues in the search for a solution."

Further complicating the matter was disagreement as to which tools could be used in the Farook incident. The FBI maintains a set of classified techniques that can be utilized for national security but not in criminal cases. Some officials interviewed by the OIG, including the ROU chief, said there is a definitive "line in the sand" between using the national security investigational tools in lesser crimes. Others, however, say it is a matter of preference.

In addition to a general lack of communication between branches, Hess implies certain key figures sought to instigate a court action in a bid to set precedent on the Going Dark issue.

The CEAU Chief told the OIG that, after the outside vendor came forward, he became frustrated that the case against Apple could no longer go forward, and he vented his frustration to the ROU Chief. He acknowledged that during this conversation between the two, he expressed disappointment that the ROU Chief had engaged an outside vendor to assist with the Farook iPhone, asking the ROU Chief, "Why did you do that for?"

The ROU chief also noted the CEAU chief did not ask for help prior to moving for a lawsuit against Apple, adding that the only interaction between the two was after the fact when the CEAU chief said he "was definitely not happy" that the case against Apple was rendered moot by the third-party exploit.

Today's revelations come on the heels of reports that law enforcement officials are renewing efforts to push Congress toward legislation that would force tech companies like Apple to build backdoors into smartphones and other devices. Apple SVP of software engineering Craig Federighi chimed in on the topic this week, saying, "Proposals that involve giving the keys to customers' device data to anyone but the customer inject new and dangerous weaknesses into product security."