The Bureau of Silence

Bruce Schneier explains the cost/benefits of the FBI throwing in the towel in the Apple case. Per his reputation for thoughtful analysis, this is well worth reading. At one point Schneier repeats what the industry has been crying for weeks:

This case has always been more about the PR battle and potential legal precedent than about the particular phone.

Intuitively, we all know this to be true. Objectively, however, we only suspect it to be true. Thing is, science is not about intuition and suspicion. Good science requires evidence and proofs. Not that we can realistically expect to get any of that in this case, but I have an idea.

Now that the FBI has “successfully accessed the data” on the iPhone according to a recent court filing (pdf) and the legal battle has been abandoned, we can actually set about trying to clear the record.

Apple, and the public at large, should demand the FBI disclose their method(s). Many are pointing this out, such as Robert Knake on the CFR blog. If — as they’ve maintained all along — this isn’t about anything more than this particular device, then there’s no conflict of interest in them responsibly disclosing their methods to Apple. But according to Knake, because this exploit likely came from an un-named third party:

All the FBI can likely tell Apple is what they have already made public: there’s a vulnerability in iOS. Good luck finding it.

Which is likely true. Apple, along with everyone everywhere, would love to know what the vulnerability is, but when they decided to play hardball with the government, they likely cemented the contract details and NDA’s the government signed with their vendor so that they’ll never actually find out.

So the drama continues. Now everyone will be hunting for clues to identify the FBI’s vendor. Maybe we find out, maybe we don’t. One thing is for sure though - if we circle back to the whole concept of “evidence,” we’ll never know what was on Farook’s iPhone; You won’t hear anything more about it from the FBI. Here’s a basic truth table for the possible outcomes:

Possible Outcomes for the FBI (annotated with highly scientifically derived and totally true and accurate probabilities)

If — if just maybe you’re a cynic like me — you believe there never was actionable intel to be found on Farook’s work phone to begin with (since he destroyed his personal phone) and you — again, maybe you’re just a little cynical — don’t trust the FBI to be honest about it either way, then the most probable outcome (at 76%) is that they pretend to have gained operational intelligence from the exercise and mount a PR campaign to smear Apple for slowing them down…

[An internal conversation at FBI headquarters]:

Agent Smith: You know, instead of spending OUR budget trying to convince Apple to play ball — you know how hard-headed those guys are — why don’t we just convince the public that they’re irresponsible? Let them do our work for us?

Agent Jones: It’s crowdsourcing! Like on Kickstarter!

Agent Smith: Exactly. Let’s take this up the chain.

[Later, in the corner office]:

Agent Smith: … and that’s why we should leak some backchannel information indicating we actually did find something useful on the iPhone.

Agent Anderson: That’s brilliant. Just one thing, intsead of tying Farook to a future plot, tie him to a previous event. Really cement the connection for the public; make it hit home.

Agent Jones: We’re on it.

Now obviously I’m having fun here. I don’t believe our law enforcement personnel are that dense, but I do have a healthy suspicion for what happens behind closed doors, funded by my tax dollars, into which I have zero oversight. Whether or not the Bureau is honest about it, my prediction is:

The FBI will claim they found some worthwhile information on the device (but won’t share any details) and then publicly shame Apple for interfering. Moving forward, you’ll scarcely hear them referencing this ordeal.