FBI has a unit solely devoted to its ‘going dark’ problem

The office was created after a DOJ IG report found the bureau's communication skills were a mess during a highly publicized 2016 investigation.
FBI going dark
( Flickr / <a href="">Kārlis Dambrāns</a>)

The FBI has formed a unit inside its Operational Technology Division (OTD) to specifically address law enforcement’s efforts to bypass the encryption on various devices.

The unit — which will look for ways to solve the problem of suspects “going dark” — comes as a result of a Justice Department inspector general’s report that pointed to poor communication within the FBI during its prolonged battle with Apple in 2016 over encryption.

The new FBI unit is designed to help streamline technical investigations, including finding a weak point into various iPhone models.

The IG report, issued Tuesday, examines the FBI’s work in response to the 2015 San Bernardino, California, terror attack. That investigation led to a subsequent debate over the FBI’s inability to access shooter Syed Farook’s iPhone. The device, an iPhone 5c, was protected by built-in encryption.


The report concluded that none of the FBI’s public testimony was false — it did not have the capability to access the iPhone’s contents — but poor internal communication delayed the FBI from finding a technical solution. Multiple senior agents also told the IG’s office that some within the FBI didn’t want to find a solution because it would potentially nullify the bureau’s efforts to legally force Apple to break the device’s encryption.

“The FBI’s leadership went straight to the nuclear option – attempting to force Apple to circumvent its encryption – before attempting to see if their in-house hackers or trusted outside suppliers had the technical capability to break into the San Bernardino terrorist’s iPhone,“ Sen. Ron Wyden, R-Ore., said. “It’s clear now that the FBI was far more interested in using this horrific terrorist attack to establish a powerful legal precedent than they were in promptly gaining access to the terrorist’s phone.”

The report provides a detailed account of how the FBI tried to find a technical solution — a so-called “full court press” that didn’t involve bypassing the phone’s encryption until March 2016, four months after the incident.

An unnamed phone hacking company finished unlocking the iPhone 5c model in early 2016, just in time to sell the exploit to the FBI. Public reporting has since pointed to Cellebrite, an Israeli cybersecurity firm, that sells digital forensic capabilities to governments around the world.

The FBI has never officially said Cellebrite was responsible for unlocking the device. However, it is known that the bureau spent more than $1 million on the tool.


Breaking encryption, one task force at a time

The new unit comes as the report found that leadership genuinely, but mistakenly, believed there was no way into the locked iPhone 5c. During the months that followed, senior officials, including former FBI Director James Comey, claimed that only Apple could provide access by building a backdoor into the product.

However, it was not until February 2016 — a full two months after the attack took place — that the chief of the FBI’s Remote Operations Unit (ROU) was even asked to assist in the case. The ROU is a little-talked about unit that wields classified hacking techniques to identify FBI targets.

After being looped in, the ROU chief reached out to vendors. And just one month later, the FBI found its tool.

“According to the ROU Chief, his only conversation with the [Cryptologic and Electronics Analysis Unit] Chief was well after the fact, during which the CEAU Chief ‘was definitely not happy’ that the legal proceeding against Apple could no longer go forward,” the report recounted.


The fact that the ROU chief was brought in two months after the attack is a result of what the report calls “a line in the sand,” a thought process inside the bureau in which ROU tools and techniques couldn’t be used in criminal cases.

The FBI itself has a somewhat different account in the report. In a November 2015 meeting — prior to the attack — the same outside vendor told the FBI they had been working on a capability that would unlock an iPhone 5c. The ROU Chief said he asked the vendor to prioritize the project “as this was a well-known investigative need for numerous law enforcement and national security agencies throughout the world.”

The headline-grabbing fight between Apple and the FBI drove the bureau to “add a new section in OTD to consolidate resources to address the ‘Going Dark’ problem and improve coordination between the units that work on computer and mobile devices,” according to the report, whose otherwise critical authors praised the decision as a way to “avoid some of the disconnects we found occurred in this very important and high profile investigation.”

You can read the full report below.

[documentcloud url=”” responsive=true]

Latest Podcasts