Of course, for the government to propose pressing Apple’s engineers into involuntary service, it had to establish that such conscription was the only feasible means by which they could access the phone. The Justice Department asserted as much repeatedly, claiming in its initial application that “the assistance sought can only be provided by Apple” because the company possessed “the exclusive technical means which would assist the government in completing its search.” Variants on that claim would recur in each of the increasingly hostile legal briefs Apple and DOJ exchanged over the following month until, abruptly, the government dropped its suit, announcing that one of its outside vendors had developed an exploit that would grant it access to the iPhone after all.
Which brings us to the inspector general’s report released last week. It is the result of an inquiry opened at the urging of a senior FBI official, executive assistant director Amy Hess, who “became concerned” that the head of FBI’s cryptanalytic unit “did not seem to want to find a technical solution, and that perhaps he knew of a solution but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple.” That should, in itself, seem rather extraordinary. And what the IG found suggests her concerns were well founded: The FBI unit tasked with breaking into the San Bernardino iPhone had made only halfhearted efforts to solicit help from other units, stressing that the information was sought for a criminal investigation—which was internally perceived as discouraging other units from offering up classified intelligence tools that might be exposed in a criminal court proceeding. It was only days before DOJ filed its request to compel Apple’s assistance that a broader request for “any” method—classified or unclassified—was circulated.
As the IG explains, the head of FBI’s Remote Operations Unit, another part of the bureau’s Technical Surveillance section, had known all long that one of its outside vendors was 90 percent done with an exploit that would have obviated the need to compel help from Apple. In response to this final request for “any” method, the ROU chief finally requested that the outside vendor prioritize work on that exploit—which they finished in just a few weeks.
And yet, far from celebrating this development, the ROU chief described the head of FBI’s cryptanalysis unit as “definitely not happy” that its perfect test case—the lawsuit Hess had described as the “poster child” in the FBI’s legal fight against unbreakable encryption—had to be abandoned.
Technically, the IG report absolves the FBI and DOJ of formal wrongdoing: The officials pushing the legal campaign to conscript Apple had not had concrete knowledge of an alternative way into the iPhone when the Justice Department made its representations that Apple’s assistance was necessary. Technically, DOJ lawyers had not lied to the court, and then–FBI Director James Comey had not lied in testimony to Congress, when they claimed that the FBI had no method to access the phone absent Apple’s help. But the inescapable impression left by the report is that they did not know because they did not care to. Here, finally, was the ideal case: not some petty drug dealer but a terrorist shooter who’d left stacks of bodies in his wake. The courts, cowed by the invocation of national security, would be at their most deferential; the public, at its most skittish. Legislators of both parties would dutifully lambast Apple for placing corporate profits over the need to prevent terrorist attacks. It was a public relations opportunity too perfect to squander by finding some mundane technical solution—and so only the most cursory effort was made to do so. If the government had considered it as urgent to access the iPhone as it pretended in its court filings—urgent enough to put out a clear request for methods at the outset—it seems likely it could have had its solution well before the date it first turned to the courts.
None of this is to suggest FBI officials aren’t sincere in their more general belief that it’s vital it be granted some legal mechanism for “exceptional access” to encrypted communications. But the IG’s report provides good reason to regard some of their more sensational arguments with a healthy dose of skepticism.