FBI opens new chapter in war on encryption, ‘Going Dark'
Scripps gets first ever tour of key facility
Mark Greenblatt, Scripps News, and Robert Cribb, The Toronto Star
5:07 AM, Nov 5, 2015
4:56 AM, Nov 6, 2015
WASHINGTON, D.C. - Nestled against townhomes and beside a busy 7-Eleven in Fredericksburg, Va., the emerging front lines in the FBI’s war on “Going Dark” are quietly taking shape.
There are no signs identifying the National Domestic Communications Assistance Center. Tall black gates surround the heavily secured structure. Dozens of cameras watch over what appears to be every inch of space outside. The entrance has no windows, and visitors must check their cell phones in lockers before getting past security.
The facility opened in March 2013 to help the 18,000 federal, state and local law enforcement agencies across the U.S. investigate crimes as more and more evidence is buried in suspects’ digital devices or stored in technology companies’ computers. But that mission was soon to encounter new hurdles for law enforcement agencies around the nation when three months later Edward Snowden revealed the National Security Agency was collecting bulk data about Americans, without a warrant.
After the revelations, tech companies such as Apple and Google introduced new security measures on their cell phone operating systems that only allow people who know the user’s password to unlock the phone and view its contents. The companies themselves claim they no longer have the ability to do so, and the technology they created now prohibits access to encrypted information during criminal investigations — even when there’s a search warrant.
As a result, police say their legal efforts to investigate serious crimes of pressing public interest are being undermined, so finding other ways to track criminal suspects has become even more important. That’s where NDCAC comes in.
“We should all be concerned with how the government uses its authority,” said Amy Hess, executive assistant director of the FBI’s Science and Technology Branch. Hess points out, “If those smart phones are made inaccessible to law enforcement, despite having a warrant, then we no longer have the ability to get” incriminating evidence.
Calls by the FBI for police to have special access to unlock encrypted evidence have been rejected by lawmakers. In October, FBI director James Comey told the Senate that the White House was not supporting any change either.
Comey pledged, however, that his agency would pursue “technological and other methods” to keep up with the criminals. Senior agency officials say that going forward much of the work will take place at the NDCAC, which aims to become a hub of knowledge on electronic surveillance that will connect the nation’s law enforcement agencies.
A first look
Scripps is the first news outlet to be taken inside the NDCAC. Top FBI officials said that with this facility they are opening a new chapter in the war on encryption and revealed exclusive details about their strategies to help local law enforcement.
NDCAC’s staffers come from a range of backgrounds. The acting director is a former FBI special agent who helped crack down on the Sicilian Mafia in New York. Some come from local backgrounds such as police departments. Other technical experts used to work for telecom companies.
There also are a number of other federal agencies that have set up shop at NDCAC, including the Drug Enforcement Administration, the U.S. Marshals, the Secret Service and the Bureau of Alcohol, Tobacco and Firearms.
One area, nicknamed “the lab,” is dedicated to testing what the staffers call “solutions” that a partner agency may have found helpful.
Every day technology firms update cell phone apps and other communications tools that criminals can use. Now, if one agency has already discovered a lawful way for police to keep up, NDCAC, acting as a hub, can test it and then deploy it to thousands of other partner agencies.
Senior FBI officials say the facility will not, itself, conduct any form of surveillance. Instead, the NDCAC helps other law enforcement agencies that do track criminals. They also stress they cannot help local officials crack the encryption such as that introduced by Apple or Google on their latest cell phone operating systems or messaging platforms. But they can suggest to local investigators, stymied by an encrypted iMessage, alternate solutions such as turning to iCloud backups.
They also can help solve important technical problems, such as when a local agency believes telephone or Internet service providers are not turning over all of the text messages or voice communications a child molester or drug dealer has made. The NDCAC can work with both the companies and the local agency to test the systems and find the problem. Staffers say when they solve computer glitches one agency encounters, it likely fixes the problem for all.
The NDCAC also maintains a hotline for local, state and national law enforcement running into roadblocks, and there’s a classroom where law enforcement agents from across the country can meet and listen to presentations about the latest advances with investigations involving electronic surveillance and digital evidence.
But while the facility is up and running, it is far from operating at full speed. There’s no permanent director, and it is still relatively unknown in the law enforcement community. One top official at a large local agency said he does not think his technical teams even know they can call the hotline NDCAC has set up.
“My folks engaged in these operations, I haven’t heard them talk to me about this,” the official said. “They may become a tremendous, or a go-to place, in the years to come. The idea behind them is a great one.”
The NDCAC also is tackling challenges in obtaining non-encrypted digital evidence from technology firms.
The computer servers belonging to tech firms such as Apple, Google, Microsoft and Twitter contain crucial evidence in criminal cases. But when police serve search warrants for emails, texts and images, some of those firms fail to respond promptly, if at all, say police.
In 2013, U.S. government officials investigating a murder had to get three separate judicial orders to compel Google to produce one customer’s records.
Google repeatedly failed to meet deadlines, claimed it did not possess responsive records that it did have, and delayed the production of those records, which were first requested in March 2013, until August. But the delays meant some records sought by investigators for the murder trial were purged from Google’s system two days after the first missed deadline passed.
The U.S. Attorney’s office filed suit against Google for “non-compliance” in June 2013. Google settled the lawsuit in 2014, admitting to “substantial delays,” and blamed computer glitches and staffing challenges for the trouble. The company declined to comment to Scripps News or The Toronto Star, which conducted a joint investigation into the intensifying impact of digital evidence that investigators can’t access.
In 2011, before Snowden, Google and YouTube report they provided at least “some data” to law enforcement agencies in response to 93 percent of user data requests in the U.S. The company’s most recent disclosure shows the rate of disclosure dropping to 78 percent (after 9,981 requests by law enforcement) in the second half of 2014, one year after the NSA revelations came to light. The company says in its transparency report on disclosures, which detail how it responds to law enforcement agency requests, “we may refuse to produce information or try to narrow the request in some cases.” Other technology firms have similar policies in place.
David Matthews, who chairs the technology and digital evidence committee for the Association of State Criminal Investigative Agencies, says many delays with technology firms are often solved with a simple phone call. However, he believes technology firms that outright fail to comply with search warrants should face some type of recourse.
“Not all district attorneys have the time and the bench to be able to engage with Google to call them to task,” he says. “I do think there needs to be some basic legal realities in place if they aren’t complying with subpoenas.”
For its part, the FBI says NDCAC can assist local officials get past these kinds of roadblocks. Several federal agencies already have automated the process of requesting information from tech firms, while many local officials spend long hours filling out applications one by one. Senior officials say the NDCAC is working on a way to spread federal technology throughout the law enforcement community. Still, problems with wary tech firms remain.
“There is no company that I’m aware of today that will say that they don’t have shared values with us,” said the FBI’s Hess, referring to the Silicon Valley firms, which she believes want child molesters and murderers caught as much as she does. But Hess agrees that technology firms do not always comply with search warrants in a timely fashion.
“If there is no mandate for them to do so then where is the incentive? Where is the check and balance?” she asked.
If you have a tip or an update about encryption’s impact on criminal investigations, email firstname.lastname@example.org and email@example.com.
Angela M. Hill (@AngelaMHill), Scripps National Investigative Producer, contributed to this report.
(This project was jointly reported by Scripps News and The Toronto Star.)