U.S. refugee agency put Central American kids at risk

The problem was identified by the GAO in 2012.

Even more terrifying is this report:

PROPOSED REFUGEE ADMISSIONS

FOR

FISCAL YEAR 2015

REPORT TO THE CONGRESS

 

U.S. refugee agency put Central American kids at risk, GAO report says

WashingtonPost: The government agency tasked with placing thousands of Central American children into communities while they await immigration court decisions has no system for tracking the children, does not keep complete case files and has allowed contractors to operate with little oversight, according to a report released Monday by the Government Accountability Office.

“Based on the findings in this report, it’s no wonder that we are hearing of children being mistreated or simply falling off the grid once they are turned over to sponsors,” said Sen. Charles E. Grassley (R-Iowa). “The Obama administration isn’t adequately monitoring the grantees or sponsors whom we are entrusting to provide basic care for unaccompanied children.”

Three senators — Grassley, Orrin G. Hatch (R-Utah) and Tom Coburn (R-Okla.) — asked the GAO in October to review policies of the federal Office of Refugee Resettlement. The agency provides shelter for unaccompanied minors fleeing violence in Central America and identifies sponsors to care for them while they await hearings in immigration courts. More than 125,000 unaccompanied minors from Central America have been caught at the U.S.-Mexico border since 2011. The 64-page report is being released one day before the Senate Judiciary Committee is scheduled to hear testimony from Obama administration officials about their handling of the children.

“Their records are incomplete, they are not appropriately checking in on the facilities that house the children, and they don’t even have a dedicated system to follow up on the children once they’ve been placed with sponsors,” Grassley said.

The Office of Refugee Resettlement, a division of the Department of Health and Human Services, has come under criticism in recent weeks for its handling of a number of cases involving unaccompanied minors.

Advocates for unaccompanied minors say that the refu­gee office was overwhelmed by the surge of children crossing the border in 2014 but that the system is a much better alternative than longer detention for vulnerable children.

On Jan. 28, the Senate Permanent Subcommittee on Investigations issued a report focusing on cases in which Central American children were victims of abuse by their sponsors, including one case where the agency released several Guatemalan teenagers to labor traffickers who forced them to work long hours at an Ohio egg farm for as little as $2 a day.

“We agree with the GAO’s recommendations, which is why we’ve already implemented some of them and are in the process of implementing the rest,” said Andrea Helling, a spokeswoman for the Department of Health and Human Services. “This is part of the process of improving the program to care for the children who come into our custody.”

The GAO found that children’s case files were often incomplete, making it difficult for investigators to determine whether they had received proper care such as group counseling and clinical services. Investigators reviewed 27 randomly selected children’s case files. None of them contained all of the required documents.

The report also criticized the agency’s oversight of nonprofit groups that it pays to operate shelters for the children and locate sponsors. In 2014, the agency implemented a new monitoring process, requiring site visits every two years. However, investigators found that the agency didn’t complete the site visits in 2014 and 2015. In 2014, agency staff members visited 12 of 133 sites. By August 2015, they visited 22 of 140 sites.

These monitoring visits revealed several problems at the nonprofit-run shelters. At one site, agency workers discovered that the facility didn’t give children the proper amount of medication, leading them to accidentally overdose.

Helling said the Office of Refugee Resettlement is aware of the issues and has hired additional staff and implemented new policies to ensure that all site visits are completed in fiscal 2016.

 

Once children are released to sponsors, the agency has no system for tracking their whereabouts, according to the report. Some children, including those who have been identified as trafficking victims, are supposed to receive services such as mental- health care. In fiscal 2014, only 9.5 percent of children released by the agency received these services. The agency has established a call center for children who want to report problems with their sponsors and requires its caseworkers to call all children and sponsors after the children are placed.

Grassley sharply criticized the lack of follow-up for released children.

“Beyond the risks to the children created by these shortcomings, our communities are left to cope with the crime and violence from gang members and other delinquents who are not identified or tracked because of HHS’s haphazard and porous practices,” he said.

Helling said the agency is looking at ways to expand post-release services for children, adding that “the overwhelming majority of these children are fleeing violence and chaos, not looking to create it.”

Sen. Rob Portman (R-Ohio), who co-chaired the Jan. 28 Senate hearing about problems within the agency, said he will testify at Tuesday’s hearing.

“I’m pleased the Judiciary Committee is following up on the subcommittee’s bipartisan investigation,” he said. “The administration must be held accountable for turning young children over to traffickers and criminals.”

Jennifer Podkul, a migrant rights expert at the Women’s Refugee Commission, said: “Overall, we’re incredibly happy that ORR is the agency that’s been designated to release the kids. What happened when there were incredible numbers was that it showed the strain and the weaknesses in the system. It was like a magnifying glass on the system.”

38 Text Messages

Protests planned across US to back Apple in battle with FBI

  • SAN FRANCISCO (AP) ” Protesters are preparing to assemble in more than 30 cities to lash out at the FBI for obtaining a court order that requires Apple to make it easier to unlock an encrypted iPhone used by a gunman in December’s mass shootings in Southern California.

This site has posted at least one previous article on the Islamic strain on Tablighi Jamaat, which is at the core of mosques throughout the United Kingdom and the United States.

It also must be noted that while there is an epic debate on the matter of Apple writing code to gain access to the Farook cell phone, the matter goes deeper with regard to the pathway and destination of the data on the phone meaning to iCloud and perhaps even iTunes.

REVEALED: San Bernardino Terrorist’s Mosque Cleric Exchanged ​38​ Texts With Terrorist, Claimed ‘Casual’ Relationship

The mosque at the centre of the San Bernardino terrorist attack is back in the spotlight after one of the organisation’s clerics, Roshan Abbassi, was found to have had repeated contact with terrorist Syed Farook in the months before the deadly attack which left 14 people dead and 24 people injured.

Breitbart: Mr. Abbassi and his fellow teachers at the mosque had previously claimed that they barely knew Mr. Farook, despite his repeat attendance at the Dar al Uloom al Islamiyyah mosque in San Bernardino.

The mosque is now believed to be a haven for Tablighi Jamaat activists – a fundamentalist, proselytising Islamic sect known in some circles as the “Army of Darkness”.

The New York Post reports that the Federal Bureau of Investigation (FBI) has found repeated phone contact between Mr. Abbassi and Mr. Farook, dating back to a two week period in June – coinciding with the terrorist attack on two military sites in Chattanooga.

Mr. Abbassi – when not dodging difficult questions from Breitbart News journalists – emphasised to reporters during a press conference held just two days after attacks that he only knew Mr. Farook very casually.

He said at the time that he only exchanged pleasantries with Mr. Farook when they both attended the mosque.

“Hello, goodbye, how are you… just casual conversation… nothing more than that,” insisted Mr. Abbassi.

But FBI agents are now investigating at least 38 messages that were allegedly exchanged between the pair during a two week span in June 2015.

Mr. Abbassi was unusually hostile with reporters of all stripes when he was quizzed on radical Islam, FBI investigations, and his relationship with Mr. Farook on December 4th. When Breitbart News asked Mr. Abbassi whether he believed in an Islamic Caliphate, he refused to answer on multiple occasions.

***

When asked at the time if the FBI was investigating anyone else at the mosque, he replied, “No comment” before giving reporters a wry smile. He was then asked to clarify, to which he replied, “No comment”. After being pushed a third time, he responded brusquely: “You guys are our guests. If we have no comment, you cannot force us to have a comment thank you very much”.

***

And the stories between Mr. Abbassi and his fellow mosque leaders didn’t stack up either. One claimed that Syed Farook hadn’t attended the Dar al Uloom Islamiyah in a year, whereas Mr. Abbassi later revised this figure down to “a month”.

Mr. Abbassi also tried to blame the terrorist attack on “workplace anger”, stating: “Radicalisation? Never. In Islam there is no such thing as a radical Islam. There’s proof it was workplace anger. Proof. And everyone knows the argument that he got in with one of his people and why don’t they ever tell us what the argument was about”.

It was later reported that the argument between a coworker and Mr. Farook may indeed have been about the State of Israel, and Islam.

Speaking to other local imams, Breitbart News found a real fear of the Tablighi Jamaat sect, with one leader at the Corona-Norco mosque just a few miles away telling Breitbart reporters that the group was “dangerous” – especially for those who don’t know what they are getting involved in when attending such mosques.

“The Tablighi thing could get out of hand,” he said. “[They] sleep in the mosque… they have… the beards,” he dragged his hand further down his chin, widening his eyes.

Now, U.S. government officials think there could be up to 50,000 Tablighi Jamaat members across the United States.

Evidence from the United Kingdom, where the group practices aggressive tactics in their quest to build mega mosques across Britain suggests that security services and journalists may have ignored this ultra-orthodox sect – linked in numerous cases to terrorism – for too long.

Assistant FBI Director Michael Heimbach has said: “We have significant presence of Tablighi Jamaat in the United States,” adding that Al Qaeda has “used them for recruiting.”

Mr. Abbassi, who is of Pakistani origin, denies involvement in the San Bernardino terrorist attack, and has claimed that he was only discussing food donations for the mosque in his text exchanges with Mr. Farook.

Tablighi Jamaat members across the world are encouraged to lead extremely austere lifestyles, with members often sleeping in their mosques, and only eating food that has been donated by other followers.

A U.S. Department of Homeland Security whistleblower – Philip Haney – told Breitbart News Daily that he was involved in an investigation that might have stopped the San Bernardino attack, but was stopped by the Obama administration in the name of political correctness.

Haney said: “Civil Rights and Civil Liberties shut the case down because we were focusing on individuals who belong to Tablighi Jamaat… This case actually took six years to develop… It started in 2006, and it gradually gained momentum over time. By 2008, I was interviewing twenty, thirty people a month sometimes.”

“It was exactly what DHS was created to do… We were doing what we took our oath of office to do. We were well-trained, capable subject matter experts, focused like a laser beam on a trend that was putting our country at threat.”

Earlier this month Breitbart London revealed that a family in Britain who claimed “Islamophobia” after being banned from the United States were too linked to the Tablighi Jamaat mosque in San Bernardino. Britain’s security services have yet to comment on the suspicions surrounding the family.

Hillary – Sid: There is a Hezbollah Base in Cuba

Just for collaboration on the matter, the Justice Department published a 2014 report.

Additional Hezbollah facts.

A few years before the Obama administration removed Cuba from the U.S. list of nations that sponsor terrorism Hezbollah established an operational base on the communist island, according to intelligence received by Hillary Clinton when she was Secretary of State.

This Sid fella is good, but why didn’t  Hillary get the intelligence from her own State Department ops department? Did she ever really have security clearance or did she waive it and hand it over to Sidney Blumenthal? (snarky)

JW: The information comes straight from electronic mail released by the State Department over the weekend as part of ongoing litigation from several groups, including Judicial Watch, and media outlets surrounding Clinton’s use of a private server to send and receive classified information as Secretary of State. This alarming information has been ignored by the mainstream media, which served as the president’s most vocal cheerleader when he established diplomatic ties with Cuba last summer. After appearing for decades on the U.S. government’s list of nations that sponsor terrorism, the Obama administration officially removed it to lay the groundwork for a full renewal of diplomatic ties.

Nevertheless, the administration knew that the radical Lebanon-based Islamic group Hezbollah had opened a base in Cuba, just 90 miles from the U.S, a few years earlier. In a cable dated September 9, 2011 Clinton is informed that “extremely sensitive sources reported in confidence that the Israeli Intelligence and Security Service (Mossad) has informed the leadership of the Israeli Government that Hezbollah is establishing an operational base in Cuba, designed to support terrorist attacks throughout Latin America.” The cable goes on to say that “the Hezbollah office in Cuba is being established under direct orders from the current General Secretary Hasan Nasrallah, who replaced Musawi in 1992. According to the information available to this source, in preparation for establishment of the base, Nasrallah, working from inside of Lebanon, carried out secret negotiations with representatives of the Cuban Government, particularly the Cuban Intelligence Service (General Intelligence Directorate — DGI), agreeing to , maintain a very low profile inside of Cuba. Nasrallah also promised to take measures to avoid any trail of evidence that could lead back to Cuba in the event of a Hezbollah attack in Latin America.”

Obama’s report to Congress indicating his intent to rescind Cuba’s State Sponsor of Terrorism designation included a certification that Cuba had not provided any support for international terrorism during the previous six-months. It also claimed that Cuba had provided assurances that it will not support acts of international terrorism in the future. This was May, 2015 when the State Department announced the island nation was officially off the terrorist list because it “meets the statutory criteria for rescission.” In the announcement the agency also wrote this: “While the United States has significant concerns and disagreements with a wide range of Cuba’s policies and actions, these fall outside the criteria relevant to the rescission of a State Sponsor of Terrorism designation.” The new Clinton email creates a number of questions relating to the agency’s abrupt move to clear Cuba as a sponsor of terrorism.

Hezbollah’s involvement in Latin America is nothing new and in fact Judicial Watch has been reporting it for years. In 2013 JW published a story about Hezbollah infiltrating the southwest U.S. border by joining forces with Mexican drug cartels that have long operated in the region. The recently released Clinton email, states that a “particularly sensitive source” confirmed that in the 1980s Hezbollah carried out similar contingency casing operations against U.S., British, and Israeli facilities and businesses in Latin America, Europe and North Africa. In 1992 Islamic Jihad, acting on behalf of Hezbollah, bombed the Israeli Embassy in Buenos Aires, Argentina in retaliation for the death of Hezbollah General Secretary Abbas al-Musawi, the email says.

A few years before the Obama administration removed Cuba from the U.S. list of nations that sponsor terrorism Hezbollah established an operational base on the communist island, according to intelligence received by Hillary Clinton when she was Secretary of State.

The information comes straight from electronic mail released by the State Department over the weekend as part of ongoing litigation from several groups, including Judicial Watch, and media outlets surrounding Clinton’s use of a private server to send and receive classified information as Secretary of State. This alarming information has been ignored by the mainstream media, which served as the president’s most vocal cheerleader when he established diplomatic ties with Cuba last summer. After appearing for decades on the U.S. government’s list of nations that sponsor terrorism, the Obama administration officially removed it to lay the groundwork for a full renewal of diplomatic ties.

Nevertheless, the administration knew that the radical Lebanon-based Islamic group Hezbollah had opened a base in Cuba, just 90 miles from the U.S, a few years earlier. In a cable dated September 9, 2011 Clinton is informed that “extremely sensitive sources reported in confidence that the Israeli Intelligence and Security Service (Mossad) has informed the leadership of the Israeli Government that Hezbollah is establishing an operational base in Cuba, designed to support terrorist attacks throughout Latin America.” The cable goes on to say that “the Hezbollah office in Cuba is being established under direct orders from the current General Secretary Hasan Nasrallah, who replaced Musawi in 1992. According to the information available to this source, in preparation for establishment of the base, Nasrallah, working from inside of Lebanon, carried out secret negotiations with representatives of the Cuban Government, particularly the Cuban Intelligence Service (General Intelligence Directorate — DGI), agreeing to , maintain a very low profile inside of Cuba. Nasrallah also promised to take measures to avoid any trail of evidence that could lead back to Cuba in the event of a Hezbollah attack in Latin America.”

Obama’s report to Congress indicating his intent to rescind Cuba’s State Sponsor of Terrorism designation included a certification that Cuba had not provided any support for international terrorism during the previous six-months. It also claimed that Cuba had provided assurances that it will not support acts of international terrorism in the future. This was May, 2015 when the State Department announced the island nation was officially off the terrorist list because it “meets the statutory criteria for rescission.” In the announcement the agency also wrote this: “While the United States has significant concerns and disagreements with a wide range of Cuba’s policies and actions, these fall outside the criteria relevant to the rescission of a State Sponsor of Terrorism designation.” The new Clinton email creates a number of questions relating to the agency’s abrupt move to clear Cuba as a sponsor of terrorism.

Hezbollah’s involvement in Latin America is nothing new and in fact Judicial Watch has been reporting it for years. In 2013 JW published a story about Hezbollah infiltrating the southwest U.S. border by joining forces with Mexican drug cartels that have long operated in the region. The recently released Clinton email, states that a “particularly sensitive source” confirmed that in the 1980s Hezbollah carried out similar contingency casing operations against U.S., British, and Israeli facilities and businesses in Latin America, Europe and North Africa. In 1992 Islamic Jihad, acting on behalf of Hezbollah, bombed the Israeli Embassy in Buenos Aires, Argentina in retaliation for the death of Hezbollah General Secretary Abbas al-Musawi, the email says.

 

c 05782918 – FOIA State Cuba Hezbollah by Jason I. Poblete

Joint Chiefs, ‘NO’ on Closing Gitmo

Obama tweets: I’m going to Cuba

BI: President Barack Obama announced Thursday on Twitter that he was going to Cuba next month, which will be the first time a sitting president has visited the country since 1928.

The US recently restored diplomatic relations with the communist country after a 54-year break.

“14 months ago, I announced that we would begin normalizing relations with Cuba — and we’ve already made significant progress,” Obama tweeted.

In subsequent tweets, he said:

Our flag flies over our Embassy in Havana once again. More Americans are traveling to Cuba than at any time in the last 50 years. We still have differences with the Cuban government that I will raise directly. America will always stand for human rights around the world. Next month, I’ll travel to Cuba to advance our progress and efforts that can improve the lives of the Cuban people.

Obama also tweeted a link to a post on the website Medium that explained the thinking behind his trip.

Ben Rhodes, a national security adviser to Obama, wrote that the president would “have the opportunity to meet with President [Raúl] Castro, and with Cuban civil society and people from different walks of life” on the trip.

“Yes, we have a complicated and difficult history,” Rhodes wrote. “But we need not be defined by it. Indeed, the extraordinary success of the Cuban-American community demonstrates that when we engage Cuba, it is not simply foreign policy  —  for many Americans, it’s family.”

JW: As President Obama frees droves of terrorists—including five Yemenis this week—from the U.S. military prison in Guantanamo news reports confirm that a Gitmo alum who once led a Taliban unit has established the first Islamic State of Iraq and Syria (ISIS) base in Afghanistan.

His name is Mullah Abdul Rauf and international and domestic media reports say he’s operating in Helmand province, actively recruiting fighters for ISIS. Citing local sources, a British newspaper writes that Rauf set up a base and is offering good wages to anyone willing to fight for the Islamic State. Rauf was a corps commander during the Taliban’s 1996-2001 rule of Afghanistan, according to intelligence reports. After getting captured by U.S. forces, he was sent to Gitmo in southeast Cuba but was released in 2007. More here.

*** The Obama administration is in somewhat of a panic over the most recent development of Ibrahim al Qosi.

FNC: When Ibrahim al Qosi was released from Guantanamo Bay in 2012, a lawyer for the former Usama bin Laden aide said he looked forward to living a life of peace in his native Sudan.

Three years later, Qosi has emerged as a prominent voice of Al Qaeda in the Arabian Peninsula, appearing in a number of AQAP propaganda videos — including a 50-minute lecture calling for the takeover of Saudi Arabia.

The 56-year-old Qosi delivered a scathing critique of the Saudi monarchy — which appeared online on Feb. 6 — denouncing the Saudi government’s execution of more than 40 “mujahedeen” in January, according to the Long War Journal.

Joint Chiefs Issue Resounding ‘No’ to Obama on Gitmo Closure

Granger – TheBlaze: Just in case it couldn’t be more clear, the Joint Chiefs of Staff of the armed forces of the United States said “no, we won’t help” to the president in a letter regarding his possible use of an executive order to close the U.S. military detention facility at Guantanamo Bay, Cuba, and then bring the remaining detainees to the United States.

Quoting the law, Lt. Gen. William Mayville Jr., the director of the Joint Chiefs of Staff, wrote:

“Current law prohibits the use of funds to ‘transfer, release or assist in the transfer or release’ of detainees of Guantanamo Bay to or within the United States, and prohibits the construction, modification or acquisition of any facility within the United States to house any Guantanamo detainee. The Joint Staff will not take any action contrary to those restrictions.”

Sixteen members of the U.S. House of Representatives with military experience had written to the Joint Chiefs regarding the legal question of whether or not they would follow an executive order by President Barack Obama to close Gitmo by relocating the remaining detainees to the U.S.

Getty Images

The president is now alone in his fantasy of bringing detainees to U.S. shores.

Without the cooperation of the military, no physical transfer of Gitmo detainees can take place.

The president said in his end-of-year press conference, “We will wait until Congress has definitively said no to a well-thought-out plan with numbers attached to it before we say anything definitive about my executive authority here.”

Apparently, the Joint Chiefs beat Congress to the punch. There is no authority of the president to move anybody anywhere against the law.

Far from just an opinion, the Joint Chiefs are factually correct in their decision. Unless an order, even coming from the commander in chief, is legal, ethical and moral, the nation’s most responsible generals may not carry it out.

The letter is a first response in what could be a legal argument that could reach the attorney general and/or the Supreme Court.

With the balance of power in the highest court tilting slightly to the left now that conservative Antonin Scalia has passed away and his seat is vacant for the foreseeable future, any decision made by that body in question of the president’s Constitutional authority would probably side with him.

Without reaction to the letter, the Obama administration is surely scrambling for ideas on what next to do.

The really disappointing aspect of Obama’s obsession with closing Gitmo is the fact that he has forgotten the reason for the facility in the first place.

Sept. 11, 2001, is the reason for Gitmo. It is the reason for detaining as many potential sources of important information (that could save many lives) as possible. It is the reason so many lives have been lost and others changed forever.

Why has Obama forsaken the safety and security of the American people by releasing unlawful combatant Islamists who want to kill Americans before the Global War on Terror is won?

Thirty percent of all released Gitmo detainees are known or are suspected of returning to the fight. If that isn’t bad enough, there is NO information on the other 70 percent. Where are they; your neighborhood?

The president’s reckless behavior, from releasing dangerous enemies to wanting to bring others to the U.S. is proof that his priorities are confused. Thankfully, the Joint Chiefs of Staff have just reminded him that even he is bound by law, and they will not help him break it.

Montgomery Granger is a three-times mobilized U.S. Army major (Ret.) and author of “Saving Grace at Guantanamo Bay: A Memoir of a Citizen Warrior.” Amazon, Blog, Facebook

Apple vs. FBI, Try the iCloud or iTunes

In all fairness, General Michael Hayden, former head of the NSA actually disagrees with FBI Director James Comey and sides with Apple. The reason is fascinating.

Apple’s formal statement is here.

Zetter – Wired:

The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation—and also generated some misinformation.

Those who support the government say Apple has cooperated in the past to unlock dozens of phones in other cases—so why can’t it help the FBI unlock this one?

But this isn’t about unlocking a phone; rather, it’s about ordering Apple to create a new software tool to eliminate specific security protections the company built into its phone software to protect customer data. Opponents of the court’s decision say this is no different than the controversial backdoor the FBI has been trying to force Apple and other companies to build into their software—except in this case, it’s an after-market backdoor to be used selectively on phones the government is investigating.

The stakes in the case are high because it draws a target on Apple and other companies embroiled in the ongoing encryption/backdoor debate that has been swirling in Silicon Valley and on Capitol Hill for the last two years. Briefly, the government wants a way to access data on gadgets, even when those devices use secure encryption to keep it private.

Apple specifically introduced security features in 2014 to ensure that it would not be able to unlock customer phones and decrypt the data on them; but it turns out it overlooked a loophole in those security features that the government is now trying to exploit. The loophole is not about Apple unlocking the phone but about making it easier for the FBI to attempt to unlock it on its own. If the controversy over the San Bernardino phone causes Apple to take further steps to close that loophole so that it can’t assist the FBI in this way in the future, it could be seen as excessive obstinance and obstruction by Capitol Hill. And that could be the thing that causes lawmakers to finally step in with federal legislation that prevents Apple and other companies from locking the government out of devices.

If the FBI is successful in forcing Apply to comply with its request, it would also set a precedent for other countries to follow and ask Apple to provide their authorities with the same software tool.

In the interest of clarifying the facts and correcting some misinformation, we’ve pulled together a summary of the issues at hand.

What Kind of Phone Are We Talking About?

The phone in question is an iPhone 5c running the iOS9 version of Apple’s software. The phone is owned by the San Bernardino Department of Public Health, which gave it to Syed Rizwan Farook, the shooter suspect, to use for work.

What Is the Issue?

Farook created a password to lock his phone, and due to security features built into the software on his device, the FBI can’t unlock the phone and access the data on it using the method it wants to use—a bruteforce password-guessing technique wherein they enter different passcodes repeatedly until they guess the right one—without running the risk that the device will lock them out permanently.

How Would It Do That?

Apple’s operating system uses two factors to secure and decrypt data on the phone–the password the user chooses and a unique 256-bit AES secret key that’s embedded in the phone when it’s manufactured. As cryptographer Matthew Green explains in a blog post, the user’s password gets “tangled” with the secret key to create a passcode key that both secures and unlocks data on the device. When the user enters the correct password, the phone performs a calculation that combines these two codes and if the result is the correct passcode, the device and data are unlocked.

To prevent someone from brute-forcing the password, the device has a user-enabled function that limits the number of guesses someone can try before the passcode key gets erased. Although the data remains on the device, it cannot be decrypted and therefore becomes permanently inaccessible. The number of password tries allowed before this happens is unclear. Apple says on its web site that the data becomes inaccessible after six failed password attempts. The government’s motion to the court (.pdf) says it happens after 10 failed guesses.

The government says it does not know for certain if Farook’s device has the auto-erase feature enabled, but notes in its motion that San Bernardino County gave the device to Farook with it enabled, and the most recent backup of data from his phone to iCloud “showed the function turned on.”

A reasonable person might ask why, if the phone was backing data up to iCloud the government can just get everything it needs from iCloud instead of breaking into the phone. The government did obtain some data backed up to iCloud from the phone, but authorities allege in their court document that he may have disabled iCloud backups at some point. They obtained data backed up to iCloud a month before the shootings, but none closer to the date of the shooting when they say he is most likely to have used the phone to coordinate the attack.

Is This Auto-Erase the Only Security Protection Apple Has in Place?

No. In addition to the auto-erase function, there’s another protection against brute force attacks: time delays. Each time a password is entered on the phone, it takes about 80 milliseconds for the system to process that password and determine if it’s correct. This helps prevent someone from quickly entering a new password to try again, because they can only guess a password every 80 milliseconds. This might not seem like a lot of time, but according to Dan Guido, CEO of Trail of Bits, a company that does extensive consulting on iOS security, it can be prohibitively long depending on the length of the password.

“In terms of cracking passwords, you usually want to crack or attempt to crack hundreds or thousands of them per second. And with 80 milliseconds, you really can only crack eight or nine per second. That’s incredibly slow,” he said in a call to reporters this week.

With a four-digit passcode, he says, there are only about 10,000 different combinations a password-cracker has to try. But with a simple six-digit passcode, there are about one million different combinations a password cracker would have to try to guess the correct one—Apple says would take more than five-and-a-half-years to try all combinations of a six-character alpha-numeric password. The iOS9 software, which appears to be the software on the San Bernardino phone, asks you to create a six-digit password by default, though you can change this requirement to four digits if you want a shorter one.

Later models of phones use a different chip than the iPhone 5c and have what’s called a “secure enclave” that adds even more time delays to the password-guessing process. Guido describes the secure enclave as a “separate computer inside the iPhone that brokers access to encryption keys” increasing the security of those keys.

With the secure enclave, after each wrong password guess, the amount of time you have to wait before trying another password grows with each try; by the ninth failed password you have to wait an hour before you can enter a tenth password. The government mentioned this in its motion to the court, as if the San Bernardino phone has this added delay. But the iPhone 5c does not have secure enclave on it, so the delay would really only be the usual 80 milliseconds in this case.

Why None of This Is an Issue With Older iPhones

With older versions of Apple’s phone operating system—that is, phones using software prior to iOS8—Apple has the ability to bypass the user’s passcode to unlock the device. It has done so in dozens of cases over the years, pursuant to a court order. But beginning with iOS8, Apple changed this so that it can no longer bypass the user’s passcode.

According to the motion filed by the government in the San Bernardino case, the phone in question is using a later version of Apple’s operating system—which appears to be iOS9. We’re basing this on a statement in the motion that reads: “While Apple has publicized that it has written the software differently with respect to iPhones such as the SUBJECT DEVICE with operating system (“iOS”)9, Apple yet retains the capacity to provide the assistance sought herein that may enable the government to access the SUBJECT DEVICE pursuant to the search warrant.”

The government is referring to the changes that Apple initially made with iOS8, that exist in iOS9 as well. Apple released iOS9 in September 2015, three months before the San Bernardino attacks occurred, so it’s very possible this is indeed the version installed on the San Bernardino phone.

After today, technology vendors need to consider that they might be the adversary they’re trying to protect their customers from.

What Does the Government Want?

A lot of people have misconstrued the government’s request and believe it asked the court to order Apple to unlock the phone, as Apple has done in many cases before. But as noted, the particular operating system installed on this phone does not allow Apple to bypass the passcode and unlock the phone. So the government wants to try bruteforcing the password without having the system auto-erase the decryption key and without additional time delays. To do this, it wants Apple to create a special version of its operating system, a crippled version of the firmware that essentially eliminates the bruteforcing protections, and install it on the San Bernardino phone. It also wants Apple to make it possible to enter password guesses electronically rather than through the touchscreen so that the FBI can run a password-cracking script that races through the password guesses automatically. It wants Apple to design this crippled software to be loaded into memory instead of on disk so that the data on the phone remains forensically sound and won’t be altered.

Note that even after Apple does all of this, the phone will still be locked, unless the government’s bruteforcing operation works to guess the password. And if Farook kept the iOS9 default requirement for a six-character password, and chose a complex alpha-numeric combination for his password, the FBI might never be able to crack it even with everything it has asked Apple to do.

Apple CEO Tim Cook described the government’s request as “asking Apple to hack our own users and undermine decades of security advancements that protect our customers—including tens of millions of American citizens—from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”

What Exactly Is the Loophole You Said the Government Is Exploiting?

The loophole is the fact that Apple even has the ability to run crippled firmware on a device like this without requiring the user to approve it, the way software updates usually work. If this required user approval, Apple would not be able to do what the government is requesting.

How Doable Is All of This?

Guido says the government’s request is completely doable and reasonable.

“They have to make a couple of modifications. They have to make it so that the operating system boots inside of a RAM disk…[and] they need to delete a bunch of code—there’s a lot of code that protects the passcode that they just need to trash,” he said.

Making it possible for the government to test passwords with a script instead of typing them in would take a little more effort he says. “[T]hat would require a little bit of extra development time, but again totally possible. Apple can load a new kernel driver that allows you to plug something in over the Thunderbolt port… It wouldn’t be trivial but it wouldn’t be massive.”

Could This Same Technique Be Used to Undermine Newer, More Secure Phones?

There has been some debate online about whether Apple would be able to do this for later phones that have newer chips and the secure enclave. It’s an important question because these are the phones that most users will have in the next one or two years as they replace their old phones. Though the secure enclave has additional security features, Guido says that Apple could indeed also write crippled firmware for the secure enclave that achieves exactly what the FBI is asking for in the San Bernardino case.

“It is absolutely within the realm of possibility for Apple themselves to tamper with a lot of the functionality of the secure enclave. They can’t read the secure private keys out of it, but they can eliminate things like the passcode delay,” he said. “That means the solution that they might implement for the 5c would not port over directly to the 5s, the 6 or the 6s, but they could create a separate solution for [these] that includes basically crippled firmware for the secure enclave.”

If Apple eliminates the added time delays that the secure enclave introduces, then such phones would only have the standard 80-millisecond delay that older phones have.

“It requires more work to do so with the secure enclave. You have to develop more software; you have to test it a lot better,” he said. “There may be some other considerations that Apple has to work around. [But] as far as I can tell, if you issue a software update to the secure enclave, you can eliminate the passcode delay and you can eliminate the other device-erase [security feature]. And once both of those are gone, you can query for passcodes as fast as 80 milliseconds per request.”

What Hope Is There for Your Privacy?

You can create a strong alpha-numeric password for your device that would make bruteforcing it essentially infeasible for the FBI or anyone else. “If you have letters and numbers and it’s six, seven or eight digits long, then the potential combinations there are really too large for anyone to bruteforce,” Guido said.

And What Can Apple Do Going Forward?

Guido says Apple could and should make changes to its system so that what the FBI is asking it to do can’t be done in future models. “There are changes that Apple can make to the secure enclave to further secure their phones,” he said. “For instance, they may be able to require some kind of user confirmation, before that firmware gets updated, by entering their PIN code … or they could burn the secure enclave into the chip as read-only memory and lose the ability to update it [entirely].”

These would prevent Apple in the future from having the ability to either upload crippled firmware to the device without the phone owner’s approval or from uploading new firmware to the secure enclave at all.

“There’s a couple of different options that they have; I think all of them, though, are going to require either a new major version of iOS or new chips on the actual phones,” Guido said. “But for the moment, what you have to fall back on is that it takes 80 milliseconds to try every single password guess. And if you have a complex enough password then you’re safe.”

Is the Ability to Upload Crippled Firmware a Vulnerability Apple Should Have Foreseen?

Guido says no.

“It wasn’t until very recently that companies had to consider: What does it look like if we attack our own customers? What does it look like if we strip out and remove the security mitigations we put in specifically to protect customers?”

He adds: “Apple did all the right things to make sure the iPhone is safe from remote intruders, or people trying to break into the iPhone.… But certainly after today, technology vendors need to consider that they might be the adversary they’re trying to protect their customers from. And that’s quite a big shift.” (Great job on this Kim)