After weeks of asserting that only Apple could help it access data in an iPhone in its possession, the Federal Bureau of Investigation yesterday revealed that it was able to break into the device and withdrew its court order compelling Apple’s assistance.
The device in question — an iPhone 5c — had been used by Syed Rizwan Farook, who with his wife, Tashfeen Malik, carried out a shooting in San Bernardino, Calif., on December 2 that left 14 people dead. The pair was shot dead by police later that day.
Unable to unlock the iPhone after the attack, the FBI had invoked the 1789 All Writs Act to compel Apple to write new code that would have enabled the agency to bypass encryption protections and access data on the device. The FBI reversed course suddenly last week after revealing that a third party might be able to help it unlock the phone.
‘A Victory for Security and Encryption’
“From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent,” an Apple spokesperson told us today. “As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.”
Although yesterday’s developments brought to a close Apple’s immediate legal challenges, they aren’t likely to end the ongoing tug-of-war between advocates of strong encryption and government officials who want backdoor access to devices and data when investigating suspected criminals and terrorists. Officials, including FBI Director James Comey, say they want other means of bypassing IT security to avoid the risk of “going dark” in investigations.
“Yesterday’s motion by the government was a victory for security and encryption,” Lisa Hayes, vice president for programs and strategy at the Center for Democracy and Technology, told us. The fact that the FBI dropped its court order against Apple, “would not have happened if the tech community had not coalesced, and drawn a line in the sand,” she said.
However, many questions still remain to be resolved in the wake of yesterday’s events, Hayes added. “At the end of the day, it’s time to end the debate about whether governments should be able to compel companies to give the assistance the FBI asked for here,” she said. “We need to move on to the more important questions: In a society where more and more communications are encrypted, what techniques should law enforcement use to gain access, and which techniques should be outlawed because they undermine trust and increase vulnerabilities?”
Techs ‘Angry about Dishonesty’
Also unanswered is how the FBI might have broken into the iPhone and what data it was able to access. The brief filed yesterday by the Department of Justice in the U.S. District Court of California consisted of just three short paragraphs, noting, “The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc. mandated by court’s order compelling Apple Inc. to assist agents in search dated February 16, 2016.”
We contacted the FBI and were told by a spokesperson that the agency had no comment as the inquiry has “now transitioned to more of a standard investigative matter.”
A number of digital rights and privacy advocates yesterday welcomed the FBI’s news while criticizing officials for their assertions about Apple in previous weeks.
“As an American who helped fund the FBIs massive exploit purchase this week, I demand to know what kind of evidence was on Farook’s phone,” iOS forensics expert Jonathan Zdziarski, who has commented extensively on the FBI-Apple dispute on his blog, wrote on Twitter yesterday. Zdziarski also tweeted a series of snarky comments about the case, noting among other things that, “It took just over a month after FBI testified under oath that they couldn’t access a locked iPhone . . . to access a locked iPhone.”
Whistleblower and former National Security Agency contractor Edward Snowden also weighed in on the FBI’s announcement. “Techs are so angry about the dishonesty in this case that @FBI might need to add itself to the list of radicalizers,” he tweeted.
“EFF is pleased that the Justice Department has retreated from its dangerous and unconstitutional attempt to force Apple to subvert the security of its iOS operating system,” Andrew Crocker, a staff attorney for the Electronic Frontier Foundation, a digital rights advocacy organization, said yesterday on the site’s blog. However, the news raises questions about the iOS vulnerabilities the FBI was able to exploit and whether the agency will share that information with Apple and others, he added.
“If the FBI used a vulnerability to get into the iPhone in the San Bernardino case, the VEP [Vulnerabilities Equities Process that specifies when the government should share information with the public] must apply, meaning that there should be a very strong bias in favor of informing Apple of the vulnerability,” Crocker said. “That would allow Apple to fix the flaw and protect the security of all its users. We look forward to seeing more transparency on this issue as well.”
For its part, Apple said it will continue to help law enforcement with its investigations, as it has done all along. The tech giant will also continue to increase the security of its products as the threats and attacks on its data become more frequent and more sophisticated, the Apple spokesperson told us. “Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk,” the spokesperson said.
