Apple appears headed toward another showdown with the US Federal Bureau of Investigation (FBI), as the agency this morning revealed it had asked Apple for assistance in recovering data from two iPhones in a recent case. Apple, so far, has declined to unlock the devices.
The devices belong to the gunman in last month’s naval base shooting in Pensacola, Florida. The shooter, Lt. Mohammed Saeed Alshamrani of the Saudi Royal Air Force, gunned down three servicemen in the attack: Ensign Joshua Watson, 23; Airman Mohammed Haitham, 19; and Airman Apprentice Cameron Walters, 21. Alshamrani was killed at the scene.
Dana Boente, FBI general counsel, said that federal investigators were so far unable to access Alshamrani’s two iPhones because each was locked and encrypted.
In 2014, Apple started to build encryption into each iPhone sold. To open a device, a user is required to enter a six (or more) digit passcode. Apple doesn’t know this passcode as the encryption key is stored on the device itself, not in the cloud.
It’s likely that law enforcement personnel collected the phone after it was shut off, or else biometrics like Touch ID or Face ID may have been used to access the phone. We know that at least one of the phones had been shot and damaged before the shooter was killed.
Once the phone sits idle for a long period, or loses power, a user must re-enter their six (or more) digit passcode to access the device. Unfortunately for the FBI, this passcode isn’t available to Apple, as it’s stored on the device itself and not in the cloud.
In a statement, Apple said it had given the FBI all the data “in our possession.” An Apple spokesperson added: “We will continue to support [the FBI] with the data we have available.”
Apple, for its part, routinely complies with court orders to hand over data stored on its servers. This data, however, is typically of the iCloud variety and nothing that would include the encryption key to the phone itself.
But while it doesn’t contain information that would allow the FBI to unlock the iPhone — unless a user would be dumb enough to store his passcode in Notes, for example — the data turned over by Apple isn’t nothing. A user with iCloud backups enabled, for example, could unknowingly provide access to their photo library, videos, and any files stored in Apple’s new file system, among other things.
If this all sounds familiar, it should. In 2016, the FBI requested Apple’s help in unlocking an iPhone belonging to Syed Rizwan Farook, the San Bernardino shooter who killed 14 in 2015.
The FBI pleaded with Apple to unlock the device, an iPhone 5c. Apple told the FBI it couldn’t, as the devices were encrypted based on a user passcode, not information it stored in the cloud or data that it could otherwise access. The showdown eventually led to court orders, which Apple refused to comply with, and eventually a Congressional hearing.
Before a second Congressional hearing could take place, the DOJ filed a motion to vacate the proceeding after claiming it had unlocked the phone on its own, with help from an unnamed third-party.
Edward Snowden, who knows a thing or two about these kinds of things, said that the FBI’s claim that it couldn’t hack the iPhone without help from Apple was “bullshit.”
Bullshit or not, the case went away and we mostly forgot about it. The DOJ didn’t get the precedent it wanted, and Apple wasn’t forced to compromise the security of its users to assist the FBI. History though, often repeats itself.
And here we find ourselves, again, barreling toward another showdown between the FBI and Apple. The FBI seemingly wants a backdoor into consumer devices, and Apple, for its part, has stood its ground.
According to NY Times’ sources, the FBI is not asking apple to create a so-called backdoor into users’ devices. This, though, is an argument of semantics. The FBI has repeatedly claimed that it’s only seeking a backdoor into a singular device, not all devices. It’s worth mentioning though that there are hundreds, perhaps thousands of these devices tied up in court cases throughout the country as we speak.
As Apple said previously, obtaining the data that the FBI wants would require it to build a backdoor, setting a dangerous precedent for user privacy worldwide. It’s also argued that it can’t build a backdoor into a single device without compromising all other devices should the exploit find its way into the wild.
Published January 8, 2020 — 04:49 UTC