FBI Director: Apple Case Doesn’t Set Encryption ‘Precedent’

The FBI’s director says the victims of the San Bernardino attack are owed a thorough and professional investigation—and that’s why the bureau wants to compel Apple to help unlock an iPhone that belonged to one of the attackers.

“The San Bernardino litigation isn't about trying to set a precedent or send any kind of message,” James Comey said in a post Sunday night on the Lawfare blog. “It is about the victims and justice.”

The phone in question is the iPhone 5c that belonged to Syed Rizwan Farook, who with his wife, Tashfeen Malik, opened fire on Dec. 2, 2015, at a civic-services center, killing 14 people and wounding 21 others. The attack was believed to be inspired by ISIS, though no direct link has been found between the attackers and the Sunni terrorist group.

As we reported last week, Tim Cook, the Apple CEO, in a letter to customers, said the company would oppose a judge’s order to help the FBI unlock Farook’s because, in his words, the company saw it “as an overreach by the U.S. government.”

iPhones become locked when incorrect passwords are entered a certain number of times. The only known way to unlock the device is restoring the factory settings, a move that deletes all data from the phone.

Apple says the FBI wants the ability to unlock the phone using multiple password attempts—a method known as bruteforcing. Cook, in his letter, said the FBI was seeking a backdoor to the iPhone, which “in the wrong hands … would have the potential to unlock any iPhone in someone’s physical possession.”

The U.S. Justice Department, in a motion filed on Friday, accused Apple of “repudiating” the order of Magistrate Judge Sheri Pym. The department dismissed the idea the FBI was seeking a “backdoor” into the iPhone, pointed out that Apple had previously complied with “a significant number of orders” related to the All Writs Act of 1789, and added Apple’s refusal to help “appears to be based on its concern for its business model and public brand marketing strategy.”

Apple, in a q-and-a posted on its website on Monday, denied it had ever unlocked an iPhone for law enforcement in the past and rejected the assertion its concerns were based on a business and marketing strategy. The company also urged the government to “withdraw its demands under the All Writs Act and … form a commission or other panel of experts on intelligence, technology, and civil liberties to discuss the implications for law enforcement, national security, privacy, and personal freedoms.”

Comey, in his blog post Sunday, said:

The particular legal issue is actually quite narrow. The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that. Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t. But we can't look the survivors in the eye, or ourselves in the mirror, if we don't follow this lead.  

Apple, in the q-and-a, also said the Apple ID linked to Farook’s iPhone 5c was changed soon after the government took possession of the device, and if that hadn’t happened, BuzzFeed reported, “a backup of the information the government was seeking may have been accessible.”

Here’s more from the BuzzFeed story:

The Apple executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a backdoor. One of those methods would have involved connecting the iPhone to a known Wi-Fi network and triggering an iCloud backup that might provide the FBI with information stored to the device between the October 19th and the date of the incident.

Apple sent trusted engineers to attempt that method, the executives said, but they were unable to do it. It was then that they discovered that the Apple ID password associated with the iPhone had been changed sometime after the terrorist’s death — within 24 hours of the government taking possession of the phone. By changing the password, the government foreclosed its ability to obtain a fresh copy of the most recent device data via this back-up-to-known-wifi method.

The password was reportedly reset accidentally by the San Bernardino Health Department. The FBI acknowledged the password change, but downplayed its impact.

Apple’s lawyers are expected to file the company’s formal response to Pym’s order by next Friday.