The extraordinary legal fight pitting the Obama administration against technology giant Apple Inc. ended unexpectedly after the FBI said it used a mysterious method, without Apple’s help, to hack into a California mass shooter’s iPhone.
Left unanswered, however, were questions about how the sudden development would affect privacy in the future, and what happens the next time the government is frustrated by digital security lockout features.
Government prosecutors asked a federal judge on Monday to cancel a disputed order forcing Apple to help the FBI break into the iPhone, saying it was no longer necessary.
The FBI used the unspecified technique to access data on an iPhone used by gunman Syed Farook, who died in a gun battle with police after he and his wife killed 14 people in San Bernardino, California, in December. The Justice Department said agents are now reviewing the information on the phone.
But the government’s brief court filing, in U.S. District Court for the Central District of California, provided no details about how the FBI got into the phone. Nor did it identify the non-government “outside party” that showed agents how to get past the phone’s security defenses. Authorities had previously said only Apple had the ability to help them unlock the phone.
Apple responded by saying it will continue to increase the security of its products to better protect its customers, yet would cooperate with the authorities whenever possible. “We will continue to help law enforcement with their investigations, as we have done all along,” the company added in a statement, while reiterating its argument that the government’s demand for Apple’s help was wrong. “This case should never have been brought,” the company said.
FBI Assistant Director David Bowdich said Monday that examining the iPhone was part of the authorities’ effort to learn if the San Bernardino shooters had worked with others or had targeted any other victims. “I am satisfied that we have access to more answers than we did before,” he said in a statement.
The dispute had ignited a fierce internet-era national debate that pitted digital privacy rights against national security concerns and renewed heated discussion over the impact of encryption on the ability of law enforcement to protect the public.
Rep. Darrell Issa, R-California, said in a statement that while it was “preferable” that the government gained access to the iPhone without Apple’s help, the fundamental question of the extent to which the government should be able to access personal information remains unanswered.
Issa, a critic of the administration’s domestic surveillance practices, said the government’s legal action against Apple raised constitutional and privacy questions and that “those worried about our privacy should stay wary” because this doesn’t mean “their quest for a secret key into our devices is over.”
The surprise development punctured the temporary perception that Apple’s security might have been good enough to keep consumers’ personal information safe even from the U.S. government.
And while the Obama administration created a policy for disclosing such security vulnerabilities to companies, the policy allows for a vulnerability to be kept secret if there is a law enforcement or national security rationale for doing so.
The withdrawal of the court process also takes away Apple’s ability to legally request details on the method the FBI used in this case. Apple attorneys said last week that they hoped the government would share that information with them if it proved successful.
The Justice Department wouldn’t comment on any future disclosure of the method to Apple or the public.
Denelle Dixon-Thayer, chief legal and business officer at Mozilla, which makes the Firefox web browser, said in a statement that “fixing vulnerabilities makes for better products and better security for everyone” and the “government needs to take that into account” and disclose the vulnerability to Apple.
Jay Kaplan, a former NSA computer expert who’s now CEO of cyber-security firm Synack, said it is likely Apple will pursue avenues to further lock down their operating systems and hardware, especially as a result of this public announcement of a technique that was used to crack their phones.
U.S. Magistrate Sheri Pym of California last month ordered Apple to provide the FBI with software to help it hack into Farook’s work-issued iPhone. The Justice Department relied on a 1789 law to argue it had the authority to compel Apple to bypass its security protocols on its phone for government investigators. While Magistrate Judge James Orenstein in New York ruled last month in a separate case that the U.S. was seeking overly broad powers under that legal argument, the decision wasn’t binding in the California case and the Justice Department is appealing.
Technology and civil liberties organizations say they’re concerned the case is far from settled, with some worrying that smaller companies might not have the resources to fight off similar demands.
Apple CEO Tim Cook had argued that helping the FBI hack the iPhone would set a dangerous precedent, making all iPhone users vulnerable. He, as well as FBI Director James Comey, has said that Congress needs to take up the issue.
Apple was headed for a courtroom showdown with the government last week, until federal prosecutors abruptly asked for a postponement so they could test a potential solution brought to them by a party outside of the U.S. government last Sunday.
The encrypted phone was protected by a passcode that included security protocols: a time delay and auto-erase featured that destroyed the phone’s data after 10 tries. The two features made it impossible for the government to repeatedly and continuously test passcodes in what’s known as a brute-force attack. But with those features removed, the FBI said it would take 26 minutes to crack the phone.
A law enforcement official said the FBI would continue to help its local and state partners acquire evidence for cases — implying that the method would be shared with them. The official spoke to reporters on condition of anonymity.
High on the waiting list for assistance is probably Manhattan District Attorney Cyrus Vance, who told a U.S. House panel earlier this month that he has 205 iPhones his investigators can’t access data from, for criminal investigations. Apple is also opposing requests to help extract information from 14 Apple devices in California, Illinois, Massachusetts, and New York.