In the hours after the workplace massacre in San Bernardino that is at the center of the current controversy between the US government, Apple, and a divided public, the actual registered owner of the work iPhone used by the gunman -- the San Bernardino Health Department, his employer and target -- reset the iCloud account password on the device in a move that
may have crippled the FBI's case, the affidavit filed by the Department of Justice has revealed.
It is unclear if the resetting was deliberate or accidental, but it meant that the device could no longer automatically back up the present contents of the device to iCloud. The gunman, Syed Rizwan Farook, deliberately destroyed his personal smartphone, but left the work iPhone untouched -- and had not backed up the device since October 19, suggesting that there is little of any value on the device anyway.
According to
the DOJ affidavit, the FBI has already obtained cell phone call logs for the remaining device and the other smartphones owned by Farook and his wife, and has already obtained all of the older backups and other computer records with Apple's help from the devices owned by the couple, who were killed in a shootout with police several hours after the attack.
In a call with reporters late on Friday, senior Apple executives spoke on background about areas they were previously barred from talking about, areas that delve into the specifics how and why they could not comply with the FBI's request. Thanks to the revelations contained in the DOJ's affidavit, Apple officials could now outline exactly what the FBI has requested, and how the government's own botched handling of the recovered iPhone -- rather than Apple's refusal to hack its own operating system -- has prevented the FBI from obtaining the information it wanted.
Apple revealed that it had been in discussions with the FBI since shortly after the December attacks about ways to provide law enforcement with as much information as possible about the seized iPhone. Apple's engineering staff had, in fact, informed FBI officials about legal and viable ways for the agency to induce an unencrypted backup of the iPhone to iCloud, which would have then generated a backup of the unit's current contents, and allowed Apple to provide the agency with the sort of information it hoped to find on the device.
The backups Farook had initiated weeks before the attacks were sporadic and unencrypted, suggesting that they were done manually, and that the gunman had not turned off the ability of the device to be backed up -- leaving open the possibility that the device could be made to do an iCloud backup. This would have provided the government with the data it was looking for -- though the lack of encrypted backups on what was a government-issued work smartphone hints that Farook did not have any sensitive information on the device.
However, the Apple ID was changed by either officials from either San Bernardino County government or the government during the first 24 hours after the attack, rendering the advice Apple had given moot, because the device could no longer auto-backup to iCloud. Apple has already helped provide the FBI with access to the backups Farook made up until October 19.
Because of this error on the part of the government, the FBI decided that Apple would now have to create a tool that would work with both older and newer iPhones -- including models with the "secure enclave" -- that would allow the government (and others who obtained, reverse-engineered, or other created a version of the tool) complete access to the full contents and data store in the device's flash storage and processors.
The Apple executives emphasized that the FBI is misleading people with claims that its interest in such a tool extends only to this one particular device, and that Apple is refusing to help the agency at all. They pointed out that no government until now -- even China -- has asked for a special "backdoor" to be created that could access the sensitive contents, and that if it acquiesces to the US government's demands, it will have to do the same for all countries worldwide.
The executives also said explicitly that previous statements by government officials, from FBI Director James Comey to Manhattan District Attorney Cyrus Vance have made it clear that the US government would use such a tool, if it were created, to bypass the security on at least 175 iPhones that have been seized as part of more mundane criminal investigations. While saying that Apple "abhors" terrorism in any form, the methods the FBI has gone to court to try and force Apple to create would create a "master key" that the government would then use to unlock any devices they deem of interest for any reason.
The Apple executives were motivated to provide a rebuttal due to the voiding of a confidentiality agreement through the DOJ's detailed affidavit, and because FBI officials attempted to capitalize on Apple's forced silence by claiming that the company's refusal to give the agency what it wanted was more to "protect the brand" and "a marketing strategy," maligning the company's motives while forcing it to leave the allegations unanswered.
The affidavit, however, allowed Apple to set the record straight and reveal specifics of what it had done to help the agency freely. The filing by the DOJ has also provided Apple with the opportunity to defend itself from the agency's deliberate mischaracterization, and explain why the FBI has had to go to court in an attempt to get Apple to hack its own software; it was because a US government official, either from San Bernardino County, law enforcement personnel, or the FBI itself bungled the handling of the device, leaving Apple's guidance and advice on how to get what the FBI was looking for obsolete.
Various observers have questioned whether the FBI is simply using the tragedy of the San Bernardino workplace massacre to intimidate lawmakers and courts into changing the law or ordering tech companies to comply with various requests in the name of "terrorism" or, as one FBI official claimed, protecting the "need to know" from the victims' families of any details that could conceivably be on such devices. The officials from Apple indicated that it will continue to tighten and harden the security of the iPhone in an effort to ensure that users are protected from both hardware and software "cracking" attacks that could compromise personal data by any attacker.