FBI Drops NY iPhone Unlock Case, Fails to get Precedent Again

| News

The FBI dropped its New York iPhone unlocking case against Apple, although this time instead of buying a hack, someone handed over the passcode. Unconfirmed reports claim it was the suspect in the case, Jun Feng, who pleaded guilty last year to drug-related charges. That's one more case where the FBI failed to land the encryption-hacking precedent it wants.

FBI gets passcode for Jun Feng's iPhoneFBI gets passcode for Jun Feng's iPhone

Mr. Feng pleaded guilty to charges stemming from a methamphetamine distribution conspiracy last year, but didn't give law enforcement agents the passcode to the iPhone they seized from him. The FBI asked the court for an order compelling Apple to help hack into the device citing the All Writs Act from 1789. The Federal Judge hearing the case refused to grant the order, so the FBI appealed the ruling.

Apple claimed the FBI hadn't exhausted its investigative options, and now it seems that's the case because late last Friday the agency withdrew its case, telling the court,

Yesterday evening, an individual provided the passcode to the iPhone at issue in this case. Late last night, the government used that passcode by hand and gained access to the iPhone. Accordingly, the government no longer needs Apple’s assistance to unlock the iPhone, and withdraws its application.

And just like that, another let's-force-Apple-to-hack-iPhone-security case evaporated into the Ether.

The Jun Feng case parallels the FBI's Syed Farook mass shooting case in San Bernardino. In that case, FBI agents wanted Apple to help work around the iPhone lockscreen passcode to see the device's encrypted contents. The FBI won its order, but Apple asked the court to reverse the ruling saying the government didn't have the authority to force companies to circumvent their own security features, and that doing so would set a precedent where other companies would be forced to do the same.

In the end, the FBI dropped its case at the last minute saying an unnamed third party produced a hack that didn't require Apple's assistance. Ultimately, Mr. Farook's iPhone proved to be of little value because the FBI didn't find any useful information.

Both cases are part of a crusade by the FBI and Department of Justice to give law enforcement agencies backdoors into our encrypted data. The San Bernardino and New York cases didn't pan out, nor did the Boston case where the FBI was also trying to force Apple's hand in the encryption game.

That doesn't, however, mean the FBI and DOJ are giving up. The American Civil Liberties Union put together a list of more than 60 cases where Apple and Google are being targeted for help bypassing their own encryption. Considering how the cases have gone so far, however, winning the precedent they want seems easier said than done.

Withdrawing the case to hack into Mr. Feng's iPhone doesn't help the FBI and Department of Justice in their ongoing push to circumvent encryption in computers and mobile devices. In fact, it hampers their efforts because so far it seems the most effective results have come from actual police work instead of trying to force Apple to crack its own encryption.

[Thanks to the Wall Street Journal for the heads up]

Popular TMO Stories



For me, the intriguing part of these two cases is just how inept the FBI has been. We all know that the FBI strategy is to rewrite CALEA, and the recent tactic has been to wait for a “terrorism” case. With that in hand, it can argue the necessity for opening phones and breaking encryption.

But that’s not how things have turned out. The case (San Bernardino) was adequate but only barely so. The shooters were dead and police/FBI had determined fairly quickly that there was larger conspiracy, either in the U.S. or foreign. Not quite 100% certain, but close to it. They found the iPhone and asked for Apple’s help, and received it right away. And for some reason never adequately explained, they changed [requested the County, which owned the iPhone, to change] the passcode on the iCloud account.

So it is very puzzling that FBI waited SIX WEEKS to request a court order demanding that Apple unlock the phone. And rather unprofessional to request it ex parte so that Apple would have no opportunity to argue its side of the story. Nonetheless, the terrorism -> fear link worked for a short while, but almost all tech companies were outspoken in their criticism of the FBI’s action. As we know, the opposition increased until finally the FBI had to find an exit mechanism - the unnamed hackers and their $1.3+ million fee.

If instead the FBI had filed its request quickly, while the news was still full with the story, it might have been quite a different result. FBI would have been seen to be anxious to gather information, instead of waiting for six weeks. Had there been a bigger plot and co-conspirators, another attack might have been executed. The delay also allowed a very critical court decision to be issued in an unrelated case, the “Feng” case in New York.

This is different in many ways, but the delay and lack of competence are just as visible. The case started about two years ago, a seemingly-ordinary drug-dealer case. There were the typical delays as it wended its way through the system. Although the FBI had a warrant to search the phone, it did not have a court order requiring Apple to help, and only filed that request last October, a month before the trial. The judge declined to rule on it ex parte and requested briefs and oral argument from both Apple and FBI, and these happened. Shortly afterwards, Feng pled guilty, but FBI decided to pursue the order compelling Apple’s help. About a month later [early December], the San Bernardino shooting happened.

At this point, the FBI should have realized that its pursuit of an order in the Feng case might be a problem. The judge had declined to issue an order ex parte and had directed the parties to provide briefs and arguments, which they had done. The upside from getting this order was small, but the downside was large, and it turned out to be even bigger than anyone had thought.

Judge Orenstein’s ruling, denying the FBI’s application, is devastating to the strategy. FBI said that it would appeal but actually did not - instead it filed a “renewed motion” which is actually asking for a mulligan - a do-over with a different judge. This is the application that was withdrawn yesterday. No do-over, the existing denial still stands.

And that is worthwhile reading even for non-lawyers. I’ll close with a few verbatim extracts. Brutal, just brutal ...

>It is also clear that the government has made the considered decision
>that it is better off securing such crypto-legislative authority from
>the courts (in proceedings that had always been, at the time it filed
>the instant Application, shielded from public scrutiny) rather than
>taking the chance that open legislative debate might produce a result
>less to its liking. Indeed, on the very same day that the government
>filed the ex parte Application in this case (as well as a similar
>application in the Southern District of New York, see DE 27 at 2), it
>made a public announcement that after months of discussion about the
>need to update CALEA to provide the kind of authority it seeks here,
>it would not seek such legislation. See James B. Comey, “Statement
>Before the Senate Committee on Homeland Security and Governmental
>Affairs,” (Oct. 8, 2015),
>https://www.fbi.gov/news/testimony/threats-to-the- homeland
>(“The United States government is actively engaged with private
>companies to ensure they understand the public safety and national
>security risks that result from malicious actors’ use of their
>encrypted products and services. However, the administration
>is not seeking legislation at this time.”).

>I therefore conclude that what the government seeks here is “to have
>the court give it authority that Congress chose not to confer.”

>Director Comey’s salutary call for meaningful public debate can
>therefore be achieved only by recognizing that the All Writs Act does
>not serve as a mechanism for courts to give the executive branch
>authority it fails to secure from the legislature.


“that there was larger conspiracy” obviously should be
“that there was no larger conspiracy”

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account