The Department of Justice's fight to force Apple to sidestep iPhone security features in San Bernardino isn't over, and in fact is still very much alive in Boston. Like the San Bernardino case, the FBI is citing the All Writs Act from 1789 as grounds to force Apple to find a way to bypass the iPhone's lock screen, but this time they're doing all under sealed records instead of in the open.
The FBI has another iPhone unlock case, this time in Boston
In the Boston case, the FBI arrested Desmond Crawford as part of a drug ring and homicide bust related to the Columbia Point Dawgz gang. Officers seized a flip phone and an iPhone 6 Plus from Mr. Crawford, and they want Apple to bypass the iPhone's lockscreen passcode. The warrant is under seal, so the American Civil Liberties Union has asked the court to release the docket sheets related to the case.
What we do have is the affidavit for a search warrant from FBI agent Matthew Knight asking the court to force Apple to bypass the iPhone's lockscreen security and extract encrypted data. The affidavit states,
I also seek authorization for an ORDER requiring Apple, Inc. ("Apple") to assist in the execution of the search warrant by bypassing the lock screen of the iOS device, (Target Telephone 1) and providing technical assistance consisting of, to the extent possible, extracting data from the Device, copying the data from the Device onto an external hard drive or other storage medium, and returning the aforementioned storage medium to law enforcement, and/or providing the FBI with the suspect Personal Identification Number (P.I.N) for Personal Unlock Code (P.U.K.) so that access cam be gained to Target Telephone 1 for this search.
That amounts to what the FBI was pushing for in the San Bernardino case. In that case the FBI wanted access to the encrypted contents of an iPhone 5c recovered from Syed Farook after he was killed in a shootout with police. Mr. Farook and his wife, Tashfeen Malik, killed 14 coworkers and injured 22 others before they were both killed in the shootout.
The FBI obtained a court order compelling Apple to create a special version of iOS that didn't include the built-in security features preventing brute force attacks on device passcodes. Apple filed a motion to vacate the order and also filed a formal complaint with the court, calling the order a danger to privacy and security, and an overreach of government authority. The FBI dropped its fight with Apple when an unnamed third party unlocked the iPhone.
That fight was very public and even included U.S. Attorney General Loretta Lynch making an appearance on Stephen Colbert's late night talk show in an effort to dispel concerns over privacy, and to say the FBI wanted access to just the one phone, and that it was a one-off request.
Next up: The DOJ's quiet, but big, encryption fight
The DOJ's quiet, but big, encryption fight
The DOJ's assertion that the San Bernardino iPhone was a one-off request has been crumbling as new information comes out such as the ACLU's report that the DOJ has filed 63 similar requests with Apple and Google since 2008, the New York case where a Judge denied the FBI's request, and now the Boston case where relevant documents have been sealed.
ACLU of Massachusetts legal director Matthew Segal said, "We are taking this action in order to better understand how government authorities have attempted to use the All Writs Act of 1789 to defeat 21st-century technology."
The Boston case underscores what security and privacy experts have been saying: the Sam Bernardino case was more about setting a precedent that strips away the protections encryption gives us than searching for useful evidence on Mr. Farook's work-issued iPhone. The case is also an important reminder why we all need to stay vigilant in the face of the DOJ's anti-encryption and anti-privacy crusade.
Security vulnerabilities known by one can be known by many, exposing our private data, bank records, and more to hackers, criminals, foreign governments, and our own government. The FBI seems to think it can keep the security vulnerabilities it discovers secret and safe, but the reality is hackers and governments are hard at work every day looking for those same weaknesses.
The DOJ wants a way to access all our encrypted devices
The DOJ says it needs backdoors into our personal data to keep us safe from criminals and terrorists. The intention might be good, but the reality is that criminals, hackers, and savvy tech users will simply move to encrypted services that fall outside of the government's control. In the end, the government's fight will give the DOJ—along with hackers and foreign governments—easy access to the average user's chats and bank transactions, but it won't do much to stop the people they claim to be targeting.
Boston is just the latest case we know about. It's a safe bet more will surface soon, and it's a safe bet the DOJ won't give up.