The FBI found a way to hack into the San Bernardino shooter's iPhone after Apple refused to comply with a court order, the ACLU found a long list of cases where the FBI is trying to force Apple help unlock iPhones, and now it's using the undisclosed hack to unlock an iPhone in an Arkansas homicide investigation. So much for just this phone, just this once.
The FBI and DOJ want easy access to all iPhones, not just one
The current situation started in early December 2015 when Syed Farook and his wife Tashfeen Malik, both San Bernardino County Department of Public Health employees, opened fire on their coworkers. They killed 14 and injured 22 more, then died in a shootout with police who recovered a work-issued iPhone Mr. Farook used.
Apple helped the FBI recover data from the iPhone's backups, but didn't have any way to bypass the device's lockscreen passcode. The FBI turned to the courts for an order compelling Apple to create a hackable version of iOS they insisted would be used only once and just on this specific iPhone.
Apple contested the order calling it an overreach of government authority, and a move that would set a dangerous precedent where law enforcement agencies could compel companies to develop tools to bypass their own product's built-in encryption and security measures. Apple also said creating the hackable iPhone operating system was dangerous because it would eventually find its way to other governments as well as hackers, potentially threatening the security of encrypted communications, bank transactions, and more.
The FBI and Department of Justice stood by their claim this would be a one-off deal, and that they did have the authority to force Apple to code a new version of iOS thanks to the All Writs Act from 1789. Apple filed a motion to vacate the order along with a formal complaint, and both sides stood firm in their positions.
Next up: The FBI's just-one-phone argument crumbles
The FBI's just-one-phone argument crumbles
The FBI's arguments started to fall apart during a House Judiciary Committee hearing, however, when Director James Comey said this case would shape future iPhone unlocking requests. Manhattan district attorney Cyrus R. Vance did his part to unintentionally punch holes in the FBI's argument, too, saying he has a long list of phones where unlocking orders would be pursued if the Apple order stood.
Then news surfaced that the Department of Justice had 12 more cases lined up for similar orders pending the outcome of the San Bernardino unlocking order, and the ACLU put together a list of 63 cases since 2008 across the U.S. where the DOJ has used the All Writs Act in an effort to compel Apple or Google to access data from encrypted devices.
The FBI's "just one iPhone" wall crumbles
The FBI dropped a surprise on Apple the day before the two were scheduled to appear in court to defend their arguments saying it had a mystery company lined up to hack into the iPhone. The hearing was put on hold, and on Monday this week the FBI said it had access to the iPhone's contents. The hearing was cancelled, and the FBI dropped its fight for the court order.
Apple says it wants to know how the FBI got into Mr. Farook's iPhone, wich makes sense because what ever hack was used could be replicated by other parties. Without knowing what was done, there's a serious hole in iPhone security going unpatched—and it seems the FBI is fine with that because it doesn't want to share the technique it used.
Another piece in the just-this-phone-just-this-once claim crumbled this week when the FBI agreed to use its hack to unlock an iPhone for the prosecutor in Faulkner County, Arkansas, as part of a homicide investigation. And now the FBI is testing the procedure to see how effective it is on other iPhone models.
The DOJ punched its own hole in the claim saying even though the unlocking fight with Apple over this iPhone is done, it plans to continue using the court system to try to force tech companies to create the encryption-breaking tools it wants. DOJ spokesperson Melanie Newman made that very clear this week when she said, "It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails."
The FBI and DOJ aren't going to come out and say the fight to force Apple to create the encryption breaking tools they wanted was more about setting precedent than seeing what was on Syed Farook's iPhone, but they don't have to. Their actions during the fight, and what they're doing now that they have access to the iPhone's data, speak volumes: the FBI and DOJ value their ability to hack into our smartphones more than protecting security and privacy.
[Some image elements courtesy Shutterstock]