The news this week that the Department of Justice has found a third party to help it unlock a contested iPhone without Apple’s compelled help–and subsequently asked to cancel a court hearing on the matter–has been hailed as a victory both for Apple and its users. While that may be true, at least for the moment, the move also is a win for the FBI and its efforts to find ways into the new generation of encrypted devices.
On Monday, the government filed a motion to vacate a hearing that was scheduled for the following day, a hearing that would have considered the question of whether Apple should be compelled to comply with an order to help the FBI access an iPhone used by alleged terrorist Syed Farook. It’s a question that has consumed the security and privacy communities for more than a month and has made its way into national political debates. Apple has contended that it does not have a current method for accessing the phone, which is protected by a passcode and a mechanism that will erase the data if too many wrong code are tried. So the FBI got a court order demanding that the company build a deliberately compromised version of iOS and sign it so the FBI could load it on the phone and bypass the security protections.
Apple has refused, citing many reasons, including the technical difficulty of doing so. But the main objection has been the privacy and security ramifications of such a move, and Apple CEO Tim Cook has said the company takes the responsibility of securing its customer data very seriously.
“I don’t know where this stops, but I do know this isn’t what should be happening in this country,” Cook said last month.
Legal briefs in the case have flown back and forth, with the government saying Apple’s stance is a marketing ploy, an accusation that the company dismissed. But the latest brief on Monday came a little out of the blue, with the Justice Department’s lawyers saying that the FBI has been contacted by a third party that showed a technique that could retrieve the desired data from the iPhone without Apple’s help.
If it succeeds in forcing Apple to help in this way, the government most certainly will return to that tactic, and not just with Apple.
“On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone. Testing is required to determine whether it is aviable method that will not compromise data on Farook’s iPhone. If the method isviable, it should eliminate the need for the assistance from Apple Inc. (“Apple”) set forthin the All Writs Act Order in this case,” the government’s brief says.
Who that “outside party” is and what the method for unlocking the phone is have been the subject of a lot of speculation this week, but those are questions for another day. (Forensics expert Jonathan Zdziarski has an excellent analysis of the possible methods.) For now, let’s focus on the potential fallout from this change.
For Apple, it’s a clear victory, though it may be a short-lived one. The government has asked for two weeks to assess the viability of this alternative method and plans to report back to the court on the progress of it on April 5. If the method fails or doesn’t succeed completely, expect the government to come right back and ask the court to compel Apple to cooperate again. The FBI is determined to access the phone, and if the alternative method doesn’t work, it will go back to the original one.
But there’s also the fact that this is just one phone. It is the beginning of what is likely to be a very long journey, not the end. If the government eventually fails to compel Apple to build a compromised operating system in this case, it is likely to go back again and again in future cases where it encounters the same challenge. And if it succeeds in forcing Apple to help in this way, the government most certainly will return to that tactic, and not just with Apple. Google and other handset manufacturers could be as much in the crosshairs on this as Apple is now.
If the alternative method ends up working, it’s possible we will never know for sure what it was and how it was employed. Many experts have made highly educated guesses about what the method could be, but no one is saying they’re certain. By contrast, through the government’s own briefs and Apple’s public statements, we have a lot of information about how the FBI wants the company to bypass the security mechanisms in iOS, and experts have an understanding of how that would work.
“This development annoys me in every way. This case was never about the particular phone, it was about the precedent and the general issue of security vs. surveillance. This will just come up again another time, and we’ll have to through this all over again — maybe with a company that isn’t as committed to our privacy as Apple is,” cryptographer Bruce Schneier said.
For now, it looks like the only downside for the government with this move is a potential reversal from the court saying Apple doesn’t have to comply with the original order. That’s always a possibility, but the FBI looks well-positioned to get its way in this case.
