Apple: We Could Have Accessed Terrorist's Cloud Information If The Password Wasn't Reset

Matt Vespa
|
Posted: Feb 21, 2016 9:50 PM
Apple: We Could Have Accessed Terrorist's Cloud Information If The Password Wasn't Reset

As Christine wrote last week, Apple was ordered by a judge to meet the demands set by the Department of Justice to hack into the San Bernardino shooter’s phone, which caused discomfort within the tech community over the issues of government intrusion and privacy. She also noted that this “master key” program that the FBI wants to use to get into the phone is looked upon as no different than what the federal agency wants companies to install in all of their programs.

Via Wired:

The stakes in the case are high because it draws a target on Apple and other companies embroiled in the ongoing encryption/backdoor debate that has been swirling in Silicon Valley and on Capitol Hill for the last two years. Briefly, the government wants a way to access data on gadgets, even when those devices use secure encryption to keep it private.

Apple specifically altered its software in 2014 to ensure that it would not be able to unlock customer phones and decrypt any of the most important data on them; but it turns out it overlooked a loophole in doing this that the government is now trying to exploit. The loophole is not about Apple unlocking the phone but about making it easier for the FBI to attempt to unlock it on its own. If the controversy over the San Bernardino phone causes Apple to take further steps to close that loophole so that it can’t assist the FBI in this way in the future, it could be seen as excessive obstinance and obstruction by Capitol Hill. And that could be the thing that causes lawmakers to finally step in with federal legislation that prevents Apple and other companies from locking the government out of devices.

If the FBI is successful in forcing Apple to comply with its request, it would also set a precedent for other countries to follow and ask Apple to provide their authorities with the same software tool.

As history has shown, starting with wiretaps during the Prohibition era, government will exploit a new technological advance, even if it breaks the law or violates constitutional rights. We shouldn’t make that mistake here. Moreover, Apple has shot back at the Bureau, saying that if the password wasn’t touched after the government seized the phone–they could’ve accessed the Cloud information (via ABC News):

The password for the San Bernardino shooter's iCloud account associated with his iPhone was reset hours after authorities took possession of the device.

The Justice Department acknowledged in its court filing that the password of Syed Farook's iCloud account had been reset. The filing states, "the owner [San Bernardino County Department of Public Health], in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup."

Apple could have recovered information from the iPhone had the iCloud password not been reset, the company said. If the phone was taken to a location where it recognized the Wi-Fi network, such as the San Bernardino shooters' home, it could have been backed up to the cloud, Apple suggested.

[…]

Apple executives say the iPhone was in the possession of the government when iCloud password was reset. A federal official familiar with the investigation confirmed that federal investigators were indeed in possession of the phone when the reset occurred.

Yet, ABC also noted that court documents also stated that Farook might have disabled the iCloud backup function to hide evidence. Yet, that shipped has sailed. Right now, it’s a fight over how to analyze the phone, with the Obama administration suggesting to a judge that the hacking software should remain in the possession of Apple (via Fox News):

The Obama administration told a magistrate judge Friday it would be willing to allow Apple to retain possession of and later destroy specialized software it was ordered to create to help federal authorities hack into the encrypted iPhone belong to Syed Rizwan Farook.

"Apple may maintain custody of the software, destroy it after its purpose under the order has been served, refuse to disseminate it outside of Apple and make clear to the world that it does not apply to other devices or users without lawful court orders," the Justice Department told Judge Sheri Pym. "No one outside Apple would have access to the software required by the order unless Apple itself chose to share it."