EncryptionFBI cracks terrorists’ iPhone without Apple's help

Published 29 March 2016

The Justice Department on Monday asked a court to withdraw the government’s request that the court order Apple to help the FBI gain access to the encrypted iPhone used by the San Bernardino terrorists. The Justice Department filed the request after the FBI had successfully accessed data stored on an encrypted iPhone. The FBI wanted the court to compel Apple to relax the 10-attempt limit, which is part of the encryption system which comes with the device. If there are more than ten attempts to guess the password, the phone locks forever and all the data on it is wiped out. The FBI argued that its computers, using brute-force, would be able to break the phone’s password, but that it would take more than ten attempts.

The Justice Department on Monday asked a court to withdraw the government’s request that the court order Apple to help the FBI gain access to the encrypted iPhone used by the San Bernardino terrorists. The Justice Department filed the request after the FBI had successfully accessed data stored on an encrypted iPhone.

The FBI wanted the court to compel Apple to relax the 10-attempt limit, which is part of the encryption system which comes with the device. If there are more than ten attempts to guess the password, the phone locks forever and all the data on it is wiped out. The FBI argued that its computers, using brute-force, would be able to break the phone’s password, but that it would take more than ten attempts.

The court initially agreed with the government, but Apple appealed the decision.

On Monday eight days ago, the Justice Department had asked the court to delay its ruling because the FBI had been approached by a third party, which offered an alternative method for opening the iPhone.

The New York Times reports that in Monday’s two-page court filing, the Justice Department said the government “no longer requires” Apple’s assistance and asked a federal magistrate in Riverside, California to withdraw the order to force Apple to assist.

In its own argument before the court, Apple argued the government request would create a “back door” to the company’s devices which could be abused by hackers and governments agencies.  

Eileen Decker, a federal prosecutor in Los Angeles, said on Monday that the government’s request to Apple was part of a “solemn commitment” to the victims.

She said: “Although this step in the investigation is now complete, we will continue to explore every lead, and seek any appropriate legal process, to ensure our investigation collects all of the evidence related to this terrorist attack.”

The Times notes that the government’s withdrawal of its request does not put an end to the issue but instead raises new questions, including questions about the strength of security in Apple devices. Apple, for its part, may now demand that the government disclose the method the FBI used to open the device so the company could fix the vulnerability in its encryption method. Lawyers for Apple have already put the government on notice that the company would want to know the procedure used to break the phone’s encryption – but the government may decide to classify the method.

“From a legal standpoint, what happened in the San Bernardino case doesn’t mean the fight is over,” Esha Bhandari, a staff lawyer at the American Civil Liberties Union, told the Times. She notes that the government generally goes through a process before it decides whether to disclose information about certain vulnerabilities so that manufacturers can patch them.

“I would hope they would give that information to Apple so that it can patch any weaknesses,” she said, “but if the government classifies the tool, that suggests it may not.”

Melanie Newman, a spokeswoman for the Justice Department, also indicated that the broader battle over access to digital data from devices was not over.

“It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails,” Newman said. “We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors.”

Cryptography experts urged the government to share its information with Apple. “Courts should be skeptical going forward when the government claims it has no other option besides compelling a device maker’s assistance,” Riana Pfefferkorn, a cryptography fellow at the Stanford Center for Internet and Society, told the Times.

“Now that the F.B.I. has accessed this iPhone, it should disclose the method for doing so to Apple,” she added. “Apple ought to have the chance to fix that security issue, which likely affects many other iPhones.”