The Justice Department on Monday withdrew its demand for Apple‘s assistance in unlocking the iPhone of a dead terrorist, ending one phase of the most fiercely debated security and privacy battle in recent memory.
FBI agents, relying on a technique presented to them by an unknown third party, were able to access San Bernardino shooter Syed Farook’s iPhone 5c, eliminating the basis for the Feb. 16 court order directing Apple to write custom software that would let it flood the phone with password guesses.
“The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires [Apple’s] assistance,” Eileen M. Decker, the U.S. attorney in the case, said in a Monday court filing. “Accordingly, the government hereby requests that the [order] be vacated.”
“It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties or through the court system when cooperation fails,” Melanie Newman, a Justice Department spokeswoman, said in a statement. “We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors.”
Attention now turns to whether the government will disclose the security vulnerability that it exploited to unlock Farook’s phone. Apple will no doubt press it to do so as it seeks to plug every hole in its formidable encryption.
On a conference call with reporters on Monday afternoon, the government declined to say whether it would submit the vulnerability to a White House process for analyzing whether to disclose such flaws.
“This new method of accessing the phone raises questions about the government’s apparent use of security vulnerabilities in iOS and whether it will inform Apple about these vulnerabilities,” Andrew Crocker, a staff attorney at the Electronic Frontier Foundation, said in a statement.
“It is now time for them to let Apple know about the vulnerability so it can be fixed,” said Amie Stepanovich, U.S. policy manager for the digital-rights group Access. “If not, they are very irresponsibly making millions, if not billions, of Apple users more vulnerable.”
Apple reacted with cautious satisfaction late Monday night, saying in a statement, “This case should never have been brought.”
The company said it would continue to both “help law enforcement with their investigations” and “increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.”
“This case raised issues which deserve a national conversation about our civil liberties, and our collective security and privacy,” it said. “Apple remains committed to participating in that discussion.”
Judge Sheri Pym of the U.S. District Court for the Central District of California issued her order in this case based on the All Writs Act, which allows judges to issue “all writs necessary” to ensure compliance with other court orders. The government already had a search warrant targeting the phone but had been unable to unlock the device.
“That the government was able to gain access to the phone without Apple’s help is certainly preferable to issuing a wide-reaching court decision that would grant the government backdoor access into every American’s phone and other devices,” Rep. Darrell Issa (R-Calif.), a leading civil-liberties voice in Congress, said in a statement, “but the fundamental question over how we, as citizens, expect our government to be able to access—or not access—our personal information still remains.”
On March 21, hours before Apple and the government were set to appear at a high-profile hearing in Pym’s Riverside courtroom, Justice Department lawyers informed the court that a third party had come forward with a possible alternate method of unlocking the device.
If the technique was successful, observers noted, it would eliminate the basis for the order—that only Apple could write the code that the FBI needed to unlock the device. The Justice Department asked Pym to postpone the March 22 hearing while FBI agents tested the technique. Pym did so and also stayed her initial order.
Some observers have questioned whether the FBI really learned about the new technique on the eve of the highly anticipated hearing. Former NSA contractor Edward Snowden suggested that the agents who said in sworn affidavits that only Apple could unlock the phone had lied.
Stepanovich called the timing “very convenient” and said that the sequence of events would hurt the bureau in the future.
“I think that they have tarnished their credibility in future cases,” she said. “Any time, they say that they have exhausted all of their options, what judges are going to know is that with technology there isn’t any exhausting your options necessarily.”
The debate over access to Farook’s phone is part of a broader battle over law-enforcement access to encrypted products. Many police and intelligence officials want tech companies to design their encryption so that they can break it if investigators bring them a warrant. Tech firms, security experts, and civil-liberties advocates argue that doing so would weaken commercial encryption, damage American companies’ reputations and economic competitiveness, and push bad actors onto foreign platforms.
While its San Bernardino fight has ended, Apple is still tangling with law enforcement in many other jurisdictions. The Justice Department is fighting to force Apple to help it unlock a New York drug suspect’s iPhone, which runs an older version of the iOS mobile operating system from which Apple can directly extract data.
“This case was never about just one phone. It was about an unprecedented power-grab by the government that was a threat to everyone’s security and privacy,” Alex Abdo, a staff attorney at the American Civil Liberties Union, said in a statement. “Unfortunately, this news appears to be just a delay of an inevitable fight over whether the FBI can force Apple to undermine the security of its own products. We would all be more secure if the government ended this reckless effort.”
Update 5:44pm CT, March 28: Added government answer to vulnerability disclosure question.
Update 6:55pm CT, March 28: Added EFF, ACLU, and Issa comments.
Update 7:27pm CT, March 28: Added Access comments.
Update 9:27pm CT, March 28: Added Apple statement.
Photo by Andrew Couts