FBI shown possible way to unlock killer's iPhone
Published 22/03/2016 | 01:11
The US government has said it may not need Apple's help to unlock an encrypted iPhone used by one of the San Bernardino attackers.
In a filing late on Monday, federal prosecutors said "an outside party" came forward over the weekend and showed the FBI a possible method for unlocking the phone used by gunman Syed Farook in the December 2 terror attack in California.
Authorities need time to determine "whether it is a viable method that will not compromise data" on the phone. If viable, "it should eliminate the need for the assistance from Apple" according to the filing, which sought to delay a much-anticipated court hearing over the issue on Tuesday.
Magistrate Judge Sheri Pym granted that request and ordered the government to file a status report by April 5, US Attorney's Office spokesman Thom Mrozek said.
The fact that a third party may have found a way into the phone without Apple's help appears to contradict every sworn affidavit and filing put forward in the last month by the Justice Department.
The government has argued repeatedly in each of its filings that Apple's help is necessary and that the company was the only one that could provide investigators with what was needed.
"Without Apple's assistance, the government cannot carry out the search of Farook's iPhone authorised by the search warrant," prosecutors argued.
Apple has said in its filings that the government did not exhaust all its options, and politicians have criticised the FBI for not doing more to try to crack the iPhone itself before seeking Apple's help.
In sworn evidence earlier this month, FBI director James Comey told the House of Representatives Judiciary Committee that agency investigators had approached even the National Security Agency for help, but did not have success.
Fourteen people were killed in the San Bernardino attack by Farook and his wife Tashfeen Malik. The couple were later killed in a gun battle with police.
Prosecutors have argued that the phone used by Farook probably contains evidence of the attack in which the county food inspector and his wife murdered people at a holiday lunchn attended by many of his work colleagues.
The FBI has said the couple was inspired by the Islamic State group. Investigators are still trying to piece together what happened and find out if there were collaborators.
The couple destroyed other phones they left behind and the FBI has been unable to circumvent the passcode needed to unlock the iPhone, which is owned by San Bernardino County and was given to Farook for his job.
Last month, Judge Pym ordered Apple to create software that would disable security features on the phone, including one that erases all the information if a passcode is incorrectly entered more than 10 times. That would allow the FBI to electronically run possible combinations to open the phone without losing data.
Apple said the government was seeking "dangerous power" that exceeded the authority of the All Writs Act of 1789 it cited and violated the company's constitutional rights, harmed the Apple brand and threatened the trust of its customers to protect their privacy. The 18th-century law has been used on other cases to require third parties to help law enforcement in investigations.
The company said the order was unreasonably burdensome and once created, it would be asked to repeatedly design such software for use by authorities at home and abroad, and the technology could fall into the hands of hackers.
It's not clear what method the government now wants to test. But even as the FBI has insisted that only Apple is able to provide the help it needs, some technical experts have argued there are other options.
The most viable method involves making a copy of the iPhone's flash memory drive, said Jonathan Zdziarski, a computer expert who specialises in iPhone forensics. That would allow investigators to make multiple tries at guessing the iPhone's passcode.
A security feature in the phone is designed to automatically erase the data if someone makes 10 wrong guesses in a row.
But if that happens, Mr Zdziarski said, investigators could theoretically restore the data from the back-up copy they have created.
The data itself would remain encrypted until the phone is unlocked, but it would remain viable while investigators continued to guess the passcode, he added.
"It's a lot more involved than it sounds," Mr Zdziarski warned, and no-one had demonstrated that it would work in this case. But he said a number of computer hardware and data recovery experts told him it could work.
Some experts have also suggested that investigators could use lasers and acid to deconstruct the phone's memory chip, in order to physically examine the encrypted data and the encryption algorithm, in hopes of cracking the code. But hardware experts say that method has a high risk of destroying the memory during the process.
The notion of copying the flash memory was raised by congressman Darrell Issa, a California Republican who previously ran a car alarm business, during a congressional hearing earlier this month, when Mr Comey insisted that his bureau had explored all other possibilities.
It has also been promoted by technical experts advising the American Civil Liberties Union, which has filed a court brief supporting Apple's position.
"It seems technologically doable so long as there is not something critical that we don't know about Apple's hardware," ACLU staff lawyer Alex Abdo said.
But Mr Abdo noted that the government had dismissed the idea several weeks ago. He said the fact that the government now says it only learned of a possible solution over the weekend suggests it may be something else.
There is also the possibility that the National Security Agency has come forward with a method it did not previously share, or that some private contractor thinks they have found a solution, experts said.
Mr Zdziarski said the FBI often consults with private forensic contractors and it is possible that someone may have only come forward in recent days.
If the solution works, that would severely undercut the government's effort to order Apple's assistance under the All Writs Act, said Mr Abdo, who noted that the law requires a strong necessity for the requested assistance.
"To me, it suggests that either the FBI doesn't understand the technology or they weren't giving us the whole truth when they said there is no other possible way" of examining the phone without Apple's help, Mr Abdo said. "Both of those are scary to me."
Apple said it was premature to declare victory in the company's dispute with the government because it was possible authorities could come back in a few weeks and insist they still needed Apple's help
Lawyers for the company also said Apple had no idea what method the FBI was now exploring to try unlocking the encrypted iPhone.
While the company is hoping the government will tell Apple about whatever method used to access the phone's encrypted files, the lawyers said it may be up to the FBI to decide whether to share the information.