Thread: Judge Forces Apple to Help Unlock San Bernardino Shooter iPhone

FEB 16 2016, 8:00 PM ET

Judge Forces Apple to Help Unlock San Bernardino Shooter iPhone

by ANDREW BLANKSTEIN

A federal judge on Tuesday ordered Apple to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters, assistance the computer giant "declined to provide voluntarily," according to court papers.

In a 40-page filing, the U.S. Attorney's Office in Los Angeles argued that it needed Apple to help it find the password and access "relevant, critical … data" on the locked cellphone of Syed Farook, who with his wife Tashfeen Malik murdered 14 people in San Bernardino, California on December 2.

"Despite … a warrant authorizing the search," said prosecutors, "the government has been unable to complete the search because it cannot access the iPhone's encrypted content. Apple has the exclusive technical means which would assist the government in completing its search, but has declined to provide that assistance voluntarily."

Syed Farook and Tashfeen Malik arrive in Chicago on July 27, 2014. U.S. Government
Prosecutors said they needed Apple's help accessing the phone's data to find out who the shooters were communicating with and who may helped plan and carry out the massacre, as well as where they traveled prior to the incident.

The judge ruled Tuesday that the Cupertino-based company had to provide "reasonable technical assistance" to the government in recovering data from the iPhone 5c, including bypassing the auto-erase function and allowing investigators to submit an unlimited number of passwords in their attempts to unlock the phone. Apple has five days to respond to the court if it believes that compliance would be "unreasonably burdensome."

In a statement, United States Attorney Eileen M. Decker called the move an "important step."

"Since the terrorist attack in San Bernardino on December 2, 2015, that took the lives of 14 innocent Americans and shattered the lives of numerous families, my office and our law enforcement partners have worked tirelessly to exhaust every investigative lead in the case," said Decker. "We have made a solemn commitment to the victims and their families that we will leave no stone unturned as we gather as much information and evidence as possible. These victims and families deserve nothing less. The application filed today in federal court is another step — a potentially important step — in the process of learning everything we possibly can about the attack in San Bernardino."

After the shooting at the Inland Regional Center in San Bernardino, authorities said they recovered several cell phones Farook and Malik had tried to destroy and had dropped in a waste bin. The iPhone referenced in the judge's ruling was found in a black Lexus belonging to Farook's family.

An iPhone 5C is displayed during an Apple product announcement at the Apple campus on September 10, 2013 in Cupertino, California. Justin Sullivan / Getty Images file

The iPhone is owned by Farook's employer, the San Bernardino County Department of Public Health, which assigned it to him. The county consented to investigators' requests to search its contents.

Prosecutors argued evidence in Farook's iCloud account indicates that he was in communication with victims whom he and his wife later shot, and phone records show Farook communicated with Malik using his iPhone.

'I Don't Really Think About Him': San Bernardino Survivor on Attacker0:31


Prosecutors alleged in their filing that Farook may have disabled the iCloud data feature to hide evidence.

Although investigators have been able to obtain several backup versions of Farook's iCloud data, the most recent version they've been able to access dates from about a month and a half before the shooting.

They said this showed Farook "may have disabled the feature to hide evidence."

Last week FBI Director James Comey referenced the San Bernardino shootings when testifying before Congress about the challenges posed by technology that allows cell phones to lock with no apparent means of override. The new court documents give some details about those hurdles and the ongoing investigation.

Apple did not immediately respond to a request for comment.

http://www.nbcnews.com/storyline/san...iphone-n519701

Apple opposes judge's order to hack San Bernardino shooter's iPhone

By Evan Perez and Tim Hume, CNN
Updated 10:00 AM ET, Wed February 17, 2016| Video Source: CNN

Story highlights

• Apple challenges judge's order to help FBI unlock gunman's iPhone
• ISIS supporter Syed Farook and his wife killed 14 people in San Bernardino, California
• Investigators want to retrieve data from the device but can't get past the passcode

(CNN)Apple is opposing a judge's order to help the FBI break into the iPhone of one of the San Bernardino, California, shooters, calling the directive "an overreach by the U.S. government."

A public letter, signed by Apple CEO Tim Cook and published Tuesday, warns that complying with the order would entail building "a backdoor to the iPhone" -- "something we consider too dangerous to create."

"The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers -- including tens of millions of American citizens -- from sophisticated hackers and cybercriminals," the letter said.

Such a move would be an "unprecedented step," threatening the security of Apple's customers, it said.

"No reasonable person would find that acceptable."

The letter called for a public discussion on the order, saying the company was "challenging the FBI's demands with the deepest respect for American democracy and a love of our country."

"We believe it would be in the best interest of everyone to step back and consider the implications," the letter said.

Passcode thwarts investigators

The standoff is the latest flashpoint in an intensifying debate between law enforcement and the tech industry over encryption.

A judge in California ordered Apple on Tuesday to help the FBI break into the phone of San Bernardino shooter Syed Farook.

Farook and his wife, Tashfeen Malik, killed 14 people in the December shooting. The couple, radical Islamists who supported ISIS, later died in a shootout with police.

Investigators had obtained permission to retrieve data from the phone but had been unable to search the device as it had been locked with a user-generated numericpasscode.

Apple's operating systems included an auto-erase function that, when enabled, would result in the information on the phone being permanently wiped after 10 failed attempts at inputting the passcode, the government wrote in documents seeking the order.

"We have made a solemn commitment to the victims and their families that we will leave no stone unturned as we gather as much information and evidence as possible. These victims and families deserve nothing less," Eileen Decker, U.S. attorney for the Central District of California, said in a statement in response to the court order.

"The application filed today in federal court is another step -- a potentially important step -- in the process of learning everything we possibly can about the attack in San Bernardino."

iPhone 'backdoor'

Apple said the FBI had requested that the tech giant produce a new version of the iPhone operating system that circumvented key security features to install on Farook's phone.

"In the wrong hands, this software -- which does not exist today -- would have the potential to unlock any iPhone in someone's physical possession," Cook's letter said.

The FBI did not describe such a move as a "backdoor" into the iPhone, but complying with the request would "undeniably" create one, and limiting its use to the Farook case could not be guaranteed, the letter said.

"The government suggests this tool could only be used once, on one phone. But that's simply not true. Once created, the technique could be used over and over again, on any number of devices," it said.

"The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe," the letter continued, adding it could find "no precedent for an American company being forced to expose its customers to a greater risk of attack."

Apple: Implications 'chilling'

Apple, which has helped the FBI with similar requests in the past, said in the letter that it had "great respect for the professionals at the FBI, and we believe their intentions are good."

"We have no sympathy for terrorists," it said, adding it did not oppose the order lightly.

But it said the FBI was proposing "an unprecedented use" of law dating from 1789 to justify an expansion of its authority, the implications of which were "chilling."

"If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone's device to capture their data," it said.

San Bernardino gunman's friend pleads not guilty

"The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge."

Republican presidential candidate Donald Trump gave his take on the standoff Wednesday, saying Apple should comply with the judge's order.

"I agree 100% with the courts," Trump said on "Fox and Friends."

"I think security over all -- we have to open it up, and we have to use our heads."

http://www.cnn.com/2016/02/16/us/san...r-phone-apple/

Photo Illustration by Emil Lendof/The Daily Beast


SHANE HARRIS
02.17.16 4:05 PM ET

Apple Unlocked iPhones for the Feds 70 Times Before

A 2015 court case shows that the tech giant has been willing to play ball with the government before—and is only stopping now because it might ‘tarnish the Apple brand.’

Apple CEO Tim Cook declared on Wednesday that his company wouldn’t comply with a government search warrant to unlock an iPhone used by one of the San Bernardino killers, a significant escalation in a long-running debate between technology companies and the government over access to people’s electronically-stored private information.

But in a similar case in New York last year, Apple acknowledged that it could extract such data if it wanted to. And according to prosecutors in that case, Apple has unlocked phones for authorities at least 70 times since 2008. (Apple doesn’t dispute this figure.)

In other words, Apple’s stance in the San Bernardino case may not be quite the principled defense that Cook claims it is. In fact, it may have as much to do with public relations as it does with warding off what Cook called “an unprecedented step which threatens the security of our customers.”


For its part, the government’s public position isn’t clear cut, either. U.S. officials insist that they cannot get past a security feature on the shooter’s iPhone that locks out anyone who doesn’t know its unique password—which even Apple doesn’t have. But in that New York case, a government attorney acknowledged that one U.S. law enforcement agency has already developed the technology to crack at least some iPhones, without the assistance from Apple that officials are demanding now.

The facts in the New York case, which involve a self-confessed methamphetamine dealer and not a notorious terrorist, tend to undermine some of the core claims being made by both Apple and the government in a dispute with profound implications for privacy and criminal investigations beyond the San Bernardino case.

In New York, as in California, Apple is refusing to bypass the passcode feature now found on many iPhones.

But in a legal brief, Apple acknowledged that the phone in the meth case was running version 7 of the iPhone operating system, which means the company can access it. “For these devices, Apple has the technical ability to extract certain categories of unencrypted data from a passcode locked iOS device,” the company said in a court brief.

Whether the extraction would be successful depended on whether the phone was “in good working order,” Apple said, noting that the company hadn’t inspected the phone yet. But as a general matter, yes, Apple could crack the iPhone for the government. And, two technical experts told The Daily Beast, the company could do so with the phone used by deceased San Bernardino shooter,Syed Rizwan Farook, a model 5C. It was running version 9 of the operating system.


Still, Apple argued in the New York case, it shouldn’t have to, because “forcing Apple to extract data… absent clear legal authority to do so, could threaten the trust between Apple and its customers and substantially tarnish the Apple brand,” the company said, putting forth an argument that didn’t explain why it was willing to comply with court orders in other cases.


“This reputational harm could have a longer term economic impact beyond the mere cost of performing the single extraction at issue,” Apple said.

Apple’s argument in New York struck one former NSA lawyer as a telling admission: that its business reputation is now an essential factor in deciding whether to hand over customer information.

“I think Apple did itself a huge disservice,” Susan Hennessey, who was an attorney in the Office of the General Counsel at the NSA, told The Daily Beast. The company acknowledged that it had the technical capacity to unlock the phone, but “objected anyway on reputational grounds,” Hennessey said. Its arguments were at odds with each other, especially in light of Apple’s previous compliance with so many court orders.

It wasn’t until after the revelations of former NSA contractor Edward Snowden that Apple began to position itself so forcefully as a guardian of privacy protection in the face of a vast government surveillance apparatus. Perhaps Apple was taken aback by the scale of NSA spying that Snowden revealed. Or perhaps it was embarassed by its own role in it. The company, since 2012, had been providing its customers’ information to the FBI and the NSA via the PRISM program, which operated pursuant to court orders.

Apple has also argued, then and now, that the government is overstepping the authority of the All Writs Act, an 18th-century statute that it claims forces Apple to conduct court-ordered iPhone searches. That’s where the “clear legal authority” question comes into play.

But that, too, is a subjective question which will have to be decided by higher courts. For now, Apple is resisting the government on multiple grounds, and putting its reputation as a bastion of consumer protection front and center in the fight.

None of this has stopped the government from trying to crack the iPhone, a fact that emerged unexpectedly in the New York case. In a brief exchange with attorneys during a hearing in October, Judge James Orenstein said he’d found testimony in another case that the Homeland Security Department “is in possession of technology that would allow its forensic technicians to override the pass codes security feature on the subject iPhone and obtain the data contained therein.”

That revelation, which went unreported in the press at the time, seemed to undercut the government’s central argument that it needed Apple to unlock a protected iPhone.

“Even if [Homeland Security] agents did not have the defendant’s pass code, they would nevertheless have been able to obtain the records stored in the subject iPhone using specialized software,” the judge said. “Once the device is unlocked, all records in it can be accessed and copied.”

A government attorney affirmed that he was aware of the tool. However, it applied only to one update of version 8 of the iPhone operating system—specifically, 8.1.2. The government couldn’t unlock all iPhones, but just phones with that software running.

Still, it made the judge question whether other government agencies weren’t also trying to break the iPhone’s supposedly unbreakable protections. And if so, why should he order the company to help?

There was, the judge told the government lawyer, “the possibility that on the intel side, the government has this capability. I would be surprised if you would say it in open court one way or the other.”

Orenstein was referring to the intelligence agencies, such as the NSA, which develop tools and techniques to hack popular operating systems, and have been particularly interested for years in trying to get into Apple products, according to documents leaked by Snowden.

There was no further explanation of how Homeland Security developed the tool, and whether it was widely used. A department spokesperson declined to comment “on specific law enforcement techniques.” But the case had nevertheless demonstrated that, at least in some cases, the government can, and has, managed to get around the very wall that it now claims impedes lawful criminal investigations.

The showdown between Apple and the FBI will almost certainly not be settled soon. The company is expected to file new legal briefs within days. And the question of whether the All Writs Act applies in such cases is destined for an appeals court decision, legal experts have said.

But for the moment, it appears that the only thing certainly standing in the way of Apple complying with the government is its decision not to. And for its part, the government must be presumed to be searching for new ways to get the information it wants.

Technically, Apple probably can find a way to extract the information that the government wants from the San Bernardino shooter’s phone, Christopher Soghoian, the principal technologist for the American Civil Liberties Union, told The Daily Beast.

“The question is, does the law give the government the ability to force Apple to create new code?” he said. “Engineers have to sit down and create something that doesn’t exist” in order to meet the government’s demands. Soghoian noted that this would only be possible in the San Bernardino case because the shooter was using an iPhone model 5C, and that newer hardware versions would be much harder for Apple to bypass.

But even that’s in dispute, according to another expert’s analysis. Dan Guido, a self-described hacker and CEO of the cybersecurity company Trail of Bits, said that Apple can, in fact, eliminate the protections that keep law enforcement authorities from trying to break into the iPhone with a so-called brute force attack, using a computer to make millions of password guesses in a short period of time. New iPhones have a feature that stops users from making repeated incorrect guesses and can trigger a kind of self-destruct mechanism, erasing all the phone’s contents, after too many failed attempts.

In a detailed blog post, Guido described how Apple could work around its own protections and effectively disarm the security protections. It wouldn’t be trivial. But it’s feasible, he said, even for the newest versions of the iPhone, which, unlike the ones in the New York and San Bernardino cases, Apple swears it cannot crack.

“The burden placed on Apple will be greater… but it will not be impossible,” Guido told The Daily Beast.

http://www.thedailybeast.com/article...es-before.html

San Bernardino Shooter's Apple ID Passcode Changed While in Government Possession, Apple Says

• By JACK DATE

Feb 19, 2016, 7:09 PM ET

Obtained by ABC News
WATCH FBI Standoff With Apple Over San Bernardino Shooter's Phone Continues

The Apple ID passcode for the San Bernardino shooter's iPhone was changed less than 24 hours after authorities took possession of the device, a senior Apple executive said today.

And Apple could have recovered information from the phone had the Apple ID passcode not been changed, Apple said.

If the phone was taken to a location where it recognized the Wi-Fi network, such as the San Bernardino shooters' home, it could have been backed up to the cloud, Apple suggested.

Apple Slams Judge's Order to Unlock Shooter's Phone

The FBI and the IPhone: How Apple's Security Features Have Locked Investigators Out

The Justice Department acknowledged in its court filing that the passcode of Syed Farook's iCloud account had been reset. The filing states, "the owner [San Bernardino County Department of Public Health], in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup."

The auto reset was executed by a county information technology employee, according to a federal official.

Federal investigators only found out about the reset after it had occurred and that the county employee acted on his own, not on the orders of federal authorities, the source said.

Apple executives say the phone was in the possession of the government when that passcode was reset. A federal official familiar with the investigation confirmed that federal investigators were indeed in possession of the phone when the reset occurred.

Missing the opportunity for a backup was crucial because some of the information stored on the phone would have been backed up to the iCloud and could have potentially been retrieved. According to court records, the iPhone had not been backed up since Oct. 19, 2015, one-and-a-half months before the attack and that this “indicates to the FBI that Farook may have disabled the automatic iCloud backup function to hide evidence.”

The government got a warrant to search the car and get the phone in the early morning hours of Dec. 3, 2015, at 2:27 a.m. -- the day after the attack.

The development comes as the Justice Department is pushing forward with its legal fight against Apple, urging a federal judge to compel the tech giant to help the FBI crack open a cellphone left behind by one of the San Bernardino, California, shooters.

Farook, who along with his wife, Tashfeen Malik, launched a deadly assault on Dec. 2, 2015, killing 14 of Farook's coworkers at a holiday party.

Prosecutors said Farook's device could be encrypted to the point that its content would be "permanently inaccessible," and, "Apple has the exclusive technical means which would assist the government in completing its search."

After the court order, Apple quickly vowed to challenge the decision.
"The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers," Apple CEO Tim Cook said in a statement to customers Tuesday night. "

[T]his order ... has implications far beyond the legal case at hand."

"The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on [the shooter's] iPhone," Cook added. "In the wrong hands, this software -- which does not exist today -- would have the potential to unlock any iPhone in someone’s physical possession."

In addition, all of the personal and sensitive information on customers' phones "needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission," Cook wrote.

If the battle between the FBI and Apple continues, it's a matter that could work its way up to the U.S. Supreme Court.

http://abcnews.go.com/US/san-bernard...ry?id=37066070

2/29/16

NY judge: US cannot make Apple provide iPhone data

FBI may have found way to unlock San Bernardino attacker's iPhone