REBOOT 03.31.16 1:00 PM ET
Apple to FBI: Please Hack Us Again
Now that the FBI has figured out a way to hack into a locked iPhone, Apple wants the feds to pull the same trick a second time, in a different case.
The FBI revealed this week that it no longer needs Apple’s help to extract information from the iPhone used by one of the dead San Bernardino killers. A mysterious third party, whom officials have not yet identified, came forward recently with a method that proved successful in retrieving information on the phone without destroying it.
But that hardly settles the fight between Apple and the feds. The tech giant now wants to know how the FBI cracked its seemingly secure device, and Apple is using an another active court case—this one in New York—to do it.
In a letter to a U.S. district court judge last week, Apple lawyer Marc Zwillinger practically invited the FBI to hack the New York phone using the same method it employed in the San Bernardino case. Apple also has refused to help unlock the New York phone, which was used by a confessed methamphetamine dealer.
“If that same method can be used to unlock the iPhone in this [New York] case, it would eliminate the need for Apple’s assistance,” Zwillinger told Judge Margo Brodie. In other words, successfully hack us again, and the case is closed.
However, if the FBI or the Justice Department says the San Bernardino method won’t work on the New York phone, it should have to say why, Zwillinger argued.
“If the [Justice Department] claims that the method will not work on the iPhone here, Apple will seek to test that claim, as well as any claims by the government that other methods cannot be used,” Zwillinger said.
It’s a clever play to find out what the FBI actually built, or bought, that lets it crack at least one iPhone and potentially others. Apple could ask the judge to force the FBI to disclose the method, legal experts said.
It also puts Apple in a potentially stronger position. The company doesn’t deny that it can access the data on the iPhone in the New York case—and it has done so previously—but argues that it shouldn’t be compelled to do so by the government. Apple can argue now that if the government has developed a tool to do the job, it definitely doesn’t need the company’s help.
There are significant differences between the two phones and the respective legal and policy issues at stake. The phone in New York is using the less-secure version 7 of the iPhone operating system, while the San Bernardino phone uses the newer, better-hardened version 9. And in the California case, Apple was being asked to build a new mechanism for accessing the information, one that it felt would undermine the basic security of its products.
But Apple, at least, thinks it’s possible the hack the FBI has developed could work on both phones. And there are already signs that investigators plan to use the method in other cases. The Associated Press reported Wednesday that the FBI has agreed to help a prosecutor in Arkansas access information on an iPhone and an iPod that belong to two teenagers accused of murder.
A U.S. law enforcement official told reporters this week that the Justice Department had not reached a decision on whether it would disclose the method. Nor have they said whether it will or won’t work on other phones than the one used by the San Bernardino killer, Syed Rizwan Farook.
But the fight has never been about just one phone. Or even two.
In the nearly two months that Apple and the FBI have faced off, technology experts and civil liberties activists have come to the company’s defense, warning that the FBI was pursuing a dangerous path by forcing Apple to modify the security on its flagship product, which they said could compromise security on devices used by hundreds of millions of people. Those risks still exist, they say.
“I think Apple is entirely justified in wanting to know what’s being done. And the FBI ought to answer not only ‘Why aren’t you using this new technique?’ but also ‘Why aren’t you using any of the other techniques that have been proposed?’” Daniel Kahn Gillmor, a technology fellow with the American Civil Liberties Union, told The Daily Beast.
Gillmor is one of those who has been publicly writing about ways that the FBI might get the data it’s after without forcing Apple to help.
Gillmor said that even if the FBI doesn’t try to use the San Bernardino method on the New York phone, it should give some reason why.
“Saying simply ‘It doesn’t work’ isn’t a very satisfactory explanation.”
Some questions may be answered on April 11, when the Justice Department has said it will update the New York court as to whether it intends to modify its request for a search warrant. The judge in the case is hearing an appeal of a previous ruling by a magistrate that Apple didn’t have to help the FBI.
The New York case shows how the San Bernardino matter has already implicated other investigations, despite the FBI and Justice Department lawyers’ insistence that its attempts to force Apple’s help in California only concerned one phone, not the universe of Apple products.
From the beginning of the standoff, the company and its defenders have worried about what would happen if the techniques for hacking iPhones, and in particular circumventing features that are meant to keep out criminals and intruders, fell into malignant hands.
If, as some believe, investigators and the anonymous third party developed a means for modifying the hardware on Farook’s phone, that might not put many phones at risk, because a potential hacker would need to physically possess the phone he wanted to access.
But if investigators found a vulnerability, say, in the phone’s operating system, one not known to Apple, it could potentially be used on many other phones remotely.
Gillmor speculated that the FBI may have found an exploit in some part of the iPhone software code “that’s already loaded during the passcode-entry screen.” That passcode entry, the FBI says, is what’s been causing so many headaches. The iPhone used by Farook, a model 5C, will render the information inside it inaccessible if someone types an incorrect password 10 times. It’s this system that the FBI said it wanted Apple’s help in bypassing.
Exploiting software “would represent a more dangerous attack against iOS [operating system] security than” hacking hardware, Gillmor said, “because anyone could use the same attack against your phone without leaving any physical traces or involving a hardware lab.”
A Justice Department spokesperson didn’t respond to a request for comment on the New York case and Apple’s letter to the judge.
An Apple spokesman declined to comment on the case and referred to an earlier statement after the FBI withdrew its warrant request in California.
“From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent,” the statement read. “As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.”
The company left no doubt it would keep fighting, in and out of court:
“We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.”
