In a stunning disclosure, federal authorities said Monday that they may not need Apple Inc.’s help after all to unlock an iPhone used by one of the shooters in the San Bernardino terror attack.
In a court filing late Monday, federal prosecutors said “an outside party” came forward over the weekend and showed the FBI a possible method for unlocking Syed Rizwan Farook’s encrypted phone.
Authorities need time to determine “whether it is a viable method that will not compromise data” on the phone. If viable, “it should eliminate the need for the assistance from Apple,” according to the filing, which sought to delay a much-anticipated court hearing in the matter set for Tuesday.
Magistrate Judge Sheri Pym granted that request and ordered the government to file a status report by April 5, U.S. Attorney’s Office spokesman Thom Mrozek said.
The fact that a third party may have found a way into the phone without Apple’s help appears to contradict every sworn affidavit and filing put forward in the last month by the Justice Department.
The government has argued repeatedly in each of its filings that Apple’s help is necessary and that the company was the only one that could provide investigators with what was needed.
“Without Apple’s assistance, the government cannot carry out the search of Farook’s iPhone authorized by the search warrant,” prosecutors argued.
Apple has said in its filings that the government did not exhaust all its options, and lawmakers have criticized the FBI for not doing more to try to crack the iPhone itself before seeking Apple’s help.
In sworn testimony earlier this month, FBI Director James Comey told the House Judiciary Committee that agency investigators had approached even the National Security Agency for help but did not have success.
Prosecutors have argued that the phone used by Farook probably contains evidence of the Dec. 2 attack in which the county food inspector and his wife, Tashfeen Malik, slaughtered 14 at a holiday luncheon attended by many of his work colleagues. The two were killed in a police shootout hours later.
The FBI has said the couple was inspired by the Islamic State group. Investigators still are trying to piece together what happened and find out if there were collaborators.
The couple destroyed other phones they left behind and the FBI has been unable to circumvent the passcode needed to unlock the iPhone, which is owned by San Bernardino County and was given to Farook for his job.
Last month, Pym ordered Apple to create software that would disable security features on the phone, including one that erases all the information if a passcode is incorrectly entered more than 10 times. That would allow the FBI to electronically run possible combinations to open the phone without losing data.
Apple said the government was seeking “dangerous power” that exceeds the authority of the All Writs Act of 1789 it cited and violates the company’s constitutional rights, harms the Apple brand and threatens the trust of its customers to protect their privacy. The 18th-century law has been used on other cases to require third parties to help law enforcement in investigations.
The company said the order is unreasonably burdensome. Once created, it would be asked to repeatedly design such software for use by authorities at home and abroad, and the technology could fall into the hands of hackers.
It’s not clear what method the government now wants to test. But even as the FBI has insisted that only Apple is able to provide the help it needs, some technical experts have argued there are other options.
The most viable method involves making a copy of the iPhone’s flash memory drive, said Jonathan Zdziarski, a computer expert who specializes in iPhone forensics. That would allow investigators to make multiple tries at guessing the iPhone’s passcode. A security feature in the phone is designed to automatically erase the data if someone makes 10 wrong guesses in a row.
But if that happens, Zdziarski said, investigators could theoretically restore the data from the back-up copy they have created.
The data itself would remain encrypted until the phone is unlocked, but it would remain viable while investigators continued to guess the passcode, he added.
“It’s a lot more involved than it sounds,” Zdziarski cautioned, and no one has demonstrated that it would work in this case. But he said a number of computer hardware and data recovery experts have told him it could work.
Some experts have also suggested that investigators could use lasers and acid to deconstruct the phone’s memory chip, in order to physically examine the encrypted data and the encryption algorithm, in hopes of cracking the code. But hardware experts say that method has a high risk of destroying the memory during the process.
The notion of copying the flash memory was raised by U.S. Rep. Darrell Issa, a California Republican who previously ran a car alarm business, during a Congressional hearing earlier this month, when Comey insisted that his bureau had explored all other possibilities. It has also been promoted by technical experts advising the American Civil Liberties Union, which has filed a court brief supporting Apple’s position.
“It seems technologically doable so long as there is not something critical that we don’t know about Apple’s hardware,” ACLU staff attorney Alex Abdo said.
But Abdo noted that the government had dismissed the idea several weeks ago. He said the fact that the government now says it only learned of a possible solution over the weekend suggests it may be something else.
There’s also the possibility that the National Security Agency has come forward with a method they did not previously share, or that some private contractor thinks they have found a solution, experts said. Zdziarski said the FBI often consults with private forensic contractors and it’s possible that someone may have only come forward in recent days.
If the solution works, that would severely undercut the government’s effort to order Apple’s assistance under the All Writs Act, said Abdo, who noted that the law requires a strong necessity for the requested assistance.
“To me, it suggests that either the FBI doesn’t understand the technology or they weren’t giving us the whole truth when they said there is no other possible way” of examining the phone without Apple’s help, Abdo said. “Both of those are scary to me.”Report Typo/Error