The FBI's iPhone hack: What it means for Apple, and for you
The extraordinary legal fight pitting the Obama administration against Apple Inc. ended unexpectedly Monday after the FBI said it hacked a California mass shooter's iPhone without Apple's help. How did they do it, and what does this mean for privacy? Here's a primer on what the FBI's latest move means
WHAT HAPPENED YESTERDAY?
Government prosecutors asked a federal judge on Monday to vacate a disputed order forcing Apple to help the FBI break into the iPhone used by gunman Syed Farook – who died with his wife in a gun battle with police after they killed 14 people in San Bernardino, Calif., in December – saying the hack was no longer necessary. The FBI reportedly used an unspecified technique to access data on the phone. The Justice Department said agents are now reviewing the information on it.
U.S. Magistrate Sheri Pym of California last month ordered Apple to provide the FBI with software to help it hack into Mr. Farook's work-issued iPhone. The Justice Department relied on a 1789 law to argue it had the authority to compel Apple to bypass its security protocols on its phone for government investigators. While Magistrate Judge James Orenstein in New York ruled last month in a separate case that the U.S. was seeking broad powers under that legal argument, the decision wasn't binding in the California case and the Justice Department is appealing.
HOW DID THE FBI DO IT?
The government's brief court filing, in U.S. District Court for the Central District of California, provided no details about how the FBI got into the phone. Nor did it identify the non-government "outside party" that showed agents how to get past the phone's security defences. Authorities had previously said only Apple had the ability to help them unlock the phone.
MANDEL NGAN/AFP/GETTY IMAGES
The encrypted phone was protected by a passcode that included security protocols: a time delay and auto-erase featured that destroyed the phone's data after 10 tries. The two features made it impossible for the government to repeatedly and continuously test passcodes in what's known as a brute-force attack. But with those features removed, the FBI said it would take 26 minutes to crack the phone.
FBI Assistant Director David Bowdich said Monday that examining the iPhone was part of the authorities' effort to learn if the San Bernardino shooters had worked with others or had targeted any other victims. "I am satisfied that we have access to more answers than we did before," he said in a statement.
WHAT PRECEDENT COULD THIS SET FOR LAW ENFORCEMENT?
Apple CEO Tim Cook had argued that helping the FBI hack the iPhone would set a dangerous precedent, making all iPhone users vulnerable, if Apple complied with the court order. He as well as FBI Director James Comey has said that Congress needs to take up the issue.
Of the wiretaps U.S. law-enforcement agencies normally conduct, the vast majority are for unencrypted devices. There are only a handful of cases where agencies try to access encrypted devices that they're unable to decipher.
A backdoor into the iPhone's encryption would give law enforcement even broader access to phone users' communication.
A law enforcement official told Associated Press that the FBI would continue to aid its local and state partners with gaining evidence in cases – implying that their method for gaining access to the iPhone would be shared with them. The official spoke to reporters on condition of anonymity because he wasn't authorized to publicly comment.
High on the waiting list for assistance likely is Manhattan District Attorney Cyrus Vance, who told a U.S. House panel earlier this month that he has 205 iPhones his investigators can't access data from in criminal investigations. Apple is also opposing requests to help extract information from 14 Apple devices in California, Illinois, Massachusetts and New York.
WHAT DOES APPLE THINK ABOUT MONDAY'S MOVE BY THE FBI?
Apple responded by saying it will continue to increase the security of its products, reiterating its argument that the government's demand for Apple's help was wrong.
THE DIGITAL PRIVACY DEBATE
The dispute had ignited a fierce debate that pitted digital privacy rights against national security concerns and reinvigorated discussion over the impact of encryption on law enforcement's ability to serve the public.
In Washington: Darrell Issa, a Republican in the U.S. House of Representatives, said in a statement that while it was "preferable" that the government gained access to the iPhone without Apple's help, the fundamental question of the extent to which the government should be able to access personal information remains unanswered. Issa, a critic of the administration's domestic surveillance practices, said the government's legal action against Apple raised constitutional and privacy questions and that "those worried about our privacy should stay wary" because this doesn't mean "their quest for a secret key into our devices is over."
In tech circles: Denelle Dixon-Thayer, chief legal and business officer at Mozilla, which makes the Firefox Web browser, said in a statement that "fixing vulnerabilities makes for better products and better security for everyone" and the "government needs to take that into account" and disclose the vulnerability to Apple.
The public: Here's what American respondents said in a Pew Research Center poll last month about what Apple should have done with the FBI's request:
WHAT'S NEXT FOR APPLE?
Monday's surprise development punctured the temporary perception that Apple's security might have been good enough to keep consumers' personal information safe even from the U.S. government. The withdrawal of the court process also takes away Apple's ability to legally request details on the method the FBI used in this case. Apple attorneys said last week that they hoped the government would share that information with them if it proved successful.
Jay Kaplan, a former NSA computer expert who's now CEO of cyber-security firm Synack, said it is likely Apple will pursue avenues to further lock down their operating systems and hardware, especially as a result of the public announcement of some new technique to crack their phones.
With reports from Evan Annett and Tom Cardoso