When news first broke about Apple declining to create a back door in iOS that would allow far easier brute force passcodes, it was spun as Apple being unwilling to help the government fight terrorism and otherwise being against everything eagles and pie. The deeper narrative, though, has been one of Apple standing up for the privacy rights of not just Americans but everyone, everywhere. As the story develops, the first spin is showing increasing signs of strain.
The Apple executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a backdoor. One of those methods would have involved connecting the iPhone to a known Wi-Fi network and triggering an iCloud backup that might provide the FBI with information stored to the device between the October 19th and the date of the incident.Apple sent trusted engineers to try that method, the executives said, but they were unable to do it. It was then that they discovered that the Apple ID password associated with the iPhone had been changed sometime after the terrorist's death, with the Apple executives saying they were told it was done within 24 hours of the government taking possession of the phone. Changing the password prevents the auto-backup from occurring.
Court filings seemed to lay blame on the San Bernardino Health Department, stating:
[The] owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely.
San Benadino, however, took to Twitter to say it wasn't exactly so:
The County was working cooperatively with the FBI when it reset the iCloud password at the FBI's request.The County was working cooperatively with the FBI when it reset the iCloud password at the FBI's request.— CountyWire (@CountyWire) February 20, 2016February 20, 2016
FBI Press Relations tried to clear things up:
Through previous testing, we know that direct data extraction from an iOS device often provides more data than an iCloud backup contains. Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible without Apple's assistance as required by the All Writs Act Order, since the iCloud backup does not contain everything on an iPhone.
What does this mean? iPhone forensics expert Jonathan Zdziarsk:
This statement has only one of two possible outcomes:FBI is Wrong, and was Reckless: It is true that an iCloud backup does not contain everything on an iPhone, however it does contain everything that a direct backup extraction by any commercial forensics tool would be able to acquire from the phone. [...]FBI will Compel More Assistance, and mislead the courts: As I said, there is in fact more data on the phone than comes off in either an iCloud backup or even by a direct extraction using a commercial forensics tool. The only way to get to this data, however, would be for Apple to digitally decrypt and extract the contents of the file system for the FBI, and provide them with a raw disk image. [...]In other words, if the FBI is planning to have Apple perform a physical extraction of this extra data, then they are forcing Apple to create this backdoor tool for a separate reason, as it is completely unnecessary if Apple will be forced to extract the contents of the device in the end.
To further expand on why this level of government intrusion affects more than just one case and one country, The New York Times dove into how China might well be next.
If Apple accedes to American law enforcement demands for opening the iPhone in the San Bernardino case and Beijing asks for a similar tool, it is unlikely Apple would be able to control China's use of it. Yet if Apple were to refuse Beijing, it would potentially face a battery of penalties.Analysts said Chinese officials were pushing for greater control over the encryption and security of computers and phones sold in the country, though Beijing last year backed off on some proposals that would have required foreign companies to provide encryption keys for devices sold in the country after facing pressure from foreign trade groups."People tend to forget the global impact of this," said Raman Jit Singh Chima, policy director at Access Now, a nonprofit that works for Internet freedoms. "The reality is the damage done when a democratic government does something like this is massive. It's even more negative in places where there are fewer freedoms."
Emotional arguments, especially those that try to cloak themselves in patriotism, seldom lose out to rational and even legal ones. Except when those emotional arguments are so manufactured that the seams begin to show... and to crack.
It's unclear exactly what's going on with this one iPhone 5c that belonged to terrorists and murderers — why was the password reset?; what information do they want that's not available using that password; and why are factions of law enforcement focused not on getting the data but getting a tool to get data?
Hopefully more will become clear soon. In the meantime, if you're concerned about your rights to privacy, you can sign the petition to the White House asking that efforts that compel Apple and other device makers to create a "backdoor" for the Government to access citizens data be halted, or join one of the rallies planned for Tuesday.
