The Justice Department is abandoning its bid to force Apple to help it unlock the iPhone used by one of the shooters in the San Bernardino terrorist attack because investigators have found a way in without the tech giant’s assistance, prosecutors wrote in a court filing Monday.
In a three-sentence filing, prosecutors wrote they had “now successfully accessed the data” stored on Syed Rizwan Farook’s iPhone, and they consequently no longer needed Apple’s court-ordered help getting in. The stunning move averts a courtroom showdown pitting Apple and privacy interests against the government and security concerns that many in the tech community had warned might set dangerous precedents.
It is unclear how, precisely, investigators got into the phone, or what FBI agents learned about the San Bernardino plot from the materials they were able to review. On the eve of a hearing in the case last week, the FBI hadsignaled it might have found a way into Farook’s device, writing in a court filing that “an outside party demonstrated to the FBI a possible method.” But government officials said they wanted to test that method further before employing it in Farook’s case, and they did not offer details about who proposed it or how it would work.
The Justice Department declined to comment on Monday. Apple said it was still formulating a response to the news and had no immediate comment.
The government will now be left to decide whether it will outline the method to Apple in keeping with a little-known process in which federal officials are supposed to consider disclosing security vulnerabilities they find.
Michael Daniel, special assistant to the president and cybersecurity coordinator, wrote in a White House blog post published in April 2014, that “disclosing vulnerabilities usually makes sense,” given how much people rely on the Internet and connected devices.
“But there are legitimate pros and cons to the decision to disclose, and the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time can have significant consequences,” Daniel wrote. “Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks.”
Agents and prosecutors were focused for now on the San Bernardino case, and no decision had yet been made on disclosing the vulnerability, said a federal official who spoke on the condition of anonymity because the investigation is ongoing.
Mark Bartholomew, a professor at SUNY Buffalo Law School who specializes in intellectual property and technology law, said he expected Apple would fight to learn about it so they could fix the problem.
“They’re going to pursue this in the courts, and I don’t know where this will end up,” Bartholomew said.
Farook and his wife, Tashfeen Malik, were killed in a shootout with police after they launched a deadly attack that killed 14 people at the Inland Regional Center in San Bernardino, Calif., in December. Prosecutors have said their neighbor, Enrique Marquez Jr., was also involved in terrorist plots and had discussed with Farook possibly targeting a nearby community college and highway. He is facing charges in federal court.
The bid to access Farook’s phone was meant to further the FBI’s investigation, thought it was controversial from the start. The Justice Department obtained a court order compelling Apple’s assistance under the All Writs Act, a centuries old law that gives courts the power to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”
If allowed to stand, the order in Apple’s case would have forced company engineers to create software to disable a phone security feature so that the FBI could try its hand at unlocking the device by cracking a numeric password. Apple quickly resisted, though, arguing that forcing it to create such software would violate the company’s constitutional rights and weaken privacy for users around the world.
Federal prosecutors and the FBI had sought to characterize the dispute as limited to only Farook’s phone, though FBI director James Comey acknowledged that it could set a precedent if the government won. They argued that Apple, which creates its own software, was the only party that was in a position to help.
Monday’s filing squarely contradicts that claim — though federal authorities have said someone came forward with the new technique came only after the FBI began its high-profile legal battle with Apple. Neither side backed down from their core arguments, though with Monday’s filing, a legal resolution will remain on hold. That means it might take another case to determine to what extent the All Writs Act permits a court to order a company to provide technical assistance in unlocking encrypted devices.
Aaron Levie, co-founder and chief executive of cloud computing company Box, Inc., which filed a legal brief supporting Apple’s case, said he didn’t see a winner in the FBI’s decision to withdraw the case. “I can’t anoint any winner,” he said in an interview. “This entire experience has brought to the fore a much bigger problem that remains unresolved.”
Bartholomew, the law professor, said Congress might even be spurred to weigh in.
The technique the government found to get into the phone, though, might see immediate re-use. In a court filing last week, Apple told a federal judge that if the solution worked, it wanted to see if it could also be used to unlock an iPhone used by a drug dealer in a Brooklyn case and eliminate the need for the company’s help there. Notably, the two phones run on different operating systems — Farook’s on a newer iOS 9 and the drug dealer’s on an older iOS 7. And Apple has previously extracted data from locked phones running older operating systems.
A federal official said the new technique, so far, has only been demonstrated to work on iOS 9, though Apple has said in previous court filings that it would like to test that claim.
Elizabeth Dwoskin and Ellen Nakashima contributed to this report.
Matt Zapotosky covers the Justice Department for the Washington Post's National Security team.