Apple ordered to help FBI hack Syed Farook's phone, but tech giant will appeal
Investigators say they need Syed Farook's passcode to access his county-owned work iPhone
Apple Inc. CEO Tim Cook says his company will resist a federal magistrate's order to hack its own users in connection with the investigation of the San Bernardino, Calif., shootings.
Cook's letter was an immediate and ferocious response to an order from U.S. Magistrate Judge Sheri Pym that Apple Inc. help the Obama administration break into an encrypted iPhone belonging to one of the shooters in the December attack.
Apple had five days to respond to the ruling, but took just hours.
- FBI head says no evidence San Bernardino attackers were part of terrorist cell
- San Bernardino shooters discussed martyrdom, jihad online
The first-of-its-kind ruling was a significant victory for the Justice Department in a technology policy debate that pits digital privacy against national security interests.The Obama administration, which has embraced stronger encryption as a way to keep consumers safe on the Internet, had struggled to find a compelling example to make its case.
The ruling by Pym, a former federal prosecutor, requires Apple to supply highly specialized software the FBI can load onto Syed Farook's work iPhone to bypass a self-destruct feature, which erases the phone's data after too many unsuccessful attempts to unlock it. The FBI wants to be able to try different combinations in rapid sequence until it finds the right one.
Farook and his wife, Tashfeen Malik, killed 14 people in a Dec. 2 shooting at a holiday luncheon for Farook's co-workers, the deadliest terrorist attack on U.S. soil since the 2001 attacks on the World Trade Center and the Pentagon. The couple later died in a gun battle with police.
Cook said posting that the U.S. government order would undermine encryption by using specialized software to create an essential back door that he compared to a "master key, capable of opening hundreds of millions of locks."
"In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone's physical possession," Cook wrote. "The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a back door. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control."
Federal prosecutors told the judge in a court application Tuesday that they can't access a work phone used by Farook because they don't know his passcode and Apple has not co-operated. Under U.S. law, a work phone is generally the property of a person's employer. The judge told Apple to provide an estimate of its cost to comply with her order, suggesting that the government will be expected to pay for the work.
Apple has provided default encryption on its iPhones since 2014, allowing any device's contents to be accessed only by the user who knows the phone's passcode.
Apple has 5 days to reply
The order requires that the software Apple provides be programmed to work only on Farook's phone, but it was not clear how readily that safeguard could be circumvented. The order said Apple has five days to notify the court if it believes the ruling is unreasonably burdensome.
It also was not immediately clear what investigators believe they might find on Farook's work phone or why the information would not be available from third-party service providers, such as Google or Facebook, though investigators think the device may hold clues about whom the couple communicated with and where they may have travelled.
The couple took pains to physically destroy two personally owned cellphones, crushing them beyond the FBI's ability to recover information from them. They also removed a hard drive from their computer; it has not been found despite investigators diving for days for potential electronic evidence in a nearby lake.
Farook was not carrying his work iPhone during the attack. It was discovered after a subsequent search. It was not known whether Farook forgot about the iPhone or did not care whether investigators found it.
The phone was running the newest version of Apple's iPhone operating system, which requires a passcode and cannot be accessed by Apple, unlike earlier operating systems or older phone models. San Bernardino County provided Farook with an iPhone configured to erase data after 10 consecutive unsuccessful unlocking attempts. The FBI said that feature appeared to be active on Farook's iPhone as of the last time he performed a backup.
Similar case in New York
The California judge didn't spell out her rationale in her three-page order, but the ruling comes amid a similar case in the U.S. District Court for the Eastern District of New York.
In that case, Magistrate Judge James Orenstein has not yet decided whether the government can compel Apple to unlock an iPhone under the same 18th century law applied to the California case. The All Writs Act has been used to compel a party to help the government in its law enforcement efforts, but Apple has argued that it is not its role to act as a government agent and that doing so would breach trust with its customers.
Investigators are still working to piece together a missing 18 minutes in Farook and Malik's timeline from Dec. 2. Investigators have concluded they were at least partly inspired by ISIS; Malik's Facebook page included a note pledging allegiance to the group's leader around the time of the attack.
FBI Director James Comey told members of Congress last week that investigators in the case had been unable to access a phone in the California case but provided no details.
"It is a big problem for law enforcement armed with a search warrant when you find a device that can't be opened even when a judge says there's probable cause to open it," Comey said. "It affects our counterterrorism work. San Bernardino, a very important investigation to us, we still have one of those killers' phones that we have not been able to open, and it's been over two months and we're still working on it."