In a memo obtained by BuzzFeed News Friday, the FBI said it would “consider any tool that might be helpful” to aid local police penetrate encrypted phones. The advisory did not indicate if the FBI will share a newly discovered, secret method that successfully unlocked an iPhone used by one of the San Bernardino terrorists. The government has also refused to reveal the vulnerability or the identity of who discovered it. But by next week, as Apple and the Justice Department prepare for another legal battle over a locked iPhone, the government may be forced to disclose if the method works on iPhones central to other cases.
While the San Bernardino, California, case ended abruptly when a mysterious outside party approached the FBI with a method to access data on the device, averting an impending courtroom showdown, another encryption battle looms in Brooklyn.
It’s there, in the Eastern District of New York, where a methamphetamine conspiracy case hinges on another locked iPhone, and Apple and the Department of Justice are squabbling over what can be done to access it. The method used by the FBI on the San Bernardino iPhone may play a crucial role in New York should the government decide to pursue its case there. And like San Bernardino, the fight in Brooklyn carries far-reaching implications for mobile technology and consumer privacy.
Last month, Federal Magistrate Judge James Orenstein denied the government’s request to force Apple to assist law enforcement in extracting information from a locked iPhone. The Justice Department appealed. But after the San Bernardino method was demonstrated to the FBI several weeks later, the New York case was postponed. The Justice Department now has until April 11 to notify the court if it chooses to stick with its appeal, alter it, or drop the New York case altogether.
But the agency has given no indication that it will abandon its pursuit. In Congress and in the courts, resolving what the government has called the “going dark” crisis generated by widespread consumer encryption remains a top priority for U.S. law enforcement.
According to Apple’s most recent court filing, and legal experts, the government’s next move in the New York case will likely reveal if the San Bernardino method works on the New York iPhone.
“...If the DOJ claims that the method will not work on the iPhone here, Apple will seek to test that claim, as well as any claims by the government that other methods cannot be used,” Apple’s lawyers wrote, on March 24.
If the San Bernardino method can be used to access data on the Brooklyn iPhone, the government’s case for compelling Apple's assistance would necessarily collapse, since the Justice Department would no longer require help to access the device — the reason behind the legal dispute.
“In order to assert that they need Apple’s help in Brooklyn, they need to say that they have no available method,” Joseph DeMarco, an attorney who represented law enforcement groups in support of the Justice Department in San Bernardino, told BuzzFeed News. “They have to prove to the court, and probably swear under oath, that they don't have the ability to get into the Eastern District phone.”
In its appeal in New York, the Justice Department has asked district court Judge Margo Brodie to reconsider Orenstein’s ruling against the government. According to court documents filed before the San Bernardino method proved successful, the government maintained that it could not access the data inside the New York iPhone without Apple’s assistance.
In response to that, Esha Bhandari, a staff attorney for the ACLU told BuzzFeed News, “Apple could justifiably say, ‘Well, look at what happened in San Bernardino.’ ‘We need to know what they did there, and whether it can be used on this phone, especially if you are claiming that our assistance is necessary.’”
For some lawmakers and privacy advocates, the FBI’s sudden and unexpected breakthrough in San Bernardino pointed to a lack of due diligence, with the government’s credibility suffering. But, as FBI Director James Comey has said, the publicity of the high-profile legal battle between Apple and the government “stimulated a marketplace of creative people” to come forward, which led to the discovery of the new method.
While the New York and San Bernardino cases differ in the type of operating system that runs on each phone, and what the government has asked of Apple, they both hinge on whether the government can rely on the All Writs Act of 1789 to compel the company to access encrypted communications.
In New York, it’s an iPhone 5s running iOS 7; in San Bernardino, it’s a 5c on iOS 9. The key difference between the two, from a security perspective, is that the older system allows Apple to bypass the lockscreen, and extract data onto a separate hard drive. The government asked Apple to extract data in New York, and in at least 70 other cases. Fast forward through years of development and that vulnerability has been designed away. To overcome that obstacle in San Bernardino, the government asked Apple to design new, security-suppressing software.
“A lot of it is up to DOJ and how they want to play it,” Andrew Crocker, a staff attorney for the Electronic Frontier Foundation, told BuzzFeed News. Since the Justice Department withdrew its San Bernardino case, the legal dispute over the limits of the All Writs Act, and how it might be wielded to force web companies to bypass their own encryption, remains unresolved. But even if the government can get into several types of Apple phones, the ability to invoke the AWA can serve as a crucial tool for law enforcement against other technology companies, like Google, Crocker said.
Fighting for the broad use of the AWA could also prove valuable to the government as Apple and other businesses work to design more secure products, shielding consumers from the onslaught of sophisticated hackers, and, by consequence, government eavesdropping.
“There will inevitably be phones or devices that the government can’t crack immediately,” the ACLU’s Bhandari said. “And it’s likely that the government would again go back to the All Writs Act and seek to use that because it’s easy. Once you’ve established the legal precedent, that’s something you can go back to over and over again.”
Albert Gidari, the director of privacy at Stanford’s Center for Internet and Society, told BuzzFeed News that if the San Bernardino method does work on the New York device, the Justice Department would withdraw its appeal — to fight Apple another day. “They don't like leaving Judge Orenstein's order in place, but it will not be of much precedent, and they feel confident that their legal position will prevail in a better case in the future.”
Hamza Shaban is a technology policy reporter for BuzzFeed News and is based in Washington, DC.
Contact Hamza Shaban at Hamza.Shaban@buzzfeed.com.
Got a confidential tip? Submit it here.