John KarakatsanisApple’s encryption battle
FBI says it might be able to break into seized iPhone, judge cancels order to aid decryption [Updated]
Apple defends crypto fight against government during launch event
Why are so few Android phones encrypted, and should you encrypt yours?
Apple fires back: “Government is adept at devising new surveillance techniques”
Apple is a security and privacy issue. What about civil rights?
View all…RIVERSIDE, Calif.—Less than 24 hours before a highly anticipated Tuesday court session where prosecutors and Apple lawyers would have squared off here in federal court, government attorneys suddenly got a judge to vacate that hearing and stay an unprecedented court order that would have forced Apple to aid investigators’ efforts to unlock and decrypt an iPhone linked to a 2015 terrorist attack.
In a court filing Monday, federal authorities cited a newly discovered “unlocking method” that it hopes won’t require Apple’s help.
The sudden and unexpected postponement essentially means an immediate victory for Apple—the company doesn’t have to comply with the government’s demands to create a customized version of iOS.
But the new government filing also raises more questions than it answers, such as the reach of the government’s decryption capabilities.
Melanie Newman, a spokeswoman for the Department of Justice, said in a statement sent to Ars that the government only learned of this new unlock technique this weekend.
“We must first test this method to ensure that it doesn’t destroy the data on the phone, but we remain cautiously optimistic,” she wrote. “That is why we asked the court to give us some time to explore this option.”
In a Monday evening call with reporters, Apple lawyers told Ars that they had absolutely no information on the government’s claims.
Apple attorneys also said on the call that the company was engaged in a “constant battle” with those that would attempt to circumvent the company’s security flaws.
They added that the company hopes to better understand what the supposed vulnerability is, and if the case continues, the firm will insist in court on knowing everything possible about it.
Tuesday’s hearing would have been filled with top-notch lawyers, not to mention attorneys representing friends of the court (amicus curae), including terrorism victims, cryptographers, and many others.
Apple was set to enter the Riverside courtroom with a legal team lead by a former solicitor general of the United States, who represented plaintiffs in a landmark Supreme Court case that legalized gay marriage in March 2013.
The government would have countered with a number of top prosecutors, including one who previously was involved in a sextortion case a few years ago.
An arms race continues
Andrew Crocker, an attorney at the Electronic Frontier Foundation, pointed out that while the public still doesn’t know what decryption capabilities the FBI and other federal agencies have, it is known that the government retains zero-days for their own purposes.
He said he think’s “it’s possible” that the DOJ would try to bring a similar case again. “But part of the reason they didn’t want to have this reason was that they couldn’t say in good faith that they had tried all the other alternatives,” he told Ars.
Jennifer Granick, the director of civil liberties at the Stanford Center for Internet and Society, said that these new government decryption capabilities are not good for privacy and ever-expanding government surveillance.
“The DOJ doesn’t want bad precedent, and I think Apple had the better side in this argument,” she told Ars. “Being able to hack helps DOJ for a while.
Apple could upgrade beyond the capability.
It might also be expensive, meaning harder to do than making Apple do it.”
Meanwhile, Fred Cate, a law professor at Indiana University, told Ars that while the decision to vacate is “good news,” it represents a clear escalation in the security struggle.
“As a practical matter, if the FBI’s new technique works, it likely means that Apple will add more protection to its devices, which is a good thing for consumers, and the FBI will be back in court in the future asking a judge to compel Apple to help the government defeat Apple’s improved security,” he told Ars. “So the issue probably has been deferred, not resolved.”
The legal fracas began last month when the government obtained an unprecedented court order, citing an obscure 18th-century statute known as the All Writs Act.
The case, popularly known as “FBI v.
Apple,” asked the judge to decide if the government could force Apple to create a new customized version of iOS.
Prosecutors told the judge they needed this new version of iOS as a way to get into the seized iPhone 5C, which was used by Syed Rizwan Farook, one of the terrorists involved in the December 2015 attack in San Bernardino.
The iOS 9 phone is encrypted with a four-digit passcode, and investigators are afraid that if they enter the wrong passcode 10 times, it will auto-delete all the data on the phone.
The new customized iOS demanded from Apple would remove that lockout feature, and it would enable the government to brute force passcodes until it could get in.
The government is now required to provide a status report to the federal magistrate judge by April 5.