Claiming that an "outside party" has demonstrated a possible method for unlocking an encrypted iPhone in its possession, the U.S. Federal Bureau of Investigation yesterday has delayed its expected courtroom showdown with Apple.
Both parties had been due to appear in U.S. District Court in California today regarding the FBI's efforts to compel Apple to write new software to help break the encryption protections of an iPhone used by Syed Rizwan Farook, who along with his wife, Tashfeen Malik, killed 14 people at a holiday gathering in San Bernardino, Calif. on December 2.
Following a telephone conference hearing yesterday, U.S. Magistrate Judge Sheri Pym granted the FBI's request for a delay and ordered the government to update the court with a status report by April 5. However, the move is likely to be only a temporary reprieve in the privacy-vs-security battle between officials and technology companies.
'Not the End of This'
Lisa Hayes, vice president for programs and strategy at the Center for Democracy and Technology (CDT) -- a civil liberties advocacy group -- told us she was surprised to learn of the last minute developments that led to the court stay. However, she added, "I suspect this is not the end of this."
Hayes said she was happy to hear about the postponement of the court hearing and noted there had been signs the government felt some uncertainty about its case prior to the hearing. In recent filings with the court, the FBI had indicated it wanted to call witnesses during the hearing, which suggested it wasn't fully confident in the technology arguments it was making.
"The government was acting a little bit skittishly," Hayes said. Technology companies tend to be one step ahead of agencies that are pursuing efforts to weaken encryption, she said. However, "we have no idea what the government is thinking right now," she added.
Hayes said it's likely that Apple will again find itself facing the FBI in front of a judge after the two-week court delay. In the meantime, she added, the CDT, which had filed an amicus brief in support of Apple, will continue to actively monitor the situation.
NAND Mirroring a Possible Method
In a blog post published late yesterday evening, iOS forensic security expert Jonathan Zdziarski speculated about several possible methods the FBI might have found to access data on Farook's iPhone. He concluded the most likely possibility is that a third-party contractor -- possibly a forensics or data recovery lab -- had contacted the FBI and successfully demonstrated on a test device how it might be able to bypass the protections on the iPhone.
"[T]the leading theory at present, based on all of this, is that an external forensics company, with hardware capabilities, is likely copying the NAND storage off the chip and frequently re-copying all or part of the chip's contents back to the device in order to brute force the pin -- and may or may not also be using older gear from iOS 8 techniques to do it," Zdziarski said. "The two weeks the FBI has asked for are not to develop this technique (it's most likely already been developed, if FBI is willing to vacate a hearing over it), but rather to demonstrate, and possibly sell, the technique to FBI by means of a field test on some demo units."
Zdziarski today also posted a series of tweets commenting on other ways besides encryption backdoors that law enforcement and anti-terrorist authorities can use to investigate attacks such as the December shootings in San Bernardino or the bomb attacks in Brussels today that killed at least 34 people at an airport and a metro station.
After expressing sympathy for the Brussels victims, Zdziarski pointed to some officials who are already speculating about the possible role of encrypted communications in today's attacks. "Encryption isn't a barrier for tracking terrorist networks [if] you have a functional metadata dragnet," he noted in one tweet.
Meanwhile, U.S. Senators Dianne Feinstein (D-Calif.) and Richard Burr (R-North Carolina) are reportedly preparing to propose legislation specifying federal judges' powers to compel technology companies to assist investigators in accessing encrypted data, Reuters reported yesterday.
Gregory Nojeim, director of the Freedom, Security and Technology Project at the CDT, told us he believes this week's FBI developments make the "already-uphill path for the Burr/Feinstein (proposal) an even steeper climb." In light of the possibility of other ways to break into the iPhone without Apple's help, Congress members are likely to ask why the FBI "didn't look to this solution sooner" and to be more skeptical of future assertions by the agency, he said.