All Commentary
Friday, March 25, 2016

FBI: Oh Wait, We Can Hack That iPhone After All

The Government Pulls a 180 on Its Apple Order

In a third-act twist worthy of M. Night Shyamalan, the FBI has announced that it has just discovered a method, provided by an unnamed “third party,” of breaking into deceased San Bernardino shooting suspect Syed Farook’s iPhone without help from Apple.

As a result, the hearing at which Apple and DOJ lawyers were scheduled to square off today has been postponed for at least two weeks while the Bureau tests out this “new” approach, potentially rendering the legal battle with Cupertino moot.

The scare quotes in the previous sentence are there to signal my skepticism that there is something genuinely novel in play here — which matters because the FBI has been consistently representing to the courts that Apple’s assistance, and an order to compel that assistance, was “necessary” to access the data — which is to say, that the FBI had no viable alternative methods to decrypt the contents of the phone.

Yet from the beginning of the public debate over this case, the technical experts I’ve consulted with have consistently pointed to two distinct approaches the Bureau might employ that wouldn’t require Apple to write or authenticate a line of code. 

First, there are potential methods of extracting the phone’s UID — a secret master encryption key physically embedded in the processors of iOS devices. With that key, which is designed to be difficult to read and unknown even to Apple, the FBI could crack the encryption protecting the iPhone data in a matter of minutes. Though cumbersome, time-consuming, and expensive, these methods would almost certainly still be cheaper than a protracted legal battle with a deep-pocketed tech titan — though they would also inherently carry some risk of destroying the key information, rendering the iPhone data permanently inaccessible.

The second and more plausible method was described in some detail weeks ago by ACLU technology fellow Daniel Kahn Gillmor, and even referenced by Rep. Darrell Issa at a recent hearing with FBI director James Comey.

Read Gillmor’s post for the details, but in essence it involves removing the phone’s “effaceable storage” to make a backup copy of the key material that is erased to render the phone’s data permanently inaccessible after too many incorrect passcode guesses.When FBI hits their guess limit, they “re-flash” the backed-up data to the phone and get another round of guesses. Security researcher Jonathan Zdziarski’s argues cogently that this is the most probable option. 

If that’s the case, the bureau ought to have some explaining to do, because this alternative surely should not have been unknown to FBI’s forensic experts. It would imply that the government either chose to obscure the real range of options from the courts, or more charitably, did not make a very serious effort to explore alternatives before pleading “necessity.”

A high profile terrorist attack, after all, must have seemed like an ideal test case for the proposition that technology companies can be compelled, under existing law, to hack their own security on the government’s behalf — which might have sapped enthusiasm at Main Justice for abandoning it in favor of an attack that would give them this data, but be unlikely to work on newer model phones.

Of course, that cost-benefit calculus might look different once it became clear that this would be a long legal slog with Silicon Valley more generally lining up to back Apple — not a quick and easy PR win for the government. No doubt the FBI will plead reluctance to disclose too much about their “sources and methods” of accessing data on the phone, but they should at least be pressured to confirm, generally, whether they’re using a general approach they ought to have known about well before this past weekend. If so, that ought to affect the credibility their representations of necessity are afforded by future courts in similar cases.

And, of course, there will be no shortage of similar such cases: There are a dozen underway already, and hundreds more locked iPhones in the hands of various law enforcement agencies. Since the method outlined above will (probably) not work on newer iPhones, the underlying legal questions raised by this case will still need to be resolved — though perhaps by courts that have learned to regard FBI’s technical affidavits with a bit more skepticism.

This article first appeared at

  • Julian Sanchez is a Senior Fellow at the Cato Institute, studying technology, privacy, and civil liberties, with a focus on national security and intelligence surveillance.