APPLE V.

FBI
Who are the winners and losers in the Apple v. FBI drama? An explainer
Alyssa Bereznak
National Correspondent, Technology
March 29, 2016
Photo: Digital Trends
Late on Monday, the FBI announced that it had finally gained access to San Bernardino shooter Syed Rizwan Farooks iPhone,
effectively ending its month-long fight with Apple over unlocking the device.
Though international debate about encryption is far from over, this leaves both sides in somewhat uncomfortable positions. The
FBI looks a little silly for making this into a federal case, and Apples device security which has long been a selling point for its
products has taken a very public hit. Below, a quick explainer of what happened, and how each of these powerful American
institutions has emerged from this long and exhausting brawl.
So wait, back up. What did the FBI do to get into the phone?
Funny you ask thats the question that every tech journalist in the world wants to answer. Last week, less than 24 hours before
the Justice Department was set to face off with Apple lawyers in court, investigators asked to postpone the hearing because t hey
were approached by an outside party who offered to help them get into the device.
Who that outside party is we do not know. But there are some pretty reasonable guesses. As Wired reported last week, the FBI
has a sole source contract with the Israeli mobile forensic firm Cellebrite. Its website advertises that the companys hacker s can
extract data from locked iPhones running any version of iOS up to 8.4.1. Its possible that those forensic researchers could be
exploiting a vulnerability that Apple has already patched in iOS 9.
There are a few other theories that could explain the FBIs feat, but they get pretty deep in the technical weeds of how iOS stores
memory. You can read about these theories here.
A vulnerability in iOS? Thats worrying. Does the FBI have to tell Apple what that is?

Technically, no. And its possible they have already signed a nondisclosure agreement with the outside party that helped them do
it. If the FBI happens to take Apple to court over accessing a device again, its possible the details of this case could com e up and
become public information.
How does Apple feel about all this?
On a call with journalists last week, Apple lawyers acknowledged that the FBIs sudden discovery of a break -in method was
always a possibility, and one Apple was willing to accept. Indeed, as the company has pointed out in court filings, it is constantly
fighting to keep up with the latest security advancements, and patching known vulnerabilities.
But any court order to weaken Apples systems, it argued, would make it significantly less secure, because that would make it
more likely to be targeted by cybercriminals. Apple lawyers said they hoped the FBI would share its method for breaking into the
device, but that there was no way to force it to do so.
But lets face it: Even if the vulnerability that was exploited by the FBIs hired hackers has already been patched in later versions of
iOS, the fact that law enforcement could get into Farooks phone makes Apples overall security look bad. And it further
supports criticism from some cryptographers that Apple couldve done more to prevent the FBI from even requesting the access it
wanted in the San Bernardino case in the first place. Even though the court case was dropped, Apple was definitely cut down in
the eyes of the privacy community, and probably the public.
Its also worth noting that the third party the FBI hired did not report whatever vulnerability it discovered in iOS to Apple . According
to a report by the New York Times last week, that could possibly be because unlike most major tech companies, Apple does not
offer large sums of money in exchange for finding security errors in its code.
But why did the FBI go through all that legal drama if it couldve just taken more time to search for outside help?
During the debates spurred by the San Bernardino court case, many privacy activists and members of Congress suggested the
FBI simply wanted to set a legal precedent that gave it a court-mandated way to access encrypted information on the devices of
terrorists and criminals.
But, as Electronic Frontier Foundation attorney Nate Cardozo told Yahoo News last week, it seems the government was taken by
surprise by the strength of Apples opposition and the amount of support they were able to garner in both the tech community and
the civil liberties community. In other words, if your court case is prompting journalists to ask President Obama what he thinks
about a very controversial topic, youre probably doing something that could be embarrassing for your organization.
I can imagine that the judge handling this case was not amused.

Well, the federal magistrate assigned to the San Bernardino case isreportedly unfazed by unpredictable situations, even that time
a plane crashed into her house in 2003 (no biggie). But the fact that the FBI repeatedly claimed it couldnt unlock Farooks phone
without the help of Apple only to say, Whoops, never mind! We can! the day before a trial diminishes its argument in court.
That is to say, any judge in any similar case in the future may be skeptical of those claims. T he FBI lost a lot of legal credibility
through this whole kerfuffle.
Did anyone win?
Hackers, maybe? Or, at least, discreet mobile forensic firms that are hired as private contractors by the government. And I w ould
argue that the American people also won a small victory. An important and complicated issue pitting security and privacy interests
against each other was debated pretty seriously in the public square. That may even push Congress to address the issue,
however briefly.
Do I have to look out for any more public legal battles like this in the future?
Well, now that the FBI has learned its lesson, its likely to be much more secretive about any other access it pursues throug h thirdparty forensic labs. Consider the assertive tone of a statement released by a Justice Department spokesperson yesterday: It
remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect nation al
security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails. We
will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relyin g upon
the creativity of both the public and private sectors.
Chances are, they wont be seeking the publics sympathy next time.