Everybody is in a tizzy over whether Apple should comply with a court order to unlock the iPhone of one of the dead San Bernardino terrorists. But there’s one detail in this whole mess that’s completely bizarre. The terrorist’s employer, the San Bernardino Health Department, reset the guy’s iCloud password.
Technically, the iPhone in question (the one the FBI is demanding that Apple unlock) was purchased by the San Bernardino Department of Health. And as security researcher Christopher Soghoian has pointed out on Twitter, the Department tried to reset the phone’s iCloud password remotely in the hours after the attack. The department hoped to gain information from a possible back-up of the phone to iCloud. Instead, it rendered the account useless.
From today’s filing by the Justice Department against Apple (emphasis mine):
The four suggestions that Apple and the FBI discussed (and their deficiencies) were: (1) to obtain cell phone toll records for the SUBJECT DEVICE (which, while the government has of course done so, is insufficient because there is far more information on the SUBJECT DEVICE than simply toll records); (2) to determine if any computers were paired with the SUBJECT DEVICE to obtain data (which the government has determined that none were); (3) to attempt an auto-backup of the SUBJECT DEVICE with the related iCloud account (which would not work in this case because neither the owner nor the government knew the password to the iCloud account, and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup); and (4) obtaining previous back-ups of the SUBJECT DEVICE (which the government has done, but is insufficient because these backups end on October 19, 2015, nearly one-and-a-half months prior to the IRC shooting incident, and also back-ups do not appear to have the same amount of information as is on the phone itself). After subsequent conversations, though, Apple conceded that none of these suggestions would work to execute the search warrant or to sufficiently obtain the information sought.
“The owner” the feds are talking about there is the local Department of Health.
Of course, there are many good reasons that Apple doesn’t want to be compelled to effectively design a backdoor that would unlock the dead guy’s phone. If it did, it would mean that everybody (good guys and bad guys alike) could potentially go around unlocking anyone’s phone.
It’s not a black and white case, but there’s at least a lesson here: If you’re an employer and an employee just killed a bunch of people, don’t take it upon yourself to try and hack the bad guy’s phone.
Update, 6:31pm: In an interesting twist, some tech reporters just had a call with unnamed Apple executives. Gizmodo was not invited to the call. The resulting stories (like this one from Buzzfeed) tell the same basic story as this post, except that they imply the FBI mishandled and accidentally reset the iCloud password remotely.
Buzzfeed’s news article repeatedly uses the word “government” without specifying the specific branch. According to today’s filing it was the local Health Department in San Bernardino (again, the technical “owner” of the phone) that mishandled it. So yes, it was technically a government entity that mishandled the phone. That government entity was the terrorist’s employer. But with Apple’s anonymous conference call, they clearly want the public to assume it was the FBI’s fault.
From the introduction to Buzzfeed’s new article (emphasis mine):
The Apple ID passcode linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn’t happened, Apple said, a backup of the information the government was seeking may have been accessible.
Now, the government, through a court order, is demanding Apple build what the company considers a special back door way into the phone — an order that Apple is challenging. The government argues Apple would not be creating a backdoor.
Both the FBI and Apple are fighting a brutal public relations battle. And today you can score a point for Apple with some expertly executed anonymous spin.
Update, 7:04pm: Looks like Apple’s tactic of not specifying which part of “government” messed up the password is playing out precisely how you’d expect on social media. People are assuming “the government” means “the FBI”:
Update, 7:37pm: ABC News has confirmed that the IT employee working for San Bernardino County was not instructed by the FBI to attempt a password reset for Syed Farook’s iCloud:
The auto reset was executed by a county information technology employee, according to a federal official. Federal investigators only found out about the reset after it had occurred and that the county employee acted on his own, not on the orders of federal authorities, the source said.
Update, 8:42pm: Gizmodo was just on a follow-up call with Apple executives with the same bullshit conditions that there would be no direct quotes and no names. We learned nothing new.
Update, February 20th 1:33pm: The original headline for this article was “The San Bernardino Terrorist’s iCloud Password Was Accidentally Reset By His Employer.” It has been pointed out correctly that we now know it was no accident, despite the fact that it had unintended consequences. The IT employee working for San Bernardino County intentionally reset the iCloud password. I have removed the word “accidentally” from the headline.
Update, February 20th 3:45pm: A Twitter account associated with San Bernardino County is now claiming that they reset the password under the direction of the FBI.