Department of Justice withdrew its appeal after being given the access code to unlock the device
US investigators have dropped a second challenge to Apple over the security of its iPhone devices following the withdrawal of a high-profile court battle that saw issues of privacy and law enforcement make international headlines.
The US Department of Justice told a New York federal judge that an unnamed individual had provided them with the passcode needed to unlock the iPhone used by the drug dealer in the case, and had been able to access the handset without Apple’s help.
“Yesterday evening, an individual provided the passcode to the iPhone at issue in this case,” the DOJ said. “Late last night, the government used that passcode by hand and gained access to the iPhone. Accordingly, the government no longer needs Apple’s assistance to unlock the iPhone, and withdraws its application.”
The move follows the DOJ’s withdrawal in a separate case in which it sought to force Apple to help it access a device used by San Bernardino gunman Syed Farook.
In that case, a judge had ordered Apple to help the FBI under the US’ All Writs Act, but Apple had refused to comply. In that case, the FBI announced less than 24 hours before its court date with Apple that it had purchased a hacking tool for more than £1m that allowed it to access the iPhone in question.
In the New York case, a judge had ruled in Apple’s favour, agreeing with the company’s position that the All Writs Act was never intended to allow the government to order the kinds of technical hacks it was now requiring.
“The implications of the government’s position are so far-reaching – both in terms of what it would allow today and what it implies about Congressional intent in 1789 – as to produce impermissibly absurd results,” the judge wrote.
The FBI appealed and its withdrawal comes days before a scheduled court appearance in which it would have defended its position.
The DOJ didn’t provide further details on the individual in question, but it’s unclear who would have known the access code other than the defendant himself, Jun Feng, who has pleaded guilty to drugs dealing charges. Feng had previously said he could not remember the code.
Feng pleaded guilty late last year, but the DOJ said it was pressing ahead with the iPhone order to defend the principle that it should be able to use means such as the All Writs Act to secure the materials needed to prove its cases in court.
“These cases have never been about setting a court precedent; they are about law enforcement’s ability and need to access evidence,” the DOJ said in a statement.
Since 2013, when Edward Snowden’s revelations about mass government surveillance spurred IT companies including Apple to implement tougher security measures in their products, investigators have warned of the danger of “going dark” – the idea that measures such as encrypted messaging would deprive them of the ability to protect citizens and enforce the law.
US president Barack Obama reiterated this argument in March in defence of the idea that back doors should be installed in IT communications products, and the DOJ’s recent court arguments have also rested on the idea that legal resources such as the All Writs Act are must be defended in order for law enforcement and national security organisations to continue to carry out their basic functions.
However, the DOJ’s withdrawal in the two cases in question would seem to support the view that there is generally a way to get around any security measure, whether it takes the form of a hacking tool or, as in the New York case, information obtained from a human being.
This was the line of argument taken by GCHQ director Robert Hannigan at a talk in March, where he said there was no need for governments to press for a “master key” into communications systems, since law enforcers are likely to always be able to find some weakness or other to exploit.
Such weaknesses will always exist, in part because they’re necessary to make those systems usable, Hannigan said. “I’m not sure it is certain that [companies] will construct systems that make [access] impossible,” he said. “Not least because then their own users will find it difficult” to use the devices.
Internet of Things hacking
A report carried out by academics and current and former intelligence officials on behalf of Harvard University earlier this year reached similar conclusions, finding that it was unlikely the IT industry would ever deliver technology that couldn’t be cracked, in part because such technology would be next to impossible to use.
The study also found that in spite of the attention attracted by encrypted communications services, individuals are likely to become increasingly easy to spy on due to the wide spread of easily hackable Internet-connected devices.
“If the Internet of Things has as much impact as is predicted, the future will be even more laden with sensors that can be commandeered for law enforcement surveillance; and this is a world far apart from one in which opportunities for surveillance have gone dark,” the report found.
Are you a security pro? Try our quiz!