Apple iPhone 5C
Who reset the password on Syed Farook's iPhone 5C? The Apple vs FBI privacy rights debate continues and a local government agency has waded into the furore Reuters

Wading into the FBI/Apple digital rights vs national security debate, San Bernardino County has now stated it was instructed by the FBI to reset the iCloud password of the San Bernardino terrorist Syed Farook, who killed 14 people and injured 22 others in December 2015.

On Tuesday 16 February, a US federal judge ordered Apple to help the FBI unlock Farook's iPhone 5C, because the FBI believed that the phone contained vital clues pertaining to the terrorists who ordered Farook and his wife Tashfeen Malik to commit the deadly attack.

However, on the same day Apple announced that it was rejecting the court order because it would set a dangerous precedent based on an obscure 18<sup>th century law that would create a backdoor into Apple products, thus allowing both authorities and criminals unlimited access to Apple customer data, to say nothing of the potential to spy on Apple users by intercepting phone calls, SMS text messages and tracking their location via GPS.

The US government claims that it tried several ways of getting into Farook's iPhone, including returning the iPhone to its home Wi-Fi network in order to prompt it to automatically back up Farook's files to the iCloud. Unfortunately, it seems that Farook might have disabled the automatic update function, because it didn't work.

Next, San Bernardino County staff tried to access Farook's iCloud account by resetting his Apple ID, but doing this triggered an Apple security measure that then made it impossible to back up the phone's contents.

Apple facing criticism, but San Bernardino County says it acted on FBI's watch

San Bernardino killers Isis Islam
San Bernardino killers Tashfeen Malik and Syed Farook passing through Chicago's O'Hare International Airport in 2014. Reuters /US Customs and Border Protection

Over the last six days, a large debate has kicked off between the media, intelligence agencies and politicians about how much power Apple should have when faced with court orders issued by governments, with presidential candidates like Donald Trump declaring that everyone should boycott Apple until it cedes to the FBI's request (even though he too, owns an iPhone).

It has been implied in media coverage that the local government of San Bernardino County – Farook's employer – changed the password of Farook's iCloud account, which meant that the only way the FBI could get into his account was the take Apple to court.

However, on 20 February, the SB CountyWire, a Twitter account associated with San Bernardino County, tweeted that in fact the county had been working under the direction of the FBI when the password was reset.

Of course, the FBI wasn't impressed by this and decided to release a rebuttal statement on 21 February, implying that the local government was working together with the FBI the whole time. According to an email uploaded by Ars Technica's Cyrus Farivar, the FBI claimed that it was in fact "working with" officials from San Bernardino Country.

STATEMENT TO ADDRESS MISLEADING REPORTS THAT THE COUNTY OF SAN BERNARDINO RESET TERROR SUSPECT'S IPHONE WITHOUT CONSENT OF THE FBI

Recent media reports have suggested that technicians in the county of San Bernardino independently conducted analysis and took steps to reset the iCloud account password associated with the iPhone 5C that was recovered during a federal search following the attack in San Bernardino that killed 14 people and wounded 22 others on December 2, 2015. This is not true. FBI investigators worked cooperatively with the county of San Bernardino in order to exploit crucial data contained in the iCloud account associated with a county-issued iPhone that was assigned to the suspected terror suspect, Syed Rizwan Farook.

Since the iPhone 5C was locked when investigators seized it during the lawful search on December 3rd, a logical next step was to obtain access to iCloud backups for the phone in order to obtain evidence related to the investigation in the days following the attack. The FBI worked with San Bernardino County to reset the iCloud password on December 6th, as the county owned the account and was able to reset the password in order to provide immediate access to the iCloud backup data. The reset of the iCloud account password does not impact Apple's ability to assist with the the court order under the All Writs Act.

The last iCloud data backup of the iPhone 5C was 10/19 and based on other evidence, investigators know that Syed Rizwan Farook had been using the phone after 10/19. It is unknown whether an additional iCloud backup of the phone after that date — if one had been technically possible — would have yielded any data.

Through previous testing, we know that direct data extraction from an iOS device often provides more data than an iCloud backup contains. Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible without Apple's assistance as required the All Writs Act order, since the iCloud backup does not contain everything on an iPhone. As the government's pleadings state, the government's objective was, and still is, to extract as much evidence as possible from the phone.

But who's really at fault here?

Apple claims that the public should be involved in deciding whether governments should be allowed to access customer data and how they are allowed to go about doing so, and other tech companies including Google and WhatsApp have lent their support, as well as NSA whistleblower Edward Snowden and even former FBI agents.

However, the White House is insisting that if the government needs to access data to prevent terrorist attacks and crime, it should have it, while playing down the issue of deliberately creating backdoors into Apple products.

FBI director James Comey has also stressed that the FBI isn't trying to create a backdoor into Apple's products, but that as law enforcement professionals, it is difficult for the agency to "look survivors in the eye" if the suspects' phones self-destruct before the FBI can guess what the password is.

On the other hand, a senior Apple executive told the Guardian on Friday 19 February (under condition of anonymity) that in fact, in this particular case, the US Department of Justice has made access demands that not even China is demanding, and that even if Farook hadn't turned off the auto-update function, it is not known whether the FBI's method to decrypt the phone would have worked.

So is the US government intent on eradicating users' privacy, or is Apple trying to stand in the way of justice? It seems clear at least that more public debate is needed, and the government will need to justify exactly how they wish to obtain customer data, or a truly scary precedent on data collection could come to pass.