For years, law enforcement agencies across the world have been sending locked iPhones to Apple and Apple has been serving up the data from these phones like a piece of Apple pie (with the appropriate subpoena or search warrant). When Apple released the iOS 8 operating system back in 2014, it announced that they would no longer have the ability to extract data from iPhones running this (and subsequent) operating systems, essentially cutting off the free Apple pie.
I am a certified computer examiner with eDiscovery Inc. located in Bellevue, Washington. We routinely extract data from cell phones and have experience trying to unlock various iPhones. Most of the phones we are trying to unlock usually belong to somebody that has died or disappeared.
Prior to iOS 8 it was fairly easy to do a brute force attack on an iPhone. A brute force attack simply means that you try every possible combination until you find the right one. When the passcode is only 4 numbers the possibilities are limited so this type of attack can usually be done in 1 – 2 days. Contrast that with a password of 10 characters containing a combination of numbers, letters or symbols and it could take years to crack such a password – which gives you an idea as to why these types of passwords can be required.
Apple did not use brute force to provide the data to law enforcement though. It did have a “backdoor” it could use to extract the data as opposed to unlocking the phone. Consequently, Apple received thousands of phones from law enforcement agencies around the world and, despite having an entire group at Apple dedicated to fulfilling these requests, it would typically take 6 months or more for Apple to comply with the subpoena.
So what has the FBI (and other law enforcement agencies) been doing about these newer iPhones up to this point? I don’t know for sure, but the company that creates the software we use to extract data from cell phones has been offering to unlock iPhones running these later operating systems for quite some time. The offer is available to law enforcement only with proper authority at a cost of about $5000 per phone.
The FBI just now dropped its motion to force Apple to unlock the work iPhone used by the San Bernardino suspect because a “third party” has claimed to be able unlock the device. In addition to the company identified above, most of us in the industry know of a variety of ways to potentially access the data on these newer iPhones so it is difficult to believe the FBI wasn’t aware of these other options all along.
Was the real motivation behind the FBI’s motion to require Apple to create a backdoor for this particular iPhone designed to insure Apple continue to provide this service to law enforcement?
All companies have an obligation to comply with legal processes and frequently need to devote substantial resources towards that effort. Apple will continue to be one of them. But typically that obligation only applies to data that is within the company’s custody or control. The data on a customer’s iPhone is not in Apple’s custody or control until somebody sends them the device.
I am not a fan of Apple or its devices. But requiring Apple to provide law enforcement with data from the iPhones it sells would be like requiring Dell to provide the data from every computer it has sold.
Allison Goodman is the President of eDiscovery Inc., a consulting firm that provides electronic discovery consulting and digital forensic services to law firms and corporate counsel nationwide.
With more than a decade of experience in the digital forensic industry and over two decades in electronic discovery, Allison brings a wealth of knowledge to the profession. She is a Certified Computer Examiner and was on the original advisory board that established the University of Washington’s computer forensics and electronic discovery programs. She is also the President of CTIN, a digital investigative organization that conducts an annual 3 day conference for other examiners.
Allison has taught digital forensics to a variety of people and testified in both state and federal courts. Allison can be followed on Twitter @ediscoveryinc