Barr shames Apple for not unlocking terror suspect's iPhones
But does the FBI really need the help?
Updated Jan. 14 to add comment from Apple, to clarify the iPhone models involved and to add reported industry skepticism about whether the FBI needs Apple's help. This story was originally published Jan. 13.
U.S. Attorney General William P. Barr turned up the heat on Apple yesterday (Jan. 13), criticizing the company for not helping the FBI unlock two iPhones used by Mohammed Saeed Alshamrani, the Saudi Air Force lieutenant who was the gunman in the Dec. 6 shootings at Naval Air Station Pensacola in Florida.
However, industry experts said that the FBI should be able to unlock the phones on its own, especially because they are older models lacking newer security safeguards.
"This was an act of terrorism," Barr said at a Department of Justice press conference in Washington, D.C. "It is very important to know with whom and about what the shooter was communicating before he died. We have asked Apple for their help in unlocking the shooter's iPhones.
"So far, Apple has not given us any substantive assistance," Barr added, according to the official transcript of his remarks. "This situation perfectly illustrates why it is critical that investigators be able to get access to digital evidence once they have obtained a court order based on probable cause."
Barr stopped short of ordering Apple to unlock the phones. Instead, he called "on Apple and other technology companies to help us find a solution so that we can better protect the lives of Americans and prevent future attacks."
Apple's response
"We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation," Apple said in response to a query from Tom's Guide. "Our responses to their many requests since the attack have been timely, thorough and are ongoing."
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
"Within hours of the FBI's first request on December 6th, we produced a wide variety of information associated with the investigation," Apple said. "From December 7th through the 14th, we received six additional legal requests and in response provided information including iCloud backups, account information and transactional data for multiple accounts."
"The queries resulted in many gigabytes of information that we turned over to investigators. In every instance, we responded with all of the information that we had," Apple added.
"The FBI only notified us on January 6th that they needed additional assistance — a month after the attack occurred," the statement said. "Only then did we learn about the existence of a second iPhone associated with the investigation and the FBI's inability to access either iPhone. It was not until January 8th that we received a subpoena for information related to the second iPhone, which we responded to within hours."
"We are continuing to work with the FBI, and our engineering teams recently had a call to provide additional technical assistance," the company said.
But it concluded, "there is no such thing as a backdoor just for the good guys. ... Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations."
Last week, Apple said it had already turned over everything in Alshamrani's iCloud account to the FBI:
"We have the greatest respect for law enforcement and have always worked cooperatively to help in their investigations," Apple said to NBC News. "When the FBI requested information from us relating to this case a month ago, we gave them all of the data in our possession and we will continue to support them with all the data we have available."
As The New York Times pointed out, the iCloud account wouldn't include backups of Alshamrani's conversations using encrypted messaging apps such as WhatsApp, Signal or likely even Apple Messages. Such material might be on the phones.
To our knowledge, Apple has not been given a warrant to unlock Alshamrani's phones -- the FBI has only requested assistance.
A tale of two iPhones
One of the two phones was a severely damaged iPhone 5 found in Alshamrani's car. The other phone is an iPhone 7, according to The Associated Press, which said it got a copy of the letter the FBI sent to Apple last week. A photo displayed at Barr's press conference indicates it could be anything from an iPhone 6 Plus to an iPhone 8 Plus.
Alshamrani pumped a bullet into this phone's screen during the attack, Barr said, but FBI experts "were able to fix both damaged phones so they are operational."
Does the FBI really need Apple's help?
The Wall Street Journal reported Tuesday that the FBI shouldn't really need Apple's assistance in unlocking Alshamrani's iPhones.
Reporter Robert McMillan said that despite Apple's continued security upgrades, a proliferation of new third-party tools makes it easier for law-enforcement investigators to break into iPhones today than they could have a few years ago.
The fact that Alshamrani's phones are older models makes that doubly plausible.
"We've got the tools to extract data from an iPhone 5 and 7 now," the head of a forensics-investigation firm told the Journal. "Everybody does."
McMillan pointed out that checkm8, a recently discovered but widely publicized exploit of the iPhone's most basic software, makes all models from the iPhone 4S through the iPhone X permanently hackable. He said at least one forensics tool used by law enforcement incorporates the checkm8 exploit.
If this sounds familiar, it is
The case is clearly similar to that of Syed Rizwan Farook, who with his wife killed 14 of his co-workers at a Christmas party in December 2015.
Apple refused to help the FBI unlock a workplace iPhone Farook used, despite a court order, arguing that doing so would undermine the security of all iPhones. The FBI finally unlocked Farook's phone using third-party software and found nothing of interest.
However, Barr is more aggressive about this matter than his predecessor Loretta Lynch, who criticized Apple's stance in the Farook case but let lower-level Justice Department officials handle the details.
In a speech at a security conference in July 2019, Barr said that "warrant-proof encryption poses a grave threat to public safety," adding that "our tech sector has the ingenuity to develop effective ways to provide secure encryption while also providing secure legal access."
Barr also warned in July that it would be "only a matter of time before a sensational case crystallizes the issue for the public," after which "a cooperative approach" might be impossible.
Going dark
In law-enforcement parlance, lack of access to encrypted messages and devices is referred to as the "going dark" problem. But there's a substantial difference between building a backdoor into encrypted messaging services, which cryptography experts say is impossible to do without undermining everyone's security, and creating a workaround for iPhone screen locks, which Apple could easily do.
Apple argued in the Farook case that if it created a lockscreen workaround, there was a danger someone could steal it and use it to reset stolen iPhones. It refused to create or use such a tool even if the tool were to be used by Apple personnel on Apple property.
Back in 2016, law-enforcement personnel argued that Apple wrongly prioritized its own privacy-first marketing strategy ahead of national security.
In July, Barr said that was ridiculous.
"We are not talking about protecting the nation's nuclear launch codes," he said. "We are talking about consumer products and services such as messaging, smartphones, email, and voice and data applications."
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.