In Round 2 of the Apple iPhone FBI court dispute, in which the court ordered Apple to alter the iPhone used by San Bernardino shooter Syed Farook, the Feds have filed a Motion to Compel Apple to comply with the order, in which they mention, in passing in a footnote, that the San Bernardino County Department of Public Health (SBCDPH) actually changed the password to the iCloud account to which the phone was backing up, thwarting any further backups of the phone’s data, between the time it was recovered from Farook’s vehicle, and handing it over to the FBI.
We think, given the very serious nature of the possible rippling and longerm effects of the outcome of this lawsuit, that burying this potentially crucial bit of information in a footnote, in a follow-up motion, let alone not revealing it at all in their lawsuit, rises nearly to the height of malfeasance on the part of the government.
In the U.S. Federal government’s Motion to Compel Apple to Comply with the Court Order, in nearly exactly the middle of a 35 page document, the Feds buried, in the middle of a very long, wordy footnote on page 18, this information: “..the owner, in an attempt to gain access to some information, in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup.” [Note: “the owner” refers to the San Bernardino County Department of Public Health, who had issued the iPhone (a/k/a the “SUBJECT DEVICE”) to Syed Farook as part of his employment.]
To spell this out in plain English, Syed Farook’s iPhone was in the custody of a governmental agency after the shooting, and before it was handed to the FBI. And during that interim period, that governmental agency was able to – and did – reset iCloud password for the account to which the iPhone was, presumably, auto-backing up its data, before handing it over to the FBI.
Meaning that the most current data on the phone was not retrievable through the iCloud account because the phone could no longer log into the iCloud account, because the phone did not have the new iCloud account password.
In an apparent CYA (Cover Your Ass) move, San Bernardino county sent out this message after the Feds filed their Motion to Compel with the now-infamous Footnote 7, explaining that they had done so at the FBI’s request, saying that “The County was working cooperatively with the FBI when it reset the iCloud password at the FBI’s request.”
Meaning that the FBI could likely have obtained the very information they were seeking from Farook’s iCloud account (remember that data stored in the cloud is very easy to get, in fact if it’s there for over 180 days they don’t even need a warrant), but for their action of having the iCloud account password changed!
This information could potentially have allowed Apple additional defenses to the action, defenses which could very well have affected the outcome, including the possibility for the court to have ordered something very different based on the fact that there may have been a screw-up before (or after) the phone arrived at the FBI’s labs. Or possibly the court even dismissing the case, as but for the FBI’s own actions, along with San Bernardino county’s actions, they would likely already have the data. (And let’s not get into the fact that this demonstrates that no matter how secure and private you think your data on your iPhone is, once it leaves your phone to your iCloud account, all bets are off.)
Apple was deprived of that information, and so deprived of the opportunity to mount their best defense to the Feds’ demands.
It will be very interesting to see what Apple’s lawyers do with this.