Now that it has found a way to do so for its own purposes in a California terrorism case, the FBI is helping Arkansas prosecutors break into an iPhone and iPad.
This time it’s to look for evidence in a murder trial, and it’s without asking Apple for help to crack the iOS devices. Instead prosecutors in Faulkner County, Ark., asked the FBI to take a shot at it, given its recent success breaking into the phone used by a terrorist in San Bernardino, Calif., according to the Associated Press.
The FBI is also helping break into an iPod related to the case, the AP says.
Unlike the California terrorism case, helping out in the murder prosecution doesn’t involve a court order requiring Apple to write software that disarms the iPhone’s anti-brute-force software. That order was being challenged by Apple when the FBI found a third party to crack the phone.
If the order had been upheld, it would have cleared the way for the FBI and other law enforcement to seek similar court orders against other security vendors. It would legitimize the government forcing makers of encryption products to break their security, even if it meant they had to create new technology to do so.
+ ALSO ON NETWORK WORLD FBI, Apple battle may leave lasting legacy +
It remains a possibility that law enforcement agencies will seek such power in other cases, mostly having to do with drug crimes, according to a study by the American Civil Liberties Union. Such requests are pending in 63 cases across 22 states involving either Apple or Google. There’s an interactive map here.
And it’s not just the FBI seeking the power. The ACLU list of cases includes filings from the Secret Service, Drug Enforcement Administration, Bureau of Alcohol, Tobacco and Firearms, Department of Homeland Security, Department of Homeland Security Investigations, the Bureau of Land Management and the Air Force Office of Special Investigations.
They all hope to invoke the All Writs Act in a way it has never been used before. If they are successful, it would put vendors of encryption tools in the position of having to break into their own products. As a result, their products would be less secure because they would be known to contain intentional vulnerabilities that hackers would try to discover and exploit.
Meanwhile, it’s unlikely that the FBI will ever disclose exactly how the San Bernardino iPhone was broken into, says John Pironti, president of IP Architects. Rather it is likely the FBI will want to keep the method secret as long as possible so it can continue breaking into suspect devices without invoking the help of the companies that make them, he says.
If evidence from the phones ever get to court, the FBI would have to disclose how they did it to demonstrate that the method was forensically sound, Pironti says. But that testimony would be done with the public excluded from the courtroom and the testimony put under seal, as he has seen in other cases involving evidence elicited from hacked devices.
Pironti says device makers will continue to fight the court orders because having to comply would put them at a disadvantage against competitors in other countries that have no such restrictions.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.