Judge: Apple must help FBI unlock San Bernardino shooter’s iPhone

On Tuesday, a federal judge in Riverside, California, ordered Apple to help the government unlock and decrypt the iPhone 5C used by Syed Rizwan Farook, who shot up an office party in a terrorist attack in nearby San Bernardino in December 2015.

Specifically, United States Magistrate Judge Sheri Pym mandated that Apple provide the FBI a custom firmware file, known as an IPSW file, that would likely enable investigators to brute force the passcode lockout currently on the phone, which is running iOS 9.

As Judge Pym wrote:

Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

All Writs Act strikes again

In its 40-page filing, which was also filed on Tuesday, the government cited the All Writs Act, which has come up in other cases.

At its core, the 18th-century catchall statute simply allows courts to issue a writ, or order, which compels a person or company to do something. In the past, feds have used this law to compel unnamed smartphone manufacturers to bypass security measures for phones involved in legal cases. The government has previously tried using this same legal justification against Apple as well.

Since iOS 8, Apple has enabled full encryption by default, and the company specifically said the move happened "so it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."

Compelling a major smartphone manufacturer to provide the government with such a tailor-made option appears to be unprecedented.

"[The Department of Justice] went with the nuclear option," Chris Soghoian, a technologist with the American Civil Liberties Union, told Ars.

Similarly, Ahmed Ghappour, a law professor at the University of California, Hastings, concurred.

"Here you have the government using a catch-all statute from the 18th century to compel a technology company to 'assist' law enforcement by designing custom software to backdoor an encrypted device," he told Ars. "The ramifications of such a precedent could be tremendous. If the government can compel Apple to provide custom software, why can’t they compel Facebook to customize analytics that predicts the criminality of their user base?"

For his part, Kurt Opsahl, an attorney with the Electronic Frontier Foundation, also said that he had never heard of such a court order.

"The only precedent that comes to mind is the 9th Circuit case about car satellite phones from 2003," he told Ars.

"The FBI wanted to bug a car through its integrated sat phone system. Because 'the Company could not assist the FBI without disabling the System in the monitored car,' the order was reversed."

Clock's ticking

In a related ongoing drug case in New York, a federal judge invited Apple to tell the court why it felt that the government could not compel it to unlock a seized phone. At the time, bringing Apple into a case like this was new.

Neither Apple nor its counsel in the New York case, Marc Zwillinger, immediately responded to Ars’ request for comment. However, it seems likely that Apple will try to resist the judicial order in California.

As Zwillinger wrote last week in a prescient letter to the judge in the New York case:

Apple takes no position on whether and to what extent information from the Apple device in the government’s possession is relevant to any ongoing investigation, or necessary for the criminal defendant’s sentencing. But Apple has received additional requests similar to the one underlying the case before this Court. Apple has also been advised that the government intends to continue to invoke the All Writs Act in this and other districts in an attempt to require Apple to assist in bypassing the security of other Apple devices in the government’s possession.

Apple has five business days to formally respond.