Apple reveals critical new detail in its encryption battle with the government

A critical new detail has emerged in Apple’s ongoing battle with the FBI and, now, the US Department of Justice.

According to senior Apple executives, speaking anonymously on a call with reporters, someone reset the Apple ID password linked to the iPhone 5C used by San Bernardino shooter Syed Farook less than 24 hours after the government seized device.

The password was seemingly changed by a San Bernardino Health Department employee (Farook worked for the department and the iPhone was its property). This eliminated any chance of the phone backing up to iCloud, which potentially would have given authorities access to data on the device, the Apple executives said.

In its motion, the DOJ indicated a San Bernardino Health Department worker had changed the Apple ID password, but it offered no more than a short mention of this in a single footnote.

“[N]either the owner nor the government knew the password to the iCloud account, and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup,” the footnote read.

Now, Apple finds itself resisting government demands that it build a backdoor into its iPhone software. The DOJ’s motion, filed Friday, asks a federal court to compel Apple to comply with an earlier court order that it assist the FBI as outlined, and calls Apple’s refusal a “marketing strategy.”

Apple spoke out in response to the motion. It said that it began working with the government in January, and that it proposed four options for the government to recover the iPhone data (which are outlined the DOJ’s footnote).

One suggestion was connecting the iPhone to a known Wi-Fi network, potentially triggering a back-up, and Apple suggested the government first try Farook’s home and then his office. Apple engineers even assisted in the process, but they discovered it wasn’t possible.

It was then that they learned the password had been changed, and with it likely the best chance of recovering the phone’s data, Apple said.

Apple decided to reveal these details because the government made details of the methods it discussed with Apple public in today’s filing.

There’s a chance a backup never would have happened after the government seized the phone. The last backup occurred on October 19, 2015, and authorities think Farook may have disabled the backup feature.

Related