Last week, new details emerged on the iPhone that triggered the legal trench warfare between the federal authorities and Apple.
The FBI recently submitted an affidavit, where an agent explained the steps the bureau took in order to gain information from Syed Rizwan Farook's iPhone 5s. Farook and his wife, Tashfeen Malik, killed 14 people in San Bernardino, California, on Dec. 2, 2015, and were shot down by the police later during that day.
After declaring the shooting a terrorist act, the government managed to get a court order obliging Apple to assist the FBI in unlocking the iPhone of the attacker. Apple continues to oppose the order, invoking extended security risks, concerning national security and beyond.
According to Christopher Pluhar, the FBI agent who recently testified, Farook modified his iCloud password a few weeks before the San Bernardino massacre. That, coupled with the quad-digit passcode that locks the device, made it impossible for the FBI's forensics team to break into the iPhone.
The Department of Justice (DOJ) demands that Apple develop a unique variant of iOS that could turn off the safeguards on Farook's iPhone 5c. Also, the DOJ wants the company to disable the auto-destruct feature that deletes all information from the phone, should wrong passwords be tapped 10 times.
Pluhar says that the FBI modified the password to the employer-controlled iCloud account that belonged to Farook. By doing so, the bureau managed to get hold of the shooter's last backup of the phone, dating to Oct. 19, 2015.
Farook's employer did not have the password to the attacker's iCloud, but was able to reset it. This is how the FBI got access to the Oct. 19 iCloud backup. Farook was under pay at the The San Bernardino County Department of Public Health.
However, this did not help the investigators as much as they hoped. Farook had the foresight to change his iCloud password on Oct. 22. At the same date, the attacker turned off the auto-backup feature of iOS 9.
It should be noted that, in his sworn statement, Pluhar makes no mention of the auto-backup being switched off.
Apple does propose an alternative solution to completely unlocking the iPhone. The company says important data could be recovered simply by allowing Farook's handset to connect to a known Wi-Fi network.
In retort, the authorities disagree with the proposed solution. The FBI says Wi-Fi backup recovery would not work for three reasons: the changed iCloud password, the fact that the smartphone was recovered in power-off state, and the disabling of auto-backup.
In his deposition, Pluhar makes clear that some essential data for the investigation can only be found on the iPhone.
"The keyboard cache, as one example, contains a list of recent keystrokes typed by the user on the touchscreen," Pluhar says.
During the filling, an important detail surfaced: the attacker's iPhone remote-wipe option is disabled.
Remote-wipe differs from the auto-wipe that the government cited in its previous arguments. With remote-wipe, users can clear out all the iPhone's content through the Find My iPhone location service.
On the bright side, this means that the data from the device will remain untouched. On the other hand, the FBI still needs Apple's cooperation in order to unlock the handset, and the legal proceeding could take longer.
Apple, tech companies and public figures who support its security policy warn that unlocking Farook's phone could be devastating in the long run. The company doubts that the government would use the break-in for one time only, and feels that allowing FBI to do so would set a dangerous precedent. If leaked, encryption backdoors could be used maliciously by countries or hackers that view privacy as optional.
What is more, the legal clash between FBI and Apple takes on the privacy rights versus security theme, a subject that has been boiling in the American media since the terrorist attacks of Sept. 11, 2001.
Last week, government officials rebutted Apple's objections in a legal brief and the DOJ said that if Apple doesn't want to unlock the iPhone, it should just turn over its iOS source code and private electronic signature.