In spite of Apple having turned over the shooter’s iCloud backups in the case of the Pensacola, Florida mass shooting last month, the US government has been raking it over the coals for supposedly not helping law enforcement in investigations.
But according to a new allegation, Apple has been far more accommodating than the FBI has been willing to admit. Specifically, according to six sources – Reuters relied on the input of one current and three former FBI officials and one current and one former Apple employee – a few years ago, Apple, under pressure from the FBI, backed off of plans to let iPhones users have end-to-end encryption on their iCloud backups.
The bureau had griped that such encryption would gum up its investigations.
Last week, US Attorney General William Barr fumed at Apple over its refusal to break encryption per FBI request:
So far, Apple has not given any substantive assistance.
President Donald Trump piled on, tweeting that Apple refuses to unlock phones used by “killers, drug dealers and other violent criminal elements.”
But if the recent allegation proves true, it means that Apple has been far more accommodating to US law enforcement than headlines, politicians’ ire, and Apple’s marketing would indicate.
Its sources told Reuters that more than two years ago, Apple told the FBI that it planned to offer end-to-end encryption for iCloud backups, primarily as a way to thwart hackers. If it had gone through with the plan, it would have meant that Apple wouldn’t have a key to unlock encrypted data and would thus be unable to turn over content in readable form, even if served with a court order to do so.
The next year, in private talks with the FBI, the plan to fully encrypt iCloud backups had disappeared. Reuters couldn’t determine why, but without giving details, a former Apple employee said it wasn’t hard to fill in the blanks:
Legal killed it, for reasons you can imagine.
Reuters’ source said that Apple didn’t want to run the risk of “being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption.”
If that was indeed Apple’s intent, it hasn’t worked out all that well. The company has been excoriated on Capitol Hill for its refusal to put in a backdoor that would enable the government to read encrypted messages.
Last month, responding to Apple and Facebook reps who testified about the worth of intact encryption, Sen. Lindsey Graham had this to say about the government’s ongoing quest for a backdoor:
You’re going to find a way to do this or we’re going to do this for you.
Backdoors are a product-crippling move that Apple has declined to take in spite of the FBI’s many demands to do so since the case of the San Bernardino terrorists.
One of Reuters’ sources said that it was that 2016 court battle with the FBI that subsequently made Apple back down:
They decided they weren’t going to poke the bear anymore.
A former FBI official who wasn’t involved in the iCloud encryption talks said that during the fight over encryption of the San Bernardino shooter’s iPhone, the bureau had managed to convince Apple that evidence from iCloud backups had made a difference in thousands of cases.
It’s because Apple was convinced. Outside of that public spat over San Bernardino, Apple gets along with the federal government.
The allegation relies on hearsay. Reuters doesn’t have solid proof. But one former Apple employee suggested that the encryption project – variously code-named Plesio and KeyDrop – might have been abandoned for other reasons besides legal trepidation, such as the possibility that customers would get disgruntled over being locked out of their data more often. At any rate, as three of Reuters’ sources tell it, Apple pulled about 10 experts off the encryption project after deciding to dump it.
Apple has handed over iCloud backups in 1,568 cases, covering about 6,000 user accounts, Reuters reports. In fact, the company has turned over at least some data for 90% of the requests it’s received.
It’s much easier to get at the online backups than it is to crack an iPhone, for a number of reasons. It can be done secretly, for one. You don’t need to physically possess the device to get at its data if you can get access to its iCloud backups.
And even though investigators have access to tools to bypass the iOS lock screen – tools believed to be used by companies such as Grayshift and Cellebrite – the window of time to extract a device’s data sometimes runs out before a full extraction has been done.
One example came up in 2018, in a case concerning an investigation into a pedophile ring in the US state of Ohio.
With search warrant in hand, investigators searched a suspect’s house, demanding that he use Face ID to unlock the iPhone X that they found. He complied, which gave the FBI access to photos, videos, correspondence, emails, instant messages, chat logs, web cache information and more on the iPhone.
Or, at least, that’s what the search warrant authorized investigators to seize. However, they couldn’t get everything that they were after before the phone locked. A device can be unlocked by using Face ID, but unless you know the passcode, you can’t do a forensic extraction. The clock starts ticking down, and after an hour, the phone will require a passcode.
According to the suspect’s lawyer, the FBI wanted to use Cellebrite tools to get more data from his client’s phone, but they weren’t successful.
Neither Apple nor the FBI has responded to media requests for comment on the reported abandonment of iCloud encryption.
Latest Naked Security podcast
Click-and-drag on the soundwaves below to skip to any point in the podcast.