The FBI on Saturday rebutted media reports that San Bernardino County technicians acted without the agency’s consent when they reset the password for the Apple iCloud account belonging to one of the shooters involved in the Dec. 2 terror attack at a county facility that killed 14 people.
“This is not true,” FBI spokeswoman Laura Eimiller said in a statement released late Saturday night. “FBI investigators worked cooperatively with the county of San Bernardino in order to exploit crucial data contained in the iCloud account associated with a county-issued iPhone that was assigned to the terror suspect, Syed Rizwan Farook.”
Apple has refused to give the FBI the tools to unlock Farook’s iPhone, and the battle escalated Friday when the government urged a federal judge to immediately compel the tech giant to comply, arguing that it appears more concerned with marketing strategy than national security.
Separately on Friday, federal prosecutors and senior Apple executives also disclosed new details about what transpired privately in the weeks leading up to their very public legal battle, including their previous efforts to access the phone’s content.
But one of the most encouraging options was ruled out after the phone’s owner – Farook’s employer, the San Bernardino County Public Health Department – reset the password to his iCloud account in order to access data from the backup, according to Apple officials.
That means the iCloud password on the iPhone itself is now wrong, and it won’t back up unless someone can get past the phone’s passcode and change it.
The issue was discovered after Apple engineers sent to Southern California to work with the FBI struggled to trigger an automatic backup, Apple said. When iCloud is enabled, iPhones automatically sync with the cloud if they are charging and are connected to a familiar Wi-Fi network.
Had there been no reset on the iCloud password, investigators may have been able to get a more updated backup of Farook’s iPhone without any need to unlock the device itself.
Some news agencies reported this week that federal investigators only found out about the password reset after it occurred and that the county employee responsible acted on his own.
But the FBI said in its statement Saturday that agents worked with San Bernardino County technicians to reset Farook’s password on Dec. 6 – four days later – because “the county owned the account and was able to reset the password in order to provide immediate access to the iCloud back up data. The agency went on to say that the reset of the password “does not impact Apple’s ability to assist with the court order under the All Writs Act.”
Prosecutors still contend that unlocking the iPhone is crucial because some data does not sync to iCloud. They said the FBI has retrieved Farook’s iCloud backups up to Oct. 19, about six weeks before the attack, and an FBI affidavit suggested that Farook deliberately disabled the sync feature.
“Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible without Apple’s assistance as required by the All Writs Act order, since the iCloud backup does not contain everything on an iPhone,” Eimiller said in her statement Saturday. “As the government’s pleadings state, the government’s objective was, and still is, to extract as much evidence as possible from the phone.”
Apple deliberately changed its iPhone software in 2014 to make it nearly impossible for anyone besides a device’s user to unlock it. It’s now refusing to weaken some of the security measures to provide the government with an easier route in.
The company has said allowing even one exception to that policy, including for a terrorism case, would open the floodgates for authorities to seek the same workaround in all types of investigations.