Court vacates iPhone hack order against Apple, focus shifts to New York

The order was vacated after the FBI said it had accessed data on a terrorist’s phone

A judge in California vacated on Tuesday an earlier order asking Apple to assist the FBI in cracking the passcode of an iPhone 5c running iOS 9 that was used by one of the San Bernardino terrorists.

The focus of the dispute between Apple and the government over whether it can be compelled to help agencies access data on iPhones now shifts to a court in Brooklyn, New York, where Apple is contesting an order to extract data from the passcode-locked iPhone 5s of an alleged drug dealer.

The FBI had requested the California court on Monday to vacate the order as the government had successfully accessed the data stored on the iPhone used by Syed Rizwan Farook and no longer required Apple’s assistance.

It had earlier told the court that it could possibly crack the phone without Apple’s help by testing a method suggested by an outside party. An Israeli cybersecurity company had offered a possible solution, according to unconfirmed media reports.

The FBI did not, however, provide information on Monday on how it had gained access to the data on the phone, raising questions on whether it had been able to exploit an unknown vulnerability in the device.

On Tuesday, Magistrate Judge Sheri Pym of the U.S. District Court for the Central District of California wrote that the court has vacated the order compelling Apple to assist agents and denied related motions from the FBI and Apple as moot.

Apple had been ordered by Judge Pym in February to offer its technical assistance, including if required, provide signed software to bypass or disable an auto-erase function on the phone, which could be activated after 10 unsuccessful tries if the FBI tried to crack the phone’s passcode using brute force.

In the U.S. District Court for the Eastern District of New York, the FBI has appealed to the District Judge Margo K. Brodie an order from Magistrate Judge James Orenstein, which stated that Apple can’t be forced to extract data from the iPhone 5s under a statute called the All Writs Act, the same law invoked in the California case.

The government's reading of the All Writs Act, a statute enacted in 1789 and commonly invoked by law enforcement agencies to get assistance from tech companies on similar matters, would change the purpose of the law “from a limited gap-filing statute that ensures the smooth functioning of the judiciary itself into a mechanism for upending the separation of powers by delegating to the judiciary a legislative power bounded only by Congress's superior ability to prohibit or preempt,” Orenstein had written in his order.

In a filing to Judge Brodie, Apple had asked last week for a delay in the briefing schedule pending a report from the FBI on its attempts to crack the iPhone 5c in the case in California. Regardless of what the Department of Justice "concludes regarding whether the method being evaluated in San Bernardino works on the iPhone here, it will affect how this case proceeds," Apple wrote.

The iPhone in the New York case runs the older iOS 7 operating system than the iPhone in the San Bernardino case. If that same method can be used to unlock the iPhone in the New York case, it would eliminate the need for Apple’s assistance, the company said in its filing. “On the other hand, if the DOJ claims that the method will not work on the iPhone here, Apple will seek to test that claim, as well as any claims by the government that other methods cannot be used,” it added.

While agreeing to the extension of the briefing schedule, the DOJ said Tuesday it will update the court by April 11 as to "whether it intends to modify its application" in the matter, leading to speculation that as in the San Bernardino case it could soon inform the court that it has also been able to access data from the iPhone 5s used in the New York case.

With the FBI not commenting on how it accessed the data on the iPhone 5c, it isn’t clear yet whether the method applies to other iPhones or only the specific device used in the San Bernardino terror attacks.

Join the CSO newsletter!

Error: Please check your email address.

Tags applefbi

More about AppleDepartment of JusticeDOJFBI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ribeiro

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place