Stories

DOJ: FBI botched initial effort to crack San Bernardino iPhone

An iPhone
Photo by Jaap Arriens/NurPhoto via Getty Images

When then-FBI Director James Comey testified before Congress about Apple refusing to unlock the cell phone of a suspect in the 2015 San Bernardino terrorist shootings, he was incorrect, but he did not lie, a new Department of Justice report concludes. According to the report, from the DOJ's Office of the Inspector General, Comey's statement that the FBI exhausted all avenues to break into the cell phone before taking Apple to court was "not borne out by the facts."

Why this matters: The San Bernardino phone became exhibit A in a heated debate between law enforcement and tech companies over whether phone makers should have to build a police access mechanism into every digital device. In that debate, law enforcement authorities maintain that they would only use such extraordinary access as a last resort. If the report is right, in this case it wasn't.

The background: In 2015, the FBI and Apple briefly faced off over a court order directing Apple to break into the iPhone of Syed Rizwan Farook, who was believed to have conducted a terrorist mass shooting in San Bernardino, California.

  • The FBI obtained a court order for Apple to develop a tool to break into the cell phone on Feb. 9, which Apple opposed.
  • Comey testified before Congress on March 1, 2016 that "We wouldn’t be litigating if we could [break into the phone]. We have engaged all parts of the U.S. Government to see does anybody that has a way, short of asking Apple to do it, with a 5C running iOS 9 to do this, and we do not."
  • The FBI dropped the court case in late March when it contracted a third party vendor to break into the phone.

According to the report: Because of communications miscues, the Operational Technology Division of the FBI did not contact what the report describes as a "key" sub-unit until a Feb. 11 managers meeting. The FBI brought the Apple order to a judge on Feb. 16 - only 5 days later.

  • According to the report, "The ROU Chief [Remote Operations Unit is part of the Operational Technology Division] had only just begun the process of contacting vendors about a possible technical solution for the Farook iPhone, including contacting an outside vendor who he knew was almost 90 percent finished with a technical solution that would permit the exploitation of the Farook iPhone."
  • ROU might not have been initially looped in because it worked exclusively in the domain of national security, not in criminal cases.