The fight between Apple and the FBI over access to a San Bernardino terrorist’s iPhone is over, the war is by no means over. The overarching legal question of whether or not companies can be compelled to create workarounds that circumvent their own security features in still unsettled, and as we saw over the weekend, every iPhone the FBI gets access to weakens their argument bit by bit.
On Saturday, the Washington Post reported that the FBI once again backed off demands for Apple to assist with breaking into an iPhone, this time in regards to a drug dealer’s iPhone in Brooklyn. Access was a little more mundane in this case — someone, presumably the phone’s owner or someone who knew them, told the FBI the passcode — but even this case has some implications for future legal wrangling between the Feds and Apple.
One of the core arguments of the FBI in their case against Apple was that the company was uniquely able to grant the access the FBI needed. That’s arguably false on its face because Apple has no existing means of circumventing their own security features — a third party is just as able to create a new piece of software as Apple is, even if they don’t have as thorough knowledge of iPhone security. With the San Bernardino case, that’s exactly what happened, as an unnamed third party created the cracking software the FBI was seeking from Apple.
Any future case over iPhone access will now be less about compelling Apple to create software and more about the FBI proving that they’ve exhausted all other possibilities before coming to Apple in the first place. That gives the advantage to Apple, but it’s a hollow victory for anyone concerned about mobile privacy and security. In the early days of the San Bernardino case, Tim Cook talked at length about the dangers of the cracking software the FBI was seeking, especially if that software, once created, ever found its way into the wrong hands. With third parties supplying that kind of software, it’s even more likely that it’ll be leaked out to black markets. The double whammy is that Apple won’t know anything about that software, and so won’t be able to create appropriate countermeasures in future iPhones.
While these developments are good news for Apple in that they won’t have to be compelled to do something they don’t want to do, it seems increasingly likely that the matter is already a decisive loss for iPhone owners concerned about security.