Apple's big fight with the Federal Bureau of Investigation could have been avoided if one government employee had kept his hands off the phone.
According to a senior Apple executive, the company has been working with the federal government since early January to try to provide a way to access the San Bernardino county-issued iPhone connected with Syed Farook, the gunman in the massacre.
The problem, according to Apple, is that the company was called too late.
That's because the phone was apparently erased of any chance to access its data only an hour after the device came into government custody. An unnamed person in the San Bernardino County government — likely an information technology employee — reset the Apple ID associated with the iPhone 5C in an attempt to access the data.
The FBI called Apple several weeks later, and Apple proposed four potential ways to get into the phone to the FBI — but the reset thwarted all of them. The reset erased any chance that authorities had of pulling the iCloud information that could have hinted at Farook's plans just before the attack.
In its filings, the Department of Justice suggested that Farook turned off iCloud backups on his phone purposefully roughly six weeks before the attacks. The senior Apple executive said that this information was impossible to determine, since no one can get into the phone.
Now the FBI is asking Apple to write a customized version of its iOS operating system for this specific iPhone 5C, through a court order. The Department of Justice filed a similar 25-page order today, backing up the FBI's arguments.
Apple has multiple objections to the request, according to the senior official.
One is that writing new software could take weeks or months, and there is the possibility that a mistake, typo or bug of such untested new software could brick the phone, making it inaccessible forever.
Another objection is that the software, once created, would not be limited to just one phone. If Apple wrote the new software, it could also be modified to help unlock other iPhones and iPads.
One more of Apple's worries is that complying with the U.S. government's request could open the door to similar requests from foreign governments, particularly Russia or China, the official said.
The FBI and Department of Justice are looking for information on Farook's phone between October 19, 2015 — the last known autobackup on the phone — and the date of the attacks on December 12.
The information was related by the FBI to Apple, according to a senior company official.
How it works
Understanding the fight between the Apple and the FBI requires an understanding of the quirks of the iPhone.
By default, iPhones make backups of the data stored on the phone to iCloud. To do so, they need to be connected to a power source and logged into a known WiFi network, like a home, school or work one that the phone has recognized before. The iPhone will perform the backup whether it's locked with a passcode or not.
According to federal filings, Syed Farook's work-issued iPhone 5C last made a full iCloud backup on Oct. 19, roughly six weeks before the San Bernardino terrorist attacks.
Apple already provided those auto-backups to the FBI under a court order.
But according to Apple, attempts at getting more updated versions of an iCloud backup from that iPhone 5C were thwarted by a San Bernardino employee within the first 24 hours of the investigation.
That employee reset the iPhone's iCloud account, which essentially creates an entirely new phone. Once a password is reset, any automatic backups associated with that account won't take place until the new password was entered, and that password is separate from the passcode on the phone. The only way to enter in the correct new Apple ID password would be to first unlock the phone with the passcode.
The problem, in this case, is that the phone in question was also manually locked with a passcode known only to Farook.
As a result, the act of resetting the Apple ID password associated with Farook's account prevented any chance that the phone would perform an auto-backup again.
San Bernardino fumbles
Although the phone was owned by the San Bernardino Health Department, it isn't clear what security software was on the phone to manage the device. The Apple executive said that it had been informed that some software associated with the county was on the phone but it was unaware if there was broader management software on the phone.
A properly configured enterprise security profile could have provided San Bernardino officials with access to the phone, even if it did not have the PIN code itself.
Apple also fought back against comments made in the Department of Justice's Motion to Compel that intimated that Apple's position was a marketing stunt.
Instead, Apple insist that this is a civil liberties issue that does not just affect this iPhone, but affects every iPhone.