Syed Farook's iPhone is a Bust for the FBI

FBI: Nothing to see here, move alongFBI: Nothing to see here, move along

Mr. Baker responded to questions about the San Bernardino mass shooting investigation this week at an International Association of Privacy Professionals conference where he said, “We’re now doing an analysis of that data, as we would in any other type of criminal terrorism investigation,” according to the Wall Street Journal.

He added that there hasn't been enough time for the FBI to determine if anything on the iPhone has value to the investigation. “It's simply too early,” Mr. Baker said.

The iPhone in question was recovered from Syed Farook—one of the two shooters who killed 14 people at a San Bernardino County employee party last December—after he was killed in a shootout with police. The FBI enlisted Apple's help to recover data from the phone in January and was able to get iCloud backups from October, leaving several weeks worth of data they couldn't see because it was hidden away and encrypted on the iPhone. The cell service provider handed over what data they had, too.

That gave the FBI about two months to pour over the data they had up to that point.

Next up: The FBI's worthless iPhone

The FBI's worthless iPhone

Mr. Farook's iPhone was work-issued to him by his employer, San Bernardino County. He destroyed his personal phone before launching into a shooting spree with his wife, Tashfeen Malik, which is a hint that he was using just his personal phone for any potentially incriminating activity.

The FBI's no-leads iPhoneThe FBI's no-leads iPhone

The FBI pushed Apple to unlock Mr. Farook's work iPhone, and when Apple said that wasn't possible, agents obtained a court order telling the company to make a hackable version of iOS so they could bypass the lockscreen passcode and see the device's encrypted contents. Apple didn't comply and instead asked the court to toss out the order saying the FBI didn't have the legal authority to obtain it, and that it would set a dangerous precedent where the government could force companies to create backdoors into encrypted devices.

The fight went on hold two weeks ago when the FBI revealed an unnamed company could hack into the iPhone without Apple's help. A week later, the FBI said the company succeeded and it had access to the phone's data. That gave the FBI conservatively a full week to analyze the iPhone's contents, but likely closer to two weeks. Analyzing the phone's data for content useful to the investigation can be done in a day, which digital forensic expert Jonathan Zdziarski pointed out in a Twitter post.

Assuming the FBI couldn't start analyzing the data until last Monday when it announced the data on Mr. Farook's iPhone was accessible, and we give the agency the benefit of the doubt and say it took three times as long to work through what was on the device, that puts us at last Wednesday—a full week ago. If the FBI could start analyzing data even earlier, it's possible agents had about two weeks to work with.

Even going with the conservative only-a-few-days time frame, that means either there wasn't anything of value on Mr. Farook's iPhone, or the FBI's mobile device forensics team isn't qualified to work with the device. Considering this is something the FBI's specialists work with all the time, incompetence doesn't seem like a reasonable explanation—which means there wasn't anything worth recovering from the iPhone.

San Bernardino police chief Jarrod Burguan felt that was the case in February before the FBI hacked into Mr. Farook's iPhone. “I'll be honest with you, I think that there is a reasonably good chance that there is nothing of any value on the phone,” he said. “What we are hoping might be on the phone would be potential contacts that we would obviously want to talk to.”

There's a good chance if there were any potential contacts worth following up on, they were discovered in the iCloud backups Apple gave to the FBI and known back in January.

Ultimately, the FBI and DOJ spent thousands of dollars trying to force Apple to unlock an iPhone they reasonably knew wouldn't contain any useful information. In the end, they spent thousands more paying a still unnamed company to hack into the device and have nothing to show for it.

Saying “We didn't find anything, but at least now we know” at this point would only hurt the DOJ's anti-encryption battle, and if there was something of value there it's very likely the FBI would've already thrown it back in Apple's face as justification for unlocking order. 

That leaves one option for the FBI, and that's to say it's too early, and the investigation is still underway—and that's government-speak for there wasn't anything on Syed Farook's iPhone to find.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WIN an iPhone 16 Pro Max!