Feds get data off terrorist's iPhone without Apple's help

That ends this particular legal battle between Apple and the FBI, but the broader debate over privacy and security lives on.

James Martin/CNET

Apple's officially off the hook.

The US Department of Justice, with the help of a third party, has successfully accessed data on a phone used by a terrorist in December's attack in San Bernardino, California, the agency revealed in a court filing Monday. It said it no longer needs Apple's assistance in unlocking the iPhone 5C used by Syed Farook, and it has asked Riverside, California-based US Magistrate Judge Sheri Pym to vacate her order compelling Apple to assist in the case.

The move Monday ends the legal battle between Apple and the FBI in this particular case, but it doesn't end the overarching battle about privacy and security. There are hundreds of other iPhones that law enforcement agencies around the country want unlocked, opening Apple to potential litigation across the US. And the government's success at accessing data on the iPhone also raises some concerns about the security of Apple's devices.

"We sought an order compelling Apple to help unlock the phone to fulfill a solemn commitment to the victims of the San Bernardino shooting -- that we will not rest until we have fully pursued every investigative lead related to the vicious attack," Eileen M. Decker, US attorney for the Central District of California, said in a statement. "Although this step in the investigation is now complete, we will continue to explore every lead, and seek any appropriate legal process, to ensure our investigation collects all of the evidence related to this terrorist attack."

After the filing, Apple reiterated its belief that the FBI's demand for a backdoor was "wrong and would set a dangerous precedent" and said that "this case should never have been brought."

"Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy," Apple said in a statement. "Sacrificing one for the other only puts people and countries at greater risk."

Last week, the Justice Department asked a judge to call off last Tuesday's hearing over whether Apple should have to make software that lets the FBI unlock an iPhone 5C connected to the San Bernardino attack. In a surprise revelation the day before the hearing, the government said an unnamed outside party had given investigators a method that might provide access to the phone's data. It wanted time to explore the alternative way to get into the iPhone.

Monday's move by the Justice Department ends the legal tussle between the tech titan and the government over a single iPhone, which has spun out into a broader debate with much more at stake. Technology companies and rights groups argue that strong encryption, which scrambles data so it can only be read by the right person, is needed to keep people safe and protect privacy. Law enforcement argues it can't fight crimes unless it has access to information on mobile devices.

Justice Department spokesman Marc Raimondi said Monday that "it remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails. We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors."

Monday's news raises questions about the security of Apple's devices and how the Justice Department was able to break into the phone. The FBI hasn't said what company it's working with or what method it used to access the data. Cellebrite, a privately held Israeli company that specializes in transferring and extracting data from phones, has been named in some reports as the third party helping the FBI unlock the iPhone, but neither the FBI nor Cellebrite has confirmed the reports.

A law enforcement official, speaking Monday with reporters on the condition of anonymity, declined to specify how the FBI got into the phone or what company helped it gain access. The official also declined to say whether the method works on other iPhones besides Farook's iPhone 5C, and it wouldn't say if the FBI would tell Apple about how it got into the phone.

"We cannot comment on the possibility of future disclosures to Apple," the official said. But the official, when asked about how the case will impact the government's relationship with Apple going forward, said the FBI's "goal is always to work cooperatively with Apple."

Still, if the FBI was able to hack into the iPhone 5C, it could mean other iPhones aren't as secure as believed.

"Although this averts the possibility of a further court decision that imperils Apple, it makes it clear that there is a security flaw in that generation of the OS," said Joshua Rich, a partner at Chicago-based law firm McDonnell Boehnen Hulbert & Berghoff. "Apple now will have to try to pinpoint the flaw and fix it -- most likely, without much help from the US government in showing how it got in. So while this resolution averts a crisis, it means Apple has more work to do."

Updated at 4 p.m. PT: Adds comments from law enforcement official.

Updated at 6:40 p.m. PT: With Apple's statement.

Apple Status report

Featured Video