The Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed soon after the government took possession of the device, Apple, San Bernardino County, and federal officials have acknowledged over the past 48 hours. If that password change hadn’t happened, senior Apple executives said on Friday afternoon, a backup of the information the government was seeking may have been accessible.
The dispute over retrieving the contents from Syed Rizwan Farook's phone broke into the open earlier this week, part of the government's investigation into the Dec. 2, 2015, attacks that left 14 dead.
Now, the government, through a court order, is demanding Apple build what the company considers a special backdoor way into the phone — an order that Apple is challenging. The government argues Apple would not be creating a backdoor.
The Apple executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a backdoor. One of those methods would have involved connecting the iPhone to a known Wi-Fi network and triggering an iCloud backup that might provide the FBI with information stored to the device between the October 19th and the date of the incident.
Apple sent trusted engineers to attempt that method, the executives said, but they were unable to do it. It was then that they discovered that the Apple ID password associated with the iPhone had been changed sometime after the terrorist's death -- within 24 hours of the government taking possession of the phone. By changing the password, the government foreclosed its ability to obtain a fresh copy of the most recent device data via this back-up-to-known-wifi method.
The FBI had claimed in a court filing on Friday that the password was changed by someone at the San Bernardino Health Department, writing, "[T]he owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely."
On Friday night, however, the San Bernardino County's official Twitter account stated, "The County was working cooperatively with the FBI when it reset the iCloud password at the FBI's request."
County spokesman David Wert told BuzzFeed News on Saturday afternoon the tweet was an authentic statement, but he had nothing further to add.
The Justice Department did not initially respond to repeated requests for comment.
Late Saturday night, more than 24 hours after Apple's Friday briefing, the FBI confirmed the county's account in a statement. "The FBI worked with San Bernardino County to reset the iCloud password on December 6th, as the county owned the account and was able to reset the password in order to provide immediate access to the iCloud backup data," the agency said in a statement.
The FBI downplayed the effect of the password reset, however, claiming that it "[does] not impact Apple’s ability to assist with the the court order under the All Writs Act," and adding that "the government's objective was, and still is, to extract as much evidence as possible from the phone."
A senior Apple engineer countered the FBI's assertions late Saturday night telling BuzzFeed News that the agency's explanation acknowledged that its changing of the Farook's Apple ID password prevented the auto backup and that such backups do indeed have value. As such, the engineer continued, the reset closed off an avenue through which the FBI might have been able to gather information.
Had this password not been changed, Apple senior executives said Friday, the government might not have needed to demand the company create a “backdoor” to access the iPhone used by Farook, who died in a shootout with law enforcement after the attack. Following up on a court order that had been granted earlier in the week, the Department of Justice filed a motion to compel Apple to create the backdoor earlier Friday.
The Apple senior executives spoke with reporters on Friday afternoon to respond to the government’s filing, noting that the government had opened the door to discussion of Apple’s prior efforts in the case by disclosing those actions in its Friday filing.
Creating backdoor access to Farook's iPhone, the executives said, would put at risk the privacy of millions of users. It would not only serve to unlock one specific phone, they said, but create a sort of master key that could be used to access any number of devices. The government says the access being sought could only be used on Farook's device, but Apple's executives said that there is widespread interest in an iPhone backdoor, noting that Manhattan District Attorney Cyrus Vance said Thursday that his office has 175 Apple devices he'd like cracked. Apple's executives also claimed that no other government in the world -- China included -- has ever asked the company for the sort of FBiOS the government is demanding that it build now.
Asked why the company is pushing back so hard against this particular FBI request when it has assisted the agency in the past, Apple executives noted that the San Bernadino case is fundamentally different from others in which it was involved. Apple has never before been asked to build an entirely new version of its iOS operating system designed to disable iPhone security measures.
The Apple senior executives also pushed back on the government’s arguments that Apple's actions were a marketing ploy, saying they were instead based on their love for the country and desire not to see civil liberties tossed aside.
The U.S. Department of Justice has not yet responded to a request for comment.
This story was updated on Saturday to include information regarding a statement issued by San Bernardino County.
This story was updated early Sunday morning with news information provided by the FBI and a response from an Apple official.