Home > Apple > FBI: Crucial iCloud settings on San Bernardino…

FBI: Crucial iCloud settings on San Bernardino shooter’s iPhone are disabled

If you’ve been staying even tangentially abreast of the ongoing case involving Apple, the Federal Bureau of Investigation, and San Bernardino shooter Syed Farook’s locked iPhone, this may sound familiar: The handset, which was configured to back up data via iCloud, was reset by San Bernardino county officials at the instruction of the FBI, precluding any attempt by investigators to obtain sought-after evidence from Apple’s servers. According to the FBI, though, that isn’t quite true. In court documents published on Thursday, the agency contended that many of the phone’s backup features had been disabled prior to the government’s investigation.

Specifically, the FBI tells the court that the phone had been powered down and password-protected when the agency recovered it, making both a backup at that point impossible; in a sworn statement, FBI engineer Stacey Perino said that “the device would not connect to a Wi-Fi network until the passcode was entered.” A subsequent analysis of an October 19 backup — the most recent available — found that the iCloud’s reset function had been used on October 22, months before the agency came into possession of the phone. Furthermore, the agency said, forensic examiners were able to determine that the phone’s email, photo, and note backups had been disabled, making the data that the government is seeking impossible to extract from subsequent cloud backups.

“The evidence on Farook’s iCloud account suggest that he had already changed his iCloud password himself on October 22, 2015 — shortly after the last backup — and that the auto-backup feature was disabled,” lawyers for the government wrote in the filing. “A forced backup of Farook’s iPhone was never going to be successful.”

Related: Tim Cook denounces “chilling” FBI demands

Apple’s general counsel, Bruce Sewell, painted the FBI’s most recent filing as a “cheap shot” and an “unsupported, unsubstantiated effort to vilify Apple.” At a press conference on Thursday, he expressed incredulity at the government’s rhetorical bluntness. “In 30 years of practice, I don’t think I’ve ever seen a legal brief more intended to smear the other side … The one of the brief reads like an indictment.”

Sewell’s reaction aside, the FBI’s brief is much in line with what the agency and Justice Department have stated publicly over the past few weeks. At a congressional hearing in late February, FBI Director James Comey maintained that the agency’s reset instructions to the San Bernardino Department of Public Health — the authority charged with managing Farook’s iCloud account — were a “mistake.” But in subsequent comments, Comey and the Department of Justice have implied that a backup wouldn’t necessarily have contained the data investigators were seeking. “Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible without Apple’s assistance,” the Justice Department said last month

County officials reset the password on December 6, a few weeks after the FBI acquired the phone.

Related: Apple vs. the FBI: A complete timeline of the war over tech encryption

Apple, for its part, argues that even the iCloud backup settings had been disabled locally, a remote backup might have been possible. In its motion to vacate the FBI’s court-ordered unlocking of the iPhone, the company said that the FBI did not seek its technical guidance prior to directing San Bernardino officials to change the iCloud account password. “Unfortunately, the FBI, without consulting Apple or reviewing its public guidance regarding iOS, changed the iCloud password associated with one of the attackers’ accounts,” said Apple in a court filing, “foreclosing the possibility of the phone initiating an automatic iCloud backup of its data to a known Wi-Fi network.”

In the documents submitted Thursday, the FBI says that agents did consult with Apple, but that Apple ceased collaboration when investigators insisted on a method of extraction that would produce “the full set of data.” The agency from that point proceeded independently.

Thursday’s filing is only the latest development in a contentious legal face-off between Apple and the FBI. In February, the FBI obtained a court order compelling the company to create a customized version of iOS that would subvert the iPhone’s passcode lockout feature. Apple’s seeking to have that ruling overturned, arguing that it could set a dangerous and far-reaching precedent.

Apple has until March 15 to issue a reply to the government’s filing. The trial date is set for March 22.