Yes, the February 19 filing says that—they have service records from Verizon that show communications occurred, but those aren’t in the iCloud backup.
The problem with that argument? There’s no way to selectively back up to iCloud—it’s all or nothing. So if communications from July, August, September, and October are not in the October 19 iCloud backup, it would be pretty surprising to find them on the phone. One logical explanation is that they were deleted by Farook before October 19.
What’s with this story about the iCloud password being changed, and who’s to blame?
It’s kind of a mess. First, the February 19 filing mentioned that the owner (again, that’s San Bernardino County) reset the password for the Apple ID tied to the iPhone—Farook’s iCloud password, in other words. “The owner…was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup.”
So that kind of read like the FBI thought the county had screwed up, but then the next day, February 20, the county’s Twitter account tweeted that the FBI had instructed the county to do so.
The County was working cooperatively with the FBI when it reset the iCloud password at the FBI’s request.— CountyWire (@CountyWire) February 20, 2016
The FBI released a statement on February 21 to Ars Technica admitting that yes, it had ordered the password reset. But the FBI still maintains that the iCloud backup wouldn’t have everything the investigators would get if they could just get into the phone, which is why the court order was issued in the first place.
The New York case, and why iOS version matters
Farook’s iPhone is running iOS 9, and passcode-based encryption was added in iOS 8. But if Farook’s iPhone was running iOS 7, Apple would still help?
Apple has published a set of Legal Process Guidelines (PDF) that outline the process for law enforcement to request assistance from Apple, as well as what information Apple can provide.
They read in part:
For all devices running iOS 8.0 and later versions, Apple will not perform iOS data extractions as data extraction tools are no longer effective. The files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess. For iOS devices running iOS versions earlier than iOS 8.0, upon receipt of a valid search warrant issued upon a showing of probable cause, Apple can extract certain categories of active data from passcode-locked iOS devices.
However, the government’s February 19 court filing states in a footnote, “Apple has informed another court that it now objects to providing such assistance.”
Sign up for CIO Asia eNewsletters.