Did law enforcement make a big error in its handling of the iPhone after the San Bernardino shooting?
That’s what Apple is claiming. According to senior Apple executives, there was a lost opportunity to get into the shooter’s iCloud account, which had been backed up six weeks prior to the shooting. They said the iCloud password was changed hours after the shooting, preventing a potential iCloud backup that may have revealed further information about the suspect.
The phone was actually issued to the shooter, Syed Farook, by his employer and belonged to San Bernardino county. According to senior Apple executives, in an attempt to access the device soon after the attack, someone at the county changed the iCloud ID password, preventing a potential iCloud backup.
On Friday, San Bernardino county tweeted that it had reset the iCloud password at the FBI’s request. Apple engineers would have tried to find a known Wi-Fi network that the suspect had utilized. That’s because the phone would’ve backed up to iCloud when it was on a trusted network and plugged in — assuming the password hadn’t been changed and the suspect had his Wi-Fi turned on.
Speaking generally about the way the iPhone interfaces with iCloud, an Apple spokesperson said there’s no way to tell from Cloud reports if backup was turned on or off. According to the spokesperson, there’s also no way to tell whether or not Wi-Fi was turned on. Regardless, the investigative option to find out was ruled out when the password was reset. The Department of Justice acknowledged that the password had been changed.
But, the Justice Department, in a footnote to its filing on Friday, said that any backup would have been “insufficient” because it didn’t have the same amount of information as what was on the phone itself. Furthermore, investigators believe the shooter had turned off auto-backup, saying the phone had been auto-updating weekly until the last backup six weeks before the shooting.