The iPhone in This Battle Between the FBI and Apple May Not Even Matter

The shooters destroyed their personal phones before carrying out the attack.


In a Medium post that went up on Friday, a promient information security researcher known as TheGrugq brought up a noteworthy, underreported aspect of the debacle between the U.S. Government vs. Apple: it’s not at all clear that the iPhone the government wants Apple to unlock contains anything important.

The shooters, Syed Farook and Tashfeen Malik, obliterated their personal phones before initiating the attacks. TheGrugq continues:

It is unclear why Farook would destroy his personal phone but not his work phone if the work phone had sensitive data. They were already destroying two devices, why not three? They were executing some sort of ‘going dark’ plan. It seems entirely possible that they didn’t see the need to destroy a device that was never used for anything sensitive.

Another underreported twist is that the iPhone in question was recovered from a car insured by Syed Farook’s mother, Rafia Farook. The only other items recovered from the black Lexus IS300, the Daily Mail reported on December 8, 2015, were: “multi-tool, key, business card, miscellaneous indicia, bank receipt, shooting targets, hammer, vice grips, U-Haul receipt, tire receipt, notebook, garment, GoPro packaging, vacuumings, legal documents.”

In addition, the government has already collected an absurd amount of information from Farook and Malik’s (surprising amount of) other devices — even, presumably, communications from those devices that the shooters destroyed.

Here’s a rundown of the most relevant reportage, in roughly chronological order (emphases added):

…From ABC News, December 3, 2015:

“Sources say mobile phones, hard drives, virtually anything with digital memory that was associated with the alleged shooters — Syed Farook and Tashfeen Malik — was smashed. … One law enforcement source tells ABC News that while investigators have some capabilities to mine information from damaged digital media, ‘they are not miracle workers.’ … The hope is that some of the information, such as email and texting, might be retrieved from internet providers and mobile phone companies.”

…From CNN, December 4, 2015:

“Two relatively new cellphones were found smashed and tossed in a garbage can near one of the crime scenes, law enforcement officials said. Officials suspect the phones were damaged to hide call histories. A computer found at the couple’s home was missing a hard drive. Investigators have subpoenaed email service providers to retrieve communications.”

…From the New York Times, December 4, 2015:

“When they were killed, Ms. Malik had what investigators believe might have been a ‘burner phone,’ meant to be used for a short time and discarded, with no social media apps or other identifying information on it. … After searching the couple’s townhouse, the F.B.I. left behind a long list of items it had confiscated. Reporters were able to see the list when the landlord opened the home to them. It included a .22-caliber rifle purchased by Mr. Farook, boxes of ammunition, holsters, a cellphone SIM card, a laptop, a wireless router and a variety of tools and hardware.”

The rented Ford SUV in which Farook and Malik were killed. 

Wikimedia Commons

…From the Washington Post, December 4, 2015:

“The shooters also sought to cover their tracks by damaging some of their personal electronic devices, as authorities found two crushed cell phones and other ‘evidence that [the shooters] attempted to destroy their digital fingerprints,’ said David Bow­dich, assistant director in charge of the FBI’s Los Angeles office.”

…From PBS, December 5, 2015:

“… authorities were able to obtain roughly two years’ worth of calling records directly from the phone companies of the married couple blamed in the attack. The period covered the entire time that the wife, Tashfeen Malik, lived in the United States, although her husband, Syed Farook, had been here much longer.

…From NBC News, December 8, 2015:

Officials have had difficulty retrieving information from the couple’s cell phones because they destroyed them prior to the attack, and because some of the data from the phones was apparently encrypted.”

…from CNN, December 11, 2015:

“Investigators have found data on a tablet computer and other cell phones at the couple’s home, he said. The FBI is still trying to recover information from two smashed cell phones found in a garbage can near the home.”

…from the New York Daily News, December 27, 2015:

“The FBI has questioned the cleric, Roshan Zamir Abbassi, about his phone communications with Farook — including a flurry of at least 38 messages over a two-week span in June.”

The iPhone around which the current debate revolves is not mentioned in any report — including, notably, the December 8 CNN report, which discussed encryption challenges. Many of the news outlets discussing the destroyed personal phones were informed that the shooters sought to eliminate all digital fingerprints.

The original search warrant for Farook’s mother’s Lexus, however, was requested and approved on December 3. On December 21, the search and seizure warrant was returned executed. On January 29, the government submitted an application for “First Extension of Time Within Which to Retain and Search Digital Devices.” Given that the only digital device within the Lexus was the iPhone 5c, we can infer the subject of this application.

Several documents were sealed — made confidential — in the ensuing few days, until February 2, 2016. On that day, the government filed an application for an order to unseal select documents and Magistrate Judge David T. Bristow approved it, proceeding to issue an order. That order: “Order Unsealing this Matter, Specifically the Search Warrant and Attachments, All Else to Remain Under Seal.” Then, February 16, the government filed their application for a court order compelling Apple’s assistance, which Judge Sheri Pym then approved — and, in so doing, sparked the national debate.

And, as the New York Times reported on Friday, the motion to unseal the search warrant was a power move by the government.

It’s not unreasonable for the government to want to cover all their bases — and the reader can conclude from this roundup what he or she wants — but, at the very least, we have more evidence that, for both sides, it’s more about precedent than about anything else. The iPhone in question is unlikely to contain information of much relevance, and the government’s publicity is an outright power move.