Apple’s month-long battle with the FBI is over — but the struggle between digital privacy and government surveillance isn’t. The beginning of the end came a week ago, on March 21, when the government backed out of its latest hearing with Apple over the fate of a locked iPhone belonging to one of the San Bernardino shooters. The government claimed that a mysterious “outside party” had provided it with an alternative approach to bypassing Apple’s security features; and on Monday, it announced that the approach had worked, in a short filing which withdrew all charges against the software company.
For now, it appears, the legal fight is done. Apple is no longer under any pressure to help the government compromise the security of their phone, and the government has the data it wanted, which may or may not help it advance their investigation of the terrorist attacks in San Bernardino that killed 14 and wounded 22. But with the legal dust (read: zinger-filled motions) beginning to settle, there are a whole lot more questions than answers left behind.
1. Who unlocked the phone?
For the past week, journalists and consumers have wondered who the government’s mysterious “outside party” was. On March 24, an Israeli paper reported that the FBI had hired Cellebrite, an Israeli digital forensics firm, who seemed confident that they could crack the phone. Neither Cellebrite nor the government confirmed that this was the case, and FBI Director James Comey claimed “Lots of folks came to us with ideas,” on how to crack the phone. Others suspected that the technique wasn’t new, or was done by another government agency.
Cellebrite might still be a smart bet, as an anonymous source confirmed to the New York Times that the source had been an non-government entity.
2. How did the government unlock the phone?
A variety of experts have said all along that there were ways to get into the iPhone in question. Apple’s encryption and security aren’t perfect, but thus far everyone in the know (besides John McAfee) has been tight-lipped about how the hack actually works.
3. Will the government tell Apple how the hack works?
This is perhaps one of the most telling questions in the government’s relationship with Apple going forward. It points to the government’s glaring hypocrisy in the Apple case — for weeks, it claimed that it could only access the iPhone with Apple’s help, but when the fight dragged on, they clearly pursued other options, even after Comey testified under oath that the FBI needed Apple’s help, and Apple’s help only. But now the government has successfully penetrated the phone, exposing some flaw in Apple’s security — but they won’t say how.
The Electronic Frontier Foundation argues that if the iPhone hack exposes a flaw in Apple’s security, the government should tell the tech company how to fix the issue and protect their customers from unlawful attacks (from malicious hackers who aren’t working for the government). They’ve also long insisted that the case is about the San Bernardino phone alone, and isn’t connected to setting precedent.
4. How safe is your iPhone?
The government claims that it has a hack to get data off of an iPhone 5C running Apple’s iOS 9 mobile operating system, with a 4-digit passcode and the passcode security wipe feature enabled, which wipes the device’s memory after a number of unsuccessful code attempts. This means the government must find a way around the passcode without using a brute force attack, where a computer plugged into the phone speeds through all of the possible passcode combinations to unlock the device. Security experts recommend switching your phone to an alphanumeric passcode, which greatly increases the number of combinations a hacker needs to work through. According to Melanie Newman, the DoJ’s Director of Public Affairs, the government did not say that the hack only worked on the individual phone in question, which means it probably works on all iPhones of that model running that version of iOS.
5. What happens next?
This one depends highly on the answer to question number two. By some interpretations of the law, the government is technically required to tell Apple how it broke into the phone through the Vulnerabilities Equities Process.
It’s also worth noting that by compromising the iPhone’s security, the government (which technically owns the phone, as it was leased to the terrorist by San Bernardino County for work) is breaking Apple’s iOS Terms of Service. John McAfee has suggested that Apple could sue the government for tampering with the phone, but thus far Apple hasn’t made any noises indicating that they were preparing a counter-suit.
Apple’s legal team said “This case should never have been brought,” but maintained that they would still assist law enforcement inside the bounds of the law, while still protecting their customers. “We will continue to help law enforcement with their investigations, as we have done all along,” the company said. “And we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.”