How Apple Helped Me Crack iPhones Like Clockwork

Updated on
  • Ex-prosecutor describes the routine: Send phone, get data
  • Was it a 'back door' even then? Can Cook show it's more now?

Apple vs. FBI: Balancing Privacy and National Security

For years, cops who wanted to break into iPhones knew the drill.

“Get a warrant. Then you make an application under the All Writs Act,” said Michael Yaeger, a former assistant U.S. attorney in Brooklyn who oversaw efforts to obtain warrants for phones from about 2012 to 2014. The All Writs Act is a catch-all law prosecutors use to get court orders to enforce search warrants.

QuickTake Apple

Warrant in hand, prosecutors would send the locked phones of suspected or convicted criminals and terrorists to Apple Inc.’s headquarters in Cupertino, California. Weeks later, Apple would send data from the phones, such as text messages, photos and contacts, back to law enforcement. Apple even had a guide including the preferred language for warrants. It was “not exotic,” Yaeger said in an interview.

“Let’s just call it a ‘back door,’ because that’s pretty much what it was,” Adam Wandt, an expert in digital forensics and information security at John Jay College of Criminal Justice, in Manhattan, said of the company’s extraction procedures. 

But isn’t that exactly what Apple says the government is asking it to create now, for the first time?

Not at all, the company says. It says a back door is a deliberate part of a phone’s design -- and something it has never engineered.


Knock, Knock

Tensions between Apple and law enforcement over privacy, simmering since 2014, reached a boiling point when a judge ordered the company to help the Federal Bureau of Investigation unlock a phone used by one of the shooters in last year’s terrorist attack in San Bernardino, California. The phone is outfitted with newer technology that Apple developed to be impenetrable, even to the company itself.

Making a tool to unlock the phone would be like creating a “cancer,” Apple Chief Executive Officer Tim Cook declared last month as Apple launched its battle against the Justice Department. Cook warned the fix could be used by criminals and spies. The company argues that the All Writs Act shouldn’t be used to force it to write new software.

But it’s not just phones with tough-to-crack encryption at issue in Apple’s privacy battle. The company is fighting against warrants for phones with older technology, too -- the kind it used to hack for Yaeger and other prosecutors all the time. That could look inconsistent, or even contradictory, to judges, and cloud Apple’s argument that the government’s extraordinary demands in this new case have crossed a line.

“Apple never wanted this code leaked out, but they did have [a back door], and a lot of people would use it,” Wandt said.

While Apple may have legal and technical arguments on its side that the courts should focus on, its position on the older technology “affects public perception” of its motives, said Scott Vernick, head of the data security and privacy practice at Fox Rothschild LLP.

“The government is making the argument that the past is prologue” even though technology has changed, said Jeffrey Vagle, executive director of the Center for Technology, Innovation and Competition at the University of Pennsylvania Law School.

Two Fronts

“Forcing Apple to create new software that degrades its security features is unprecedented and unlike any burden ever imposed under the All Writs Act,” Apple said in a reply brief filed Tuesday in court in Riverside, California. The company said it has protected its users’ privacy and security through “increasingly secure operating systems.”

There are ways to get into smartphones, and investigators haven’t always had to rely on Apple, or other technology companies, for access. Mobile forensics firm Cellebrite sells portable data extraction systems to law enforcement and boasts that it can “bypass any type of lock from more than 300 locked Android devices.” Wandt said the systems cannot break through newer versions of iPhone encryption. A representative of Cellebrite didn’t have an immediate comment.

In Riverside, Apple is arguing it would take weeks of programmer time to figure out how to unlock the San Bernardino iPhone, which runs the iOS 9 operating system, and could weaken security for all phones. Meanwhile, in a Brooklyn case against a drug dealer, it is arguing that it faces an undue burden in cracking phones with older operating systems, too -- even though prosecutors say it has opened such phones “dozens” of times. Of 12 other devices for which the company said it is opposing federal search warrants, seven run iOS 7 or older operating systems.

“I don’t see any reason why Apple wouldn’t comply” with a warrant in the Brooklyn case, said Darren Hayes, a professor of cyber security and digital forensics at Pace University, in New York. “They’ve gotten into those phones many times.”

Prosecutors had obtained a warrant for the phone but needed an All Writs order from a judge to serve their demand on Apple. The judge turned them down.


In the past, when prosecutors were confronted by a locked iPhone that they couldn’t open with third-party technology or with the “brute force” approach of entering innumerable pass codes, they could turn to procedures in Apple’s law enforcement guide. The company advises in the guide that it can extract data for devices “running iOS 4 through iOS 7.”

The extraction was conducted on locked phones through a secret process at Apple’s headquarters by the company’s own technicians, Yaeger said. Apple told them in the guide to ship the device, along with external memory devices such as thumb drives, and the extracted material would be sent back on those devices, he said.

The company still maintains a staff of legal and technical employees to address search warrants for phones and other law enforcement requests. Apple has said those staff members have fielded thousands of requests for information each year from law enforcement, although not all involve search warrants. 

Soon that process will seem quaint: The number of iPhones Apple can access with existing methods is dwindling. According to the company, only about 10 percent of them run iOS 7 or older.

Curve Ball

The prosecutors in the Brooklyn case thought they were following standard procedure by seeking a court order demanding compliance with the warrant. Then U.S. Magistrate Judge James Orenstein threw them a curve ball by preemptively soliciting Apple’s views before making his ruling. In a decision hailed by civil libertarians, he sided with the company and found that the government’s demand imposed a burden and that prosecutors were pushing the All Writs Act too far.

A company official said that Apple seized on the opportunity to fight those orders when Orenstein offered Apple the chance to weigh in. The company sees the ruling as helping its cause by establishing a lower bar for what constitutes a burden.

“We’re being forced to become an agent of law enforcement, and we cannot be forced to do that with our old devices or with our new devices,” a lawyer for Apple, Marc Zwillinger, told the judge during a hearing in October, responding to questions about why the company chose not to help prosecutors anymore. “I think Apple’s views are we are not in the business of accessing our customers’ data.”