Apple served with warrant for Texas mass killer’s iCloud data

Here we go again: another mass shooting, another killer’s iPhone that police can’t get into, and potentially another legal battle over Apple’s encryption.

Earlier in the month, the FBI announced it couldn’t break into the iPhone of Devin Patrick Kelley, the shooter in the mass murder of 26 people in a church in Sutherland Springs, Texas.

Now, court records seen by the San Antonio Express-News show that two days after the FBI’s announcement – and its bemoaning of the way Apple’s encryption hampers law enforcement – a Texas Ranger obtained search warrants for data belonging to the Sutherland Springs killer.

One warrant, issued on 9 November, is for files stored on an iPhone SE found near Kelley’s body and on a second LG phone. Another warrant seeks files stored in Kelley’s iCloud account – specifically, phone call and message information, photos and videos, and other data dating back to 1 January 2016. The warrants are also seeking social media passwords, contacts, and other data.

Apple’s policies allow it to share iCloud data with law enforcement if they secure a proper warrant. But whether there’s anything useful in Kelley’s iCloud account depends on how frequently he created backups. That makes the phones themselves receptacles of a potentially fuller, more up to date stash of evidence than that on the killer’s iCloud account.

The iPhone SE has a fingerprint sensor. Police could have used the dead killer’s fingertips to log into the device, but they missed the window of time to do so: after several hours without a login, the phone requires a passcode.

Apple has declined to comment on the ongoing investigation, including the question of whether the company has complied with the warrant and handed over Kelley’s iCloud data. As of Monday afternoon, somebody familiar with the matter told The Verge that Apple had received the warrant for the iCloud data, but not the phone data.

Days after the FBI’s announcement that it couldn’t get into Kelley’s phone, Deputy US Attorney General Rod Rosenstein was once again calling for what he’s dubbed “responsible encryption”. That, unfortunately, is the non-existent kind that can be defeated only by good guys – as in, any law enforcement agency bearing a warrant – but is somehow magically resistant to bad guys.

As encryption experts have noted at least since the San Bernardino mass killings and ensuing legal tussle over encryption, that’s not a thing. If you can defeat encryption, hackers will figure out how, and all devices will thus be rendered vulnerable.

As Naked Security’s Taylor Armerding notes, that 2016 FBI vs. Apple court battle over government access to encrypted devices never settled the issue. It was simply put on hold when the issue was made moot by the FBI hiring a company that managed to break into the iPhone of the killer.

If the FBI can get a contractor to break Apple encryption on its behalf, why is breaking its encryption still an issue?

Because doing so is quite pricey, for one thing: the FBI paid the Israeli mobile forensics firm Cellebrite about $900,000 to unlock a single phone (though the Bureau never confirmed who did the job). That price was confirmed by remarks made by Senator Dianne Feinstein during an open hearing with then-FBI director James Comey in May.

For another thing, the iPhone-breaking technology only works on a “narrow slice of phones,” according to what Comey said at that hearing. The process, or tool, or whatever it is, doesn’t work on an iPhone 5s or later. It was narrowly tailored to only work on an iPhone 5C operating on iOS 9, according to Comey.