The FBI, Apple, and the San Bernardino Massacre

II. Factual Background

The Federal Bureau of Investigation ("FBI") is in possession of a cellular telephone that was used by Syed Rizwan Farook ("Farook"), one of the terrorists who caused the December 2, 2015 shooting death of 14 people, and the shooting and injuring of 22 others, at the Inland Regional Center ("IRC") in San Bernardino, California. The cellular telephone is of Apple make: iPhone 5C, Model: A1532, P/N: MGFG2LL/A, S/N: FFMNQ3MTG2DJ, IMEI: 358820052301412, on the Verizon Network ("the SUBJECT DEVICE"). The SUBJECT DEVICE was seized pursuant to a federal search warrant for a black Lexus IS300 in Docket Number ED 15-0451M, which was issued by the Honorable David T. Bristow, United States Magistrate Judge, on December 3, 2015. The underlying search warrant, which authorizes the search of the contents of the SUBJECT DEVICE, is attached hereto as Exhibit 1 and incorporated herein by reference.

As explained in the attached declaration of FBI Supervisory Special Agent ("SSA") Christopher Pluhar, the underlying search warrant for the SUBJECT DEVICE arose out of an investigation into the IRC shootings, and the participation by Farook and his wife, Tafsheen Malik ("Malik"), in that crime. Subsequent to execution of the search warrant at issue, the FBI obtained numerous search warrants to search the digital devices and online accounts of Farook and Malik. Through those searches, the FBI has discovered, for example, that on December 2, 2015, at approximately 11:14 a.m., a post on a Facebook page associated with Malik stated, "We pledge allegiance to Khalifa bu bkr al bhaghdadi al quraishi," referring to Abu Bakr Al Baghdadi, the leader of Islamic State of Iraq and the Levant ("ISIL"), also referred to as the Islamic State ("IS"), the Islamic State of Iraq and al-sham ("ISIS"), or Daesh. ISIL, formerly known as Al-Qai'da in Iraq ("AQI"), has been designated a foreign terrorist organization by the United States Department of State, and has been so designated since December 2004. Farook and Malik died later that same day in a shoot-out with law enforcement. The government requires Apple's assistance to access the SUBJECT DEVICE to determine, among other things, who Farook and Malik may have communicated with to plan and carry out the IRC shootings, where Farook and Malik may have traveled to and from before and after the incident, and other pertinent information that would provide more information about their and others' involvement in the deadly shooting.

The SUBJECT DEVICE is owned by Farook's employer, the San Bernardino County Department of Public Health ("SBCDPH"), and was assigned to, and used by, Farook as part of his employment. The SBCDPH has given its consent to the search of the SUBJECT DEVICE and to Apple's assistance with that search.[1]

However, despite the search warrant and the owner's consent, the FBI has been unable to search the SUBJECT DEVICE because it is "locked" or secured with a user-determined, numeric passcode. More to the point, the FBI has been unable to make attempts to determine the passcode because Apple has written, or "coded," its operating systems with a user-enabled "auto-erase function" that would, if enabled, result in the permanent destruction of the required encryption key material after 10 erroneous attempts at the passcode (meaning that after 10 failed attempts at inputting the passcode, the information on the device becomes permanently inaccessible). When an Apple iPhone is locked, it is not apparent from the outside whether or not that auto-erase function is enabled; therefore, trying repeated passcodes risks permanently denying all access to the contents. Primarily because of this function and the delays that would be introduced by successive incorrect passcodes (discussed below), the government has not been able to attempt to determine the passcode and decrypt the files on the SUBJECT DEVICE pursuant to the search warrant, and the FBI cannot do so without Apple's assistance.

Apple is the manufacturer of the SUBJECT DEVICE, and the creator and owner of its operating system and software. Apple has the ability with older operating systems to obtain the unencrypted file content from phones without the passcode, and has routinely done so for law enforcement with a search warrant and accompanying All Writs Act order. While Apple has publicized that it has written the software differently with respect to iPhones such as the SUBJECT DEVICE with operating system ("ios") 9, Apple yet retains the capacity to provide the assistance sought herein that may enable the government to access the SUBJECT DEVICE pursuant to the search warrant.

Specifically, and as detailed below, Apple has the ability to modify software that is created to only function within the SUBJECT DEVICE that would ensure that the added auto-erase function is turned off, allow for electronic submission of test passcodes, and ensure additional delays are not created. This would allow the government multiple investigative attempts to determine the passcode in a timely manner, without fear that the data subject to search under the warrant would be rendered permanently inaccessible. It is this assistance from Apple, which is required to execute the search warrant, that the government now asks the Court to order.

[1] In addition, SBCDPH has a written policy that all digital devices are subject to search at any time by the SBCDPH, which policy Farook accepted via signature upon his employment.