There have been many blogs and news stories on the “locked” Texas Shooter’s iPhone. I think it’s safe to say that it is an Apple device. So, reading tea leaves, what do we really know.

  1. Apple advised the FBI to use the finger of the shooter, Mr. David Kelly. This confirms that the device is an iPhone 5S up to iPhone 8. 
  1. The shooting happened on November 5, 2017.  Apple released iOS 11 on September 19, 2017. It is possible that a version of IOS 11 was on that device. There is a lot of speculation on how many devices have updated to iOS 11.  

There are reports anywhere from 48% to 66% adoption rate. The reason this is important is the passcode becomes more of an issue than the Touch ID. Touch ID is now just one step in the process to allow a phone to be accessed by any Forensic Software on the market today. As I posted sometime back on the release of IOS 11, once an iPhone is connected to any USB device, there is a prompt to input the passcode in order to “trust” that device.   In the San Bernardino Case, this wasn’t even a problem, now it’s a huge one!  

  1. A pairing record is a file for every iOS device that connects to a Mac or PC. This can enable law enforcement to bypass the need for the passcode. Unfortunately for law enforcement, fewer people are backing up their phones to a computer and moving to the cloud. 
  1. iCloud.  Here law enforcement can ask Apple for assistance. But the question arises did Mr. Kelly backup his phone at all? Even a backup is a historical record and not a complete record and may not have up to date information that could be crucial to an investigation.

How did law enforcement find the iPhone? Was it in his Vehicle? Was it at home? Was it powered on or off.  These are big considerations. Yes, again here it comes, the passcode again!!  Everyone looks at the encryption on the phone as the issue.  It’s not, it’s Apple’s implementation of the doorway into the phone. That is the problem, in my opinion, namely the passcode, Touch ID and now Face ID have a 48 hour time-out along with rebooting or power loss of the device. These actions enable the passcode and negates the Touch ID or Face ID.

There is more! In Apple’s Keynote when Mr. Phil Schiller was explaining the implementation of Touch ID was that it had the following;

1. Touch Capacitive Sensor

2. 170 microns thin

3. 500 ppi resolution 

4. Scans sub-epidermal skin layers

5. 360 Degree readability

This was designed not to be spoofed even from a dead person’s finger. Touch ID actually got better from inception up to the iPhone 7. 

Now, let’s say that Mr. Kelly had an iPhone X, one his body is cold, two he’s certainly not attentive, and it certainly has iOS 11 on it. So, again the phone couldn’t have been accessed. In this example it’s worse than Touch ID.

Apple needs to get ahead of this because after a few more high profile cases hit the media (and it will), they need to blame law enforcement as the problem not Apple. This is strike two on law enforcement, San Bernardino and now Texas. Eventually the public isn’t going to buy it anymore. It is Apple and their stick their thumbs at law enforcement attitude which just makes it harder an harder every new version of iOS.  

I’ve owned Apple iPhones since the iPhone 2G. I really like Apple’s hardware, I have almost everything you can think Apple makes. I don’t mind the encryption on my phones.  But I do mind that the whole security paradigm has gone way too far. Keep the encryption, keep Face ID, and Touch ID I really don’t care, but don’t put it to a point that it’s bordering on obstruction of justice and hampering the ability of solving horrible crimes. 

The first thing people say, “What did law enforcement do before smartphones?”  Nothing different, people changed the way law enforcement investigate crimes because of smartphones. Let’s think about this for a minute… What is stored on the phone? Calls, messages, apps, and of course the excellent cameras you now find on modern smartphones. 

I remember several years ago I got an phone call about a case in Florida where a victim of a homicide was being video tapped buy his own phone and had the presence of mind to name all his killers before he died. Now imagine if that phone couldn’t be accessed? He wanted this to be found. Where would Apple’s help be? 

Regardless of what actually happened, and only the ones that know are the ones that have tried to access this phone. Apple can’t continue to evade the question, how far they’re willing to help victims of crimes? Evidently not far enough. There are small changes they can make and not give a backdoor. Just have to think outside of the politics of it all.