FBI investigation of Minn. mall mass stabbing may rekindle iPhone encryption debate

article thumbnail

The FBI has the phone of Minnesota alleged terrorist and mass-stabbing perpetrator Dahir Adan, and is investigating how to gain access to the data contained within.

"Dahir Adan's iPhone is locked," FBI special agent Rich Thornton said in a statement. "We are in the process of assessing our legal and technical options to gain access to this device and the data it may contain." As of yet, the FBI has not declared what model iPhone it is, nor what version of iOS is running on the device.

Dahir Adan stabbed 10 people in the Crossroad Center mall in St. Cloud, Minn. on Sept. 17. The FBI claims that Adan "may have been radicalized" in the days leading up to the attack, but the exact vector of the "almost overnight" transformation is not clear, according to Thornton.

The spree was stopped by an off-duty police officer, who confronted and ultimately shot Adan.

Adan's family, and people who knew him, claimed that Adan may have been provoked in the mall before the incident according to the local Star Tribune, but the investigation to this point has identified a pattern, and a plan leading up to to the attack.

International radical groups are claiming responsibility for Adan's actions, but if they actually have direct involvement in Adan's behavior is not known. The FBI wants access to the phone to help determine what, if any, influence the groups may have applied to Adan prior to the attack.

Even though large metropolitan areas like New York City have hundreds of seized iPhones that they want the information extracted from with the number growing every day, Apple has so far prevailed in its efforts to prevent the courts from mandating the construction of a "master key" to allow unfettered access to an iOS device by court order. However, all of the combined factors in Adan's attack and investigation may lead to another high profile potential legal approach to force Apple to make the tool.

On Dec. 2, 2015, 14 people were killed and 22 were seriously injured by a mass shooting by Syed Rizwan Farook and Tashfeen Malik in San Bernardino California. The pair were ultimately shot by law enforcement after a four-hour chase.

Discovered amongst their possessions was a county-owned iPhone 5c. In a botched attempt to penetrate the phone, the county ordered a password reset on the device, preventing any data more recent than Oct. 19 from being automatically backed up to iCloud, and accessible to subpoena.

The Department of Justice said that they already had all the call logs for the device up to the date of the attack, as well as data backups from before the last connection of the phone to Apple's servers.

The judge overseeing the case dictated that Apple create a tool that would work with the seized iPhone 5c that would allow the government to unlock the phone, and grant access to the full contents and data store in the device's flash storage.

Apple CEO Tim Cook refused the request. The FBI ultimately purchased the services of a "grey hat" hacking company to penetrate the phone just hours before a court hearing about the subject, and no tangible data directly related to the shooting was ultimately found.

The FBI has refused requests for information regarding the iPhone 5c in the past, citing that since it does not own the hack, it can't talk about it. Apple has also said that they have no intention of filing suit for data about the penetration method, but a series of journalists have filed suit under the Freedom of Information Act to get this information.

As of yet, the FBI has not filed any legal request to demand Apple unlock Adan's phone.