wild how the commentary here covers so much ground.
From the least considered brain fart material to some well thought out and decently communicated responses. And this is (supposed to be) a technical website.
I've not jumped out the gate on this one and have had my moments to think it through. (although I have to admit in a haze from a major sinus/ear infection, and having two separate major tragedies in my immediate circle of friends this week)
1) The FBI have had this phone for a number of months since the events took place. Most of the data from the phone has been retrieved from the iCloud backups, but there are (I think I worked it out to) approximately 2 weeks worth of data that was not backed up to the iCloud.
2) Much investigation has been conducted based on who these two had interacted with in the months leading up to the event, however no further arrests or indictments have been issued relating to the event.
3) There is amongst the investigation team the belief that there is data on the phone, in the period of time since the last backup that might be relevant to the investigation and could lead to further arrests, or possibly link these two to additional terrorists or terrorist activities.
4) The FBI know that if they brute force the phone the data on the phone will be deleted/wiped after 10 incorrect passcode/pin/pattern unlock attempts. They want to examine the phone data.
5) The FBI are aware that the self destruct process is entirely functional in software, that is the firmware that runs the phone will enact the destruction of the data on the phone when the 10th failed password is executed.
6) The FBI have dug around and used an exceptionally old, massively broad law in the american legal code, to issue a writ to Apple requiring Apple to create an 'update' to the specific phone serial number to disable the self destruct code in order to allow the FBI to (either manually or mechanically) brute force the password on the phone. This functionality is specific to iPhones with a specific processor.
7) Quite some time has passed since the events in question. <it is relevant given some of the arguments we've seen both in this thread and on the general news>
8) Apple has publicly responded saying that they do NOT believe that they should do this, and called for an open discussion. (and man has there been some discussion)
My perspective is that the FBI has chosen a particularly emotionally bound legal event (Local US Muslim couple "radicalised" into jihad like actions), which will be unlikely to find any sympathy with the general US public in order to set a legal precedent to back up their demands for a disabling of effective and reliable encryption for the general public.
They've sadly done this rather well.
Tim Cook has responded to the request to have a one time only for this specific phone version of the firmware that does not include the self destruct code with a no. And I have to believe that this is the correct answer, Apple has no *choice* but to refuse to do this, since, in US law, this becomes a precedent that will be used in thousands, if not tens of thousands of cases in the future, and in fact will apply not just to Apple and phones but to any company that makes a device or software that uses or relies on encryption and automated data destruction functions to provide security and integrity to the users of those devices and software.
The law used in this case is very fragile in this particular context. <note hearsay> I've seen reasonably reliable commentary that there may be precedent for this law being used in this context </hearsay note> however there are far more relevant laws that could have been used. This indicates that Apple will have a fairly decent chance of walking away from this on solid legal ground, given the chance to argue in court.
That in itself sets a precedent.
There are as quite a few folks have indicated, several other possible methods of getting to the data. I believe that one of those methods will be undertaken, and will result in one particular set of data/facts being found that will lead to one or more additional arrests.
This pair of events will then become the lynch-pin of a legal framework for the legislation that will remove effective cryptography from the realm of public access in the United States.
I have to point out that *connection* -- meta data -- information for the phone comes from the telco that the phone is registered with - that meta data covers calls, SMS texts over the telco's own network, roaming data, and possibly some internet connectivity information, IF there was a data plan attached to the phone. They do *not* need to have the phone unlocked to find out who the fellow was talking to or texting. They *may* not need to have the phone unlocked to find out which websites he visited, or mail servers he communicated through.
Slippery slope? No my friends, this is far more than a slippery slope. No matter which way this particular sequence of events goes, there are consequences here that could be stunning human rights failures, for us and for many future generations.