Texas Rangers have obtained a search warrant for the contents of a blood-splattered iPhone SE belonging to gunman Devin Kelley who killed 26 people in a murder-suicide at a church.
Over the weekend, the US state's cops served the Cupertino phone-flinger a warrant demanding photos, messages and other potential evidence on Kelley's iPhone as well as those stored on its associated iCloud account. Investigators also have a warrant to extract data stored on Kelley's second handset, an LG flip-phone. He was named as the shooter in the November 5 Sutherland Springs mass-murder.
Specifically, the cops want all the messages, calls, social media passwords, contacts, photos, videos and other data since January 1, 2016, from the bloodied iPhone and iCloud account.
At this point it is not known if the files sought can all be pulled from backups held in the iCloud account, or if some will need to be obtained directly from the iPhone. Using iCloud for backups is optional.
The iPhone SE has a fingerprint sensor – so the dead man's fingertips could be used to log into the device – however, it is now too late to use prints: a passcode must be entered after several hours have passed without a login.
Since the iPhone cannot be unlocked, and its file system is likely encrypted, Apple will be needed to find a way to extract and decrypt the data within, just like it was ordered to do in the San Bernardino murder case in California. In that investigation, Apple refused to comply with the government's demands that it assist g-men in physically accessing the contents of a killer's iPhone 5C.
The distinction between what is in the cloud and what is kept locally on the phone is important to make, as Apple maintains a policy of handing over data stored on its cloud service to agents and cops who show up armed with a warrant, while getting info from a locked and encrypted device itself is a far more complex and contentious issue.
Evidence ... Kelley's bloodied iPhone SE after the killer blew his brains out (Source: Court records)
Should investigators be unable to get the files from the iCloud backups, Apple could once again find itself battling a court order to hack into the handset to give officials access.
Last year, such an order was issued for an iPhone owned by one of San Bernardino shooters, prompting Apple to refuse the order on the grounds it would spark days of bad publicity, er, sorry, jeopardize the security of all its handsets and set a terrible precedent. The FBI eventually found a secret means to forcibly unlock the phone.
Now, with another iPhone at the heart of a mass-shooting tragedy, it is widely expected authorities will once again demand that Apple, somehow, open up a secured iThing.
In this case, the battle could be the catalyst to give law enforcement agencies backdoor access to break encryption in any device on demand – something privacy and security advocates alike have strongly opposed.
Apple declined to comment. ®