SAN FRANCISCO – The government’s surprise decision to withdraw its case against Apple over the San Bernardino killer's iPhone adds uncertainty to criminal cases where state and local authorities have been confronted with more than 1,000 locked smartphones and other devices, blocking access to potential evidence, according to a survey of more than a dozen jurisdictions.
These locked devices are separate from the most high profile one: the iPhone used by Syed Farook, who with his wife, Tashfeen Malik, carried out the December mass shooting in San Bernardino that left 14 dead. In mid February, a California court had ordered Apple to aid the FBI in sidestepping the security function of that iPhone, an action resisted by Apple out of concerns creating new software would make all iPhones more vulnerable.
Monday afternoon the FBI announced it had been able to unlock the iPhone without Apple’s aid and did not need to move forward with its case. Magistrate Judge Sheri Pym vacated her Feb. 16 order on Tuesday afternoon.
Left unanswered is what Justice’s abandoned legal action means for the many other law enforcement agencies seeking assistance in unlocking encrypted iPhones, iPads and encrypted devices from other manufacturers.
“We were hoping this decision, which could have gone to the Supreme Court, would have been a road map and now it’s not,” said Stewart Baker, a partner in the Washington office of Steptoe & Johnson.
State and local investigators have been blocked from accessing the contents of the more than 1,000 devices because of their inability to bypass security functions similar to those encountered by the FBI in the San Bernardino case. Some of the local cases have been resolved even though possible evidence on the locked devices remained out of investigators' reach.
The data, gathered in part from queries by Manhattan District Attorney Cyrus Vance, indicate one of the largest number of locked phones seized in connection with criminal investigations has been amassed in New York. Vance has accumulated more than 200 blocked devices while the New York Police Department estimated that there are an additional “hundreds’’ in its possession.
Officials expect the number of cases in which law enforcement seeks to force Apple to assist it overriding its devices' built-in security to increase.
In Manhattan alone, Vance’s office says the number of criminal investigations where it has been unable to get data from Apple devices has risen to 205, out of a total 734 Apple devices received by the cyber lab for this borough of New York City between Oct. 2014 and Feb. 2016.
Vance told Congress last month he expects the number of cases in his office to rise dramatically because 94% of Apple devices feature the iOS 8 operating system or higher. Other local prosecutors face similar challenges, he testified.
“The overwhelming majority of criminal investigations stalled by default device encryption will remain so until Congress intervenes,” Vance said in a statement Tuesday.
In a statement on Monday, Apple said it would “continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.”
It is unclear whether the undisclosed technique used to gain access to the phone used by Farook can assist local authorities.
“The government has released so little information that it’s very hard to know what this means for other cases. We don’t know what types of phones and operating systems this new access technique works on, so we don’t know how it will affect other phones or devices,” said Kristen Eichensehr, a professor of cyber law at UCLA School of Law in Los Angeles.
But such an undertaking, if it is available, likely would be enormous and extend far beyond New York.
In Houston, the Harris County District Attorney’s Office reported that investigators turned up more than 100 encrypted devices last year, and have seized up to 10 per month so far in 2016, spokesman Jeff McShan said.
Of the estimated 800 mobile phones seized by the Charlotte-Mecklenburg Police Department each year, up to 20% have some type of encryption that prevents access, said spokesman Robert Tufano. He said Apple is not the only manufacturer with encryption that “prevents us from accessing phones.’’
“Investigators have just thrown up their hands in many cases, because they know that encryption has put potentially key evidence beyond their reach,’’ NYPD spokesman Peter Donald said.
“We have been working this issue for the past year,’’ said David LaBahn, president of the Association of Prosecuting Attorneys, adding that the group is attempting to amass a more comprehensive accounting of blocked phones.
The highest profile iPhone case aside from San Bernardino has been in Brooklyn. Government investigators have sought to compel Apple to help gain access to data on the iPhone of a suspect who pleaded guilty in a methamphetamine conspiracy.
District Court Judge Margo Brodie on Tuesday approved Apple’s motion for a delay in the case and gave Apple a new deadline of April 15 to respond to the government’s appeal of the magistrate judge’s order in Apple’s favor. She told the government it must notify the court by April 11 whether it intends to modify the appeal.
In a ruling on that case last month, Judge James Orenstein in New York’s Eastern District called the government's use of the All Writs Act too "expansive."
As the government had also used the All Writs Act in the San Bernardino case, law enforcement officials would have liked clarification on whether the Act can be used to force tech companies to help them get into locked devices. The 1789 law says that federal courts can require individuals to comply in cases that aren’t covered by existing law.
With the withdrawal of the San Bernardino case, no resolution is possible and it’s going to take time for the government to have such a strong case again, said David O'Brien, a senior researcher with the Berkman Center for Internet & Society at Harvard University.
According to some attorneys, the government’s actions have seriously weakened its credibility if it attempts to argue for compelling companies to help it in future cases. The Department of Justice spent a month saying Apple’s assistance was the only way it could get into the phone, and then suddenly said it wasn’t, said Scott Vernick, head of the data security and privacy practice at Fox Rothschild in Philadelphia.
“Now any other court is going to ask, ‘Really? Are you sure you need their help? That’s what you asked for last time and apparently you didn’t,’” Vernick said.
Contributing: Kevin McCoy from New York
Follow USA TODAY cybersecurity reporter Elizabeth Weise on Twitter @eweise