Earlier, I told you that the FBI isn’t telling the truth when it says there’s no way it can unlock the San Bernardino shooter’s iPhone without Apple’s help. It would involve a long and tedious process that could fry the memory card, but it can be done without forcing Apple to create a backdoor for the phone. Well, it turns out this flap could have been avoided altogether if Farouk’s bosses at the San Bernardino County Health Department required their employees to install an app that would have allowed that phone to be unlocked painlessly and remotely.
Reuters learned that many San Bernardino County departments require their employees to install a mobile-device management app made by mobile security firm MobileIron. The software is intended to secure corporate data, and makes it possible to remotely unlock phones without the user’s help–even when IT personnel don’t have access to the phone’s password. The county health department would have been well within its rights to require Farouk, an environmental health inspector, to install this app. After all, his iPhone 5c was county property.
MobileIron vice president of strategy Ojas Roge told Reuters that if Farouk’s iPhone had MobileIron’s device management app installed, “the county’s IT department could unlock it.” However, county spokesman David Wert said that the county health department didn’t use MobileIron. He did say, however, that in light of this tragedy, county officials may take a fresh look at that policy.
The significance of this? San Bernardino County readily allowed the FBI to search Farouk’s phone. Had MobileIron been installed on that phone, either the county IT department or the FBI’s forensic team could have easily unlocked the phone–most likely without Apple’s help. Had all departments been required to put that app on employees’ iPhones, the FBI would have long since acquired the information it wanted about what Farouk was doing in the weeks before the attack. In other words, this would have never turned into a flap over privacy rights in the first place.
Theoretically, Farouk could have simply deleted the app before he began planning the shooting. However, according to mobile security experts, such a move would have raised a red flag with his bosses. As any government worker knows, most online communications on government-owned devices are subject to public records laws.
Apple has been under fire from conservatives ever since declaring that it would fight a court order to bypass the encryption on Farouk’s phone. But if San Bernardino County had taken what seems to be a common-sense step to ensure compliance with public-records laws, we wouldn’t even be having this discussion. After all, a side benefit of that app would have been that it would have made it a lot easier to get answers for the families without getting into a flap over government potentially sticking its nose where it doesn’t belong.