The head of the F.B.I. acknowledged on Tuesday that his agency lost a chance to capture data from the iPhone used by one of the San Bernardino attackers when it ordered that his password to the online storage service iCloud be reset shortly after the rampage.
“There was a mistake made in the 24 hours after the attack,” James B. Comey Jr., the director of the F.B.I., told lawmakers at a hearing on the government’s attempt to force Apple to help “unlock” the iPhone.
F.B.I. personnel apparently believed that by resetting the iCloud password, they could get access to information stored on the iPhone. Instead, the change had the opposite effect — locking them out and eliminating other means of getting in.
While some lawmakers voiced support for Apple’s privacy concerns, others attacked the company’s position, saying it threatened to deprive the authorities of evidence in critical cases involving newer iPhones.
“We’re going to create evidence-free zones?” asked Representative Trey Gowdy, a South Carolina Republican who once served as a federal prosecutor. “Am I missing something?”
“How the hell you can’t access a phone, I just find baffling,” he said.
Bruce Sewell, Apple’s general counsel, told committee members that the F.B.I.’s demand for technical help to unlock Mr. Farook’s iPhone 5c “would set a dangerous precedent for government intrusion on the privacy and safety of its citizens.” Apple has said that in many cases investigators have other means to gain access to crucial information, and in some instances it has turned over data stored in iCloud.
Mr. Sewell reacted angrily to the Justice Department’s suggestion that Apple’s branding and marketing strategy was driving its resistance to helping the F.B.I., an assertion that he said made his “blood boil.”
“We don’t put up billboards that market our security,” he said. “We do this because we think protecting security and privacy of hundreds of millions of iPhones is the right thing to do.”
F.B.I. officials say that encrypted data in Mr. Farook’s phone and its GPS system may hold vital clues about where he and his wife, Tashfeen Malik, traveled in the 18 minutes after the shootings, and about whom they might have contacted beforehand. While investigators believe that the couple was “inspired” by the Islamic State, they have not found evidence that they had contact with any extremists overseas.
A judge last month ordered Apple to develop software that would disable security mechanisms on Mr. Farook’s phone so that the F.B.I. could try multiple passwords to unlock the phone through a “brute force” attack, without destroying any data. Once the systems were disabled, it would take only about 26 minutes to find the correct password, Mr. Comey said.
He rejected an idea expressed by several lawmakers that the F.B.I. was trying to force Apple to build a “back door” to decrypt its own security features. He used a different analogy to explain the government’s demands.
“There’s already a door on that iPhone,” Mr. Comey said. “Essentially, we’re saying to Apple ‘take the vicious guard dog away and let us pick the lock.’ ”
But the F.B.I. did not help its case with lawmakers when Mr. Comey acknowledged the mistake of changing the iCloud password.
When the dispute over Mr. Farook’s iPhone erupted two weeks ago, the Justice Department blamed technicians at San Bernardino County, which employed Mr. Farook as an environmental health specialist and which owned the phone he used. But county officials said their technicians had changed the password only “at the F.B.I.’s request.”
Mr. Comey acknowledged at the hearing that the F.B.I. had directed the county to change the password.
Mr. Sewell, the Apple lawyer, explained to the committee that before F.B.I. officials ordered the password reset, Apple first wanted them to try to connect the phone to a “known” Wi-Fi connection that Mr. Farook had used. Doing so might have recovered information saved to the phone since October, when it was last connected to iCloud.
“The very information that the F.B.I. is seeking would have been available, and we could have pulled it down from the cloud,” he said.
The F.B.I.’s handling of the password change drew criticism from both Democrats and Republicans at the hearing.
“If the F.B.I. hadn’t instructed San Bernardino County to change the password to the iCloud account, all this would have been unnecessary, and you would have had that information,” said Representative Jerrold Nadler, Democrat of New York.
Mr. Gowdy leveled a similar criticism during the more than two and a half hours of testimony from Mr. Comey.
“With all due respect to the F.B.I., they didn’t do what Apple had suggested they do in order to retrieve the data, correct?” Mr. Gowdy asked the director. “I mean, when they went to change the password, that kind of screwed things up, did it not?”
But Mr. Comey said that even if the F.B.I. had not mishandled the password, he did not think the bureau could have gotten everything it wanted from the phone and would still have needed Apple to help disable the security features in the phone.
“We would still be in litigation,” he said, “because the experts tell me there’s no way we would have gotten everything off the phone from a backup.”
Mr. Comey stressed that the fight with Apple was about trying to get as much information as possible about the San Bernardino attack — not about gaining a powerful law enforcement tool elsewhere.
But when he was asked whether the F.B.I. would seek to unlock other encrypted phones if it prevailed in the San Bernardino case, he responded, “Of course.”
In the audience were relatives of a Louisiana woman, Brittney Mills, who was shot to death at her doorstep last year when she was about eight months pregnant.
Mr. Comey said the data in her phone could help investigators determine whether she was shot by someone she knew, but they had been unable to break the passcode.