"I'm not sure you can draw the conclusion that Apple can push OS updates to a locked phone."
The iphone contains a sim card.
A sim card is a complete, general purpose computer with its own CPU and RAM and the ability to run arbitrary java programs that can be uploaded, without your knowledge by your carrier.
You are owned. Deeply, profoundly, in ways that you have no way to manage/mitigate.
The real question, for me, is why authorities are dealing with Apple at all and not just working with the carriers who have proven to be their trusted allies.
You are owned. Deeply, profoundly, in ways that you have no way to manage/mitigate.
The international legal framework of sovereignty basically says you are owned. (Not universally de jure, but pretty much de facto.) Whatever rights you have are effectively granted to you by your country. Unfortunately, this notion is seldom given any thought, and the current most visible proponents of such an idea are unpleasant angry underclass men using it as an excuse to behave badly. There are others who have given thought to this, however, and it is part of the motivation behind such things as The Universal Declaration of Human Rights.
I think the answer to your question is embedded in your assumption: that updating the SIM card would be sufficient to recover data from this iPhone.
In my experience, law enforcement does not make their own jobs harder on purpose. If there is an easy way to get that data, they would use that way to get it.
Is there a list of sensibly built phones available? I'd like to buy a phone where the modem and SIM do not have access to main memory (AIUI most phones use a single-chip SoC with a built-in modem).
Main memory is rarely encrypted, unless you have special security features in your CPU to do so. Only the disk is encrypted; main memory is vulnerable while running. Also see https://en.wikipedia.org/wiki/Cold_boot_attack
So you don't want any hardware to have access to main memory if it doesn't need to. For instance, you can use an IOMMU to ensure that devices can only access the specific areas the OS wants to allow them to DMA to/from, not all of memory.
I'd guess "security by obscurity". Just because they have the device rooted via SIM card doesn't mean they have available a signed build of a multi-gigabyte OS with most security libraries expunged.
I want to disclaim that this is pure speculation. I have no insider knowledge or indeed any particular familiarity with the institutions in question.
The FBI may want this authority and this precedent and think that this is a good chance to get it. They may say, "Well, the San Bernadino case is a high-profile case that may sway people, including judges, who would otherwise be less inclined to back our request. Who knows when the next nationally-publicized case will be in which the likely perpetrator carries an iPhone?" They may also believe that the current political climate is good for their case.
And they probably also believe that there's no harm in trying. If the courts rule against them, they haven't lost anything. If the courts rule for them, they get a brand new tool.
A sim card gets to send messages to the baseband in response to requests from the baseband. It doesn't have arbitrary memory access unless the baseband has really nasty bugs.
The iphone contains a sim card.
A sim card is a complete, general purpose computer with its own CPU and RAM and the ability to run arbitrary java programs that can be uploaded, without your knowledge by your carrier.
You are owned. Deeply, profoundly, in ways that you have no way to manage/mitigate.
The real question, for me, is why authorities are dealing with Apple at all and not just working with the carriers who have proven to be their trusted allies.