Apple: Terrorist's Apple ID Password Changed In Government Custody (buzzfeed.com) 435
An anonymous reader writes: The Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn't happened, Apple said, a backup of the information the government was seeking may have been accessible.
Had that password not been changed, the executives said, the government would not need to demand the company create a 'backdoor' to access the iPhone used by Syed Rizwan Farook, who died in a shootout with law enforcement after a terror attack in California that killed 14 people. The Department of Justice filed a motion to compel the company to do that earlier Friday.
Had that password not been changed, the executives said, the government would not need to demand the company create a 'backdoor' to access the iPhone used by Syed Rizwan Farook, who died in a shootout with law enforcement after a terror attack in California that killed 14 people. The Department of Justice filed a motion to compel the company to do that earlier Friday.
Not sure I understand this. (Score:5, Insightful)
I understand that the government can issue a warrant, completely in the spirit of the 4th amendment. However, how can they "deputize" or force independent individuals/organizations to do their bidding?
Re:Not sure I understand this. (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
How many more people would complain if this had happened ten years ago, under a 'different president, hmmm? There's no point in bringing up our rights. Most people are perfectly okay with it... If you don't believe me, just watch the TV on the 8th of November. It will be all laid out in living color. 98% will vote against Apple...
Re: (Score:2)
I'm not saying it's right or wrong, but I can see that there is a case to be made.
Re: Not sure I understand this. (Score:3, Insightful)
Subpoenas are good for compelling the production of evidence that the recipient actually possesses...by any account, Apple does not actually possess the evidence requested. The subpoena, on its face, should fail.
The problem is that we now have SCOTUS precedent where the government can compel individuals to do anything requested or face a punitive tax. All the Administration has to do is create a "make us a back door or pay a $10M per day" tax, and Apple will cave. Unintended consequences of Obamacare.
Re: (Score:2, Troll)
All the Administration has to do is create a "make us a back door or pay a $10M per day" tax, and Apple will cave. Unintended consequences of Obamacare.
More like Imagined consequences as a result of a too tight tinfoil hat. You can argue about obamacare legitmately, but this is not how.
Re: (Score:3, Interesting)
A 10 million dollar daily fine would only be about $25 per iPhone sold. I would pay an extra $25 to know my phone is uncrackable.
Re: Not sure I understand this. (Score:4, Interesting)
Those that funded the attack on ACA, if they really were constitutional purists, should have picked a better test case, ACA is effectively a head tax levied by the state and paid to the feds (explicitly legal, and how much of the taxes went for many years). The only "new" thing was having people pay the insurance "tax" to the private company directly, or the federal government. Worded right, it's not a problem.
But the feds ordering Apple to make something or get taxed is different, and would likely fail. And ACA isn't a precedent making that legal, but the legal hurdles for it may be harder now because the incompetent and trigger happy ACA haters have a similar case where an arguably similar thing was legal. Blame the ACA haters for bringing a poor suit and losing it. That's what set the precedent. ACA didn't set a precedent at all.
Re: (Score:2)
$10M/day? Snooze. It'd take Apple years and years to feel that :-O
Re:Not sure I understand this. (Score:5, Interesting)
It's not a subpoena. It's a writ of assistance. These... don't have the best history on this continent.
Re:Not sure I understand this. (Score:5, Insightful)
Re: (Score:3)
They can be force to PRODUCE evidence they have on hand. They cannot be forced to CREATE tools to assist the govt. in their investigation.
Re:Not sure I understand this. (Score:5, Insightful)
This is what people do not get. This order is asking Apple to create a new operating system that can be loaded onto the phone as an update, but that has no security features so the FBI can look at the phone.
Whether this is even possible is debatable, however it will be expensive, both in terms of resources needed and in terms of harm of Apple's name.
I guess for some definition it is a PR stunt, because Apple does not want to destroy their image of having a good product.
Re: Not sure I understand this. (Score:3, Insightful)
Bullshit. The government is asking Apple to create new software. Code is speech and as such is protectes by the first amendment.
Were it not any jackass court in the land could force you to stand in the street corner yelling I hate niggers.
Apple can give them the signing key and the FBI/cia/NSA can go write their own damn firmware after they fuck themselves
Re: Not sure I understand this. (Score:4, Insightful)
Mod parent up. If the FBI are so damn confident the 256-bit AES key can be bruteforced, they can damn well do it themselves.
Re: (Score:3)
at 1,000,000 attempts a second, that would take 3.6818303e+63 years to break it.
Good luck with that, FBI.
Re: (Score:3)
Re: (Score:3, Informative)
Re:Not sure I understand this. (Score:5, Insightful)
What kind of horseshit retard post is this?
The refusal is not a PR stunt. Publishing an open letter may be, but it's not one that can possibly be used as any kind of justification arguing against their behavior -- it's not marketing for increased sales as much as it is an appeal for attention to an injustice which they might be compelled to accept with the full force of the US Federal Government. It's a PR stunt anyone reading this website should be grateful for, so that this injustice and the US government's despicable behavior can be properly viewed by American citizens.
having been presented with a valid warrant
They have very obviously been helping the FBI with their investigation. They have complied with all warrants, and have probably volunteered more information than they needed to. What they have not complied with is a judicial writ ordering them to compromise the integrity of their operating systems. Stop spreading FUD, retard.
If they're hoping to appeal a 225 year old statute as unconstitutional with a 4-4 SCOTUS, umm... Good luck with that.
The most unbelievable horseshit retarded thing in your post. There is not a "4-4 SCOTUS", there is a SCOTUS, and the overwhelming majority of cases they decide are unaninmous or near unaninmous. Why on earth you would think that the perceived political affiliations of the SCOTUS would overrule their jurisprudence and good sense, let alone why you think this would matter more because the statue is old, is unbelievably fucking retarded. What do either of those have to do with anything? Why would Apple shrug and just give up because an old man died?
Seriously hoping I fell for a troll here, because your childish understanding of our legal and political system, and how you present it as having shaped your opinions on what to do, is un-fucking-believable.
Re:Not sure I understand this. (Score:5, Insightful)
Except that the All Writs Act doesn't grant the power to issue other rulings as warrants. It just allows judges to issue rulings generally that are otherwise legal, without requiring a new law to be passed to allow for each specific ruling a judge might have to make. This is normally used at the end of a civil case for a judge to order some sort of resolution, restitution, or punishment.
It is not otherwise legal for search warrant to compel the creation of new speech, and make no mistake: software is legally speech. A search warrant is for the collection of existing evidence, not for the creation of new speech, or even the creation of new physical objects except where they are copies of information that is evidence.
There is no reason to think that the All Writs Act would have to be thrown out for the courts to smack this over-reach down. And that is most obvious result, because US courts do not appreciate the government asking them to compel speech.
The plot thickens... (Score:5, Insightful)
This whole charade smells of the government abusing this one request to make precedent for future requests.
Re:The plot thickens... (Score:5, Interesting)
I thought that was obvious. But this little detail would present the government in a VERY bad light. To put this in perspective, that change in password would make anything found on the phone inadmissible in any trial as it indicates the chain of custody was broken.
It will be interesting to see how the judge reacts to Apple's revelation that the only reason the government is locked out of the phone is because the government changed the password.
Re: (Score:3, Informative)
I thought that was obvious. But this little detail would present the government in a VERY bad light. To put this in perspective, that change in password would make anything found on the phone inadmissible in any trial as it indicates the chain of custody was broken.
It will be interesting to see how the judge reacts to Apple's revelation that the only reason the government is locked out of the phone is because the government changed the password.
The health department might have changed the password as part of their security protocol when an employer-issued smartphone has been lost, stolen, or the employee no longer works for the organisation. Maybe the FBI changed the password. Apple should be able to retrieve the IP address from their log files unless they use SystemD.
Re: (Score:3)
And Apple doesn't use SystemD. They use LaunchD. Duh.
Of course not. If Apple had used systemD, then I am quite sure the government wouldn't need Apples help[ breaking in.
Re:The plot thickens... (Score:5, Informative)
To put this in perspective, that change in password would make anything found on the phone inadmissible in any trial as it indicates the chain of custody was broken.
And you would fail the bar exam. The password change would allow the opposing side (presumably defense) to challenge the validity and source of whatever information was obtained, but it would still be admitted so that the court (judge and/or jury) can decide how much it should be trusted [wikipedia.org]. Think about a person running from the cops who throws a bag during the chase, and after catching him, go back and find the bag. What they find in the bag is still admissible even though it was out of the suspect's and the police's custody for a period of time. Even if a passerby picked it up and took it, then the police later came and asked if he had it, and he gave it to them, it would still be admissible. The defense would try to argue it could have been tampered with, but would likely lose (barring some evidence of tampering or that the second person had a known grudge against the suspect).
Re: (Score:3, Informative)
Neither of the bar exams I took had much in the way of evidence questions, and the few that existed tended to be criminal procedure-related (exclusionary rule and so on), not foundation and authenticity. Even if there were some questions about foundation and authenticity, there certainly weren't enough to cause you to fail the bar exam if you got them wrong. I'm also not convinced you're substantively right. Perhaps your particular jurisdiction allows you to enter prosecution exhibits into evidence without
Re: The plot thickens... (Score:3)
It would render the evidence inadmissible because a chain of custody implies that there was no tampering going on (sealed, signed and locked up) the minute the cops got their hands on it. If you can get a sworn statement from Apple that the Feds altered anything on the phone after the suspect was arrested then the argument would go that they could've planted anything and any lawyer worth their salt would get the evidence thrown out.
Re: (Score:2)
The data on the phone likely won't be used to charge any individual. Bear in mind that the person who possessed the phone is already dead. The data on the phone is valuable for further investigation, not for an open case.
Re: (Score:3)
All data on the phone is suspect because it's been altered. From an intelligence perspective (as in CIA) something you found on the phone is corroborated by other sources it might be of value but it as a sole source couldn't be trusted and anything it revealed would need to be corroborated by at least 2 independent sources (it could have been tampered with to make an otherwise single source of data appear more valid).
But this is the FBI doing the investigation and the only reason they want to look at the "e
Re: (Score:3, Interesting)
I am not a legal scholar but I am a curios onlooker. I've not yet read all the documentation concerning this case and not all of it has come to light.
However, I have a question. Who, specifically, has been charged with an offense at this time? If the answer is nobody, and if there is no specific defending party - at this time, then by what authority does the court issue this writ?
I do not know. If they're doing a post-mortem trial, what authority does that have in the US? Have they actually followed the pro
Re:The plot thickens... (Score:4, Informative)
To put this in perspective, that change in password would make anything found on the phone inadmissible in any trial as it indicates the chain of custody was broken.
No, it was the iCloud password that was changed, not the password for the phone. Had that not been changed, the Apple engineers who were assisting the FBI would likely have been able to get the phone to sync to iCloud, which may or may not have provided evidence, depending on the phone settings.
Details matter, even when talking about evidence custody chains. ;)
Also, real world evidence handling is not as strict as represented by the CSI shows, and in this case whatever mishandling was done was not done by the prosecutors. When the prosecutors mishandle evidence, it gets thrown out as a punishment to the prosecutors and a brake on abuse. That is what the "fruit of the poison tree" is all about; punishing prosecutors for ignoring processes and procedures that were put in place to prevent legal abuses that were common in the pre-Constitution period. It is not done out of a broad belief that any evidence that went out of sight after a crime is inadmissible. That would be silly; a murder weapon might change hands numerous times on the black market before being recovered by law enforcement. It is still evidence. In this case some moron from IT at the County level did something bad, not the prosecutors. The person doesn't even work in law enforcement, they work in the health department. The Court isn't going to punish the prosecutors for the mistake of the health worker, so instead the Court would look at if the evidence has a real flaw; is there a reasonable accusation that it was altered, either by the health worker or by Apple? The Court would not worry about a chain of evidence here; that would cover the handling of the evidence after it was collected by law enforcement or prosecutors. This would be before that, so they would look at the material details of any accusation of tampering.
Also, the user of the phone is dead, and so not a suspect. This would be used against other speculative suspects, and so those people wouldn't be able to ask the court to throw it out based on prosecutorial misconduct that happened before they were a suspect. There wouldn't be anybody with standing to make that complaint. They could only challenge it by a material claim that there was a real problem, not just that the procedure hadn't been followed, unless the failure to follow procedure happened later in the process. This is similar to the situation where the police do a warrantless search of your friend, find evidence against you, but your "friend" refuses to challenge the search. Oops, too bad, you can't challenge it for him, and the evidence will be admitted. That happens a lot in drug cases, actually.
Re:The plot thickens... (Score:4, Informative)
I suppose this is a futile effort here on Slashdot, but maybe perhaps reading the FBI's court brief might answer/allay some of the "smell" of the charade (way to murder a metaphor, m8)
https://assets.documentcloud.org/documents/2716011/Apple-iPhone-Access-MOTION-to-COMPEL.txt
https://assets.documentcloud.org/documents/2716011/Apple-iPhone-Access-MOTION-to-COMPEL.pdf
Moreover, contrary to Apple's recent public statement that the
assistance ordered by the Court “could be used over and over again,
on any number of devices” and that “[t]he government is asking Apple
to hack our own users," the Order is tailored for and limited to this
particular phone. And the Order will facilitate only the FBI's efforts to search the phone; it does not require Apple to conduct the search or access any content on the phone. Nor is compliance with
the Order a threat to other users of Apple products. Apple may
maintain custody of the software, destroy it after its purpose under
the Order has been served, refuse to disseminate it outside of Apple,
and make clear to the world that it does not apply to other devices
or users without lawful court orders. As such, compliance with the
Order presents no danger for any other phone and is not “the
equivalent of a master key, capable of opening hundreds of millions
of locks.”
Re: The plot thickens... (Score:2, Insightful)
Did the FBI agree to let Apple keep custody of the phone while the custom OS is on it? If the FBI gets unsupervised access to the phone -- or even a complete image of its storage, which they probably want -- they would presumably get a copy of the custom OS beyond Apple's reach.
Re:The plot thickens... (Score:5, Insightful)
I suppose this is a futile effort here on Slashdot, but maybe perhaps reading the FBI's court brief might answer/allay some of the "smell" of the charade (way to murder a metaphor, m8)
https://assets.documentcloud.org/documents/2716011/Apple-iPhone-Access-MOTION-to-COMPEL.txt
https://assets.documentcloud.o... [documentcloud.org]
Moreover, contrary to Apple's recent public statement that the .....
assistance ordered by the Court “could be used over and over again,
on any number of devices” and that “[t]he government is asking Apple
to hack our own users," the Order is tailored for and limited to this
particular phone.
Yesm It is important to note that this court and this writ does not ask for access to all phones
with a magic key. However it does establish a service that other courts (domestic and
international) can compel.
i.e. having demonstrated your ability that this is possible ... we also demand the same service
in pursuit of the issues before this (different?) court.
i.e. having demonstrated your ability we demand you price and deliver such a service for
our internal investigation into suspected illegal affairs by the estranged spouse of, the
priest accused of, the child suspected of taking a selfie photo that qualifies as child
pornography.
Because this is a court order there is only complying.
It is clear that this is the first phone.... many more cases will demand such a service.
Re:The plot thickens... (Score:5, Interesting)
This whole charade smells of the government abusing this one request to make precedent for future requests.
I have to admit... I've been wondering if this whole charade is related to some sort of parallel reconstruction attempt; as in the NSA has figured out how to break AES 256 but doesn't want to publicize that fact.
Re: The plot thickens... (Score:4, Informative)
Please just stop. You're coming off like a 7th grader trying to fake an understanding of neurosurgery after spending 5 minutes googling stuff.
FDE encryption takes place beneath the file layer, at the block level (it's far more effective and secure than file level encryption could ever be.)
XTS doesn't split anything. XTS is essentially an improved version CBC (which is to say block chaining) made necessary by modern large storage devices.
I hope you didn't stumble across one of those anti XTS articles that are still floating around and take it at its word because it sounded technical. Those have been soundly and repeatedly refuted and trashed by those who actually know what they're talking about.
A little googling, in the wrong hands, can be a dangerous thing. OTOH this is slashdot, so you're right at home.
The parent poster didn't say anything about whether it's per-file or block level encryption.
And he's right about XTS keys, to get 128 bit AES, you need a 256 bit XTS key:
https://en.wikipedia.org/wiki/... [wikipedia.org]
XTS makes use of two different keys, usually generated by splitting the supplied block cipher's key in half, without adding any additional security, but complicating the process.[13] According to this source, the reason for this seems to be rooted in a misinterpretation of the original XEX-paper.[7] Because of the splitting, users wanting AES 256 and AES 128 encryption will need to choose key sizes of 512 bits and 256 bits respectively.
Well, THAT'S interesting. (Score:5, Interesting)
They have somebody on the inside to mess with it? Chain of custody for evidence in major federal incidents is usually watertight specifically to avoid this kind of thing.
Re: (Score:2)
Re: (Score:3)
I doubt it will be used in court considering the owner of the phone is dead.
The OWNER of the phone was the place where he worked. It was "company issued" not his own device.
The owner of the device has given consent to search the device. But they don't have the PIN. The dead man had that.
Re: (Score:3, Informative)
The owner of the phone was the County of San Bernardino and it was them that changed the iCloud password as part of their IT security procedures. All of Farook's work accounts were secured by password resets.
Re: (Score:2)
Irrelevant, call records are already available from the wireless carrier on demand with a valid warrant.
Call records, yes. Unfortunately, in our app-centric world, call records only help to a limited extent if the users are savvy, which it seems like these were.
Re: (Score:2)
I'm also curious to know how Apple can tell that a phone's password has been changed.
A password change on the iPhone would change the password for the linked iCloud account and get recorded as a log entry on Apple servers.
Re: (Score:2)
The PIN to unlock the phone and the password for the iCloud account are two different things.
Re: (Score:2)
It was changed by aliens on the grassy knoll.
Wait, are you trying to say that an anonymous Slashdot commenter might not be a reliable source? You must have gone to college. Maybe I
Re:Well, THAT'S interesting. (Score:5, Informative)
which again leaves me wondering about the relevance of not being able to back it up to the cloud.
The idea was that they could bring the iPhone back into range of a WiFi network it already knows (e.g. the WiFi network at the terrorists' condo) and within a day or two it would do another automatic cloud backup.
Once that completed, Apple (and therefore the government) would have access to that backup, and therefore could try to break the backup's encryption via brute force without triggering the 10-attempt-failure auto-erase that is present on the phone.
However, since the password was changed, it seems that now the phone will be unable to initiate a backup without someone logging in to the phone first.
Re: Well, THAT'S interesting. (Score:2)
Perhaps the password is used to encrypt the backup, on OS X at least there is a Keychain which when you change your password renders the keychain inoperable until you enter the old password. The keychain does contain the public/private keys for things like iCloud access (which amongst other things uses IPSec). When you change the password remotely, the old keys may be wiped and the new ones will not sync up to Apple until the user logs in again with the new password.
Was this guy really a terrorist? (Score:4, Interesting)
Re:Was this guy really a terrorist? (Score:5, Informative)
There were two shooters, and they had documented terrorism involvement prior to this, once the investigation traced back far enough.
Most people don't bring their wives with them to help with "random and impulsive" workplace shootings, or set up a bomb factory in their garage weeks / months ahead of time.
Re: (Score:3)
...they had documented terrorism involvement prior to this...
I've heard it claimed that they openly expressed support for ISIS, but I also know that was refuted by the FBI [thehill.com]. I haven't followed this closely, but I've not heard of any other claims directly linking them to a particular terrorist group or terrorist activity, and I can't find any such claims that haven't already been refuted.
Do you have a source for the above claim?
Re: (Score:2)
Re:Was this guy really a terrorist? (Score:5, Insightful)
Was this guy really a terrorist? or just a asshat nutcase?
All terrorists are just asshat nutcases. They are only criminals with guns and bombs and slightly weirder motivations than most other criminals with guns and bombs.
There is no such thing as a terrorist, as a legal distinction. There are military combatants and there are civilians. If a civilian plants a bomb, he's still a civilian. He's just a criminal civilian. If a civilian shoots a bunch of people with an automatic weapon, he's still a civilian. He's just a criminal civilian. If a civilian gets together with a bunch of his buddies and plants bombs and shoots a bunch of people with automatic weapons, he's still just a civilian.
We even have a name for that. We call them mobsters.
Attempting to create terrorism as a legal distinction is stupid twice. Once because you're playing in to their narrative, giving them far more credence than they deserve, and twice because it's being used to foment fear and trample rights here at home. One is cowardly, the other treasonous.
Taliban, Al Queda, blah blah, these are just mobs. Organized crime. Treat them as such.
You're oversimplifying it (Score:5, Insightful)
There's two distinct classes there. You can't do much about the mentally ill except watch out for them and give them what help our science has. For the destitute you can stop oppressing them. We do horrible, horrible things to people in the middle east. We do worse to folks in South America. These people don't hate our freedom, they hate what we've done to them. Isis aren't terrorists. They're a bunch of men with no jobs and no wives. I suspect the shooter in San Bernadino was severely mentally ill.
Given a chance most people will choose honesty if their brain chemistry allows it. That's why the Mob eventually got busted. Rather than rail on against them as criminals start asking why they turned to crime in the first place. Start getting at root causes and the real social distortions that take what started out as a young boy and turn him into a killer ready to throw it all away.
Re: (Score:2)
I can see how that'd lead to misunderstanding - most of us know it already has.
Re: (Score:3)
And that information, if it exists, is most likely not on that phone. They had burner phones so why would they turn around and put valuable information like that on their work phones?
Someone at the health Dept knows the password... (Score:3, Funny)
Might I suggest Enhanced interrogation for the entire health department, I hear it is still legal.
tampering with evidence (Score:3, Insightful)
So apple can show that the iPhone was tampered with after the government took possession. Well that makes the information on the phone totally suspect.
That to me shows there is no reason to decrypt the phone as nothing on it can be trusted to be authentic any more.
For example, highly paranoid version,
Did the CIA get someone to re-image the phone and plant false information.
Re:tampering with evidence (Score:5, Insightful)
9. Apples refusal doesn't have jack to do with user privacy concerns it is all about Apple's bottom line.
The two are one-and-the-same. If users find that their privacy is not respected, then they will buy products from another company.
That is, it is a smart business move on Apple's part.
Exit process for terminated employees (Score:5, Insightful)
This phone belonged to the place where this guy worked. So when he murdered a bunch of people, I am sure HR started a process to terminate his network access and revoke his use of things like this phone, in part by changing the passwords.
He may have died in a shower of bullets but god damn it Sally in HR was gonna cross every T and dot every i on that termination form!
employers can have their own back doors (Score:4, Informative)
On iOS your employer can put a certificate on your device that allows them to get into the device they loan you.
Too bad they didn't do it, HR could have gotten the FBI in.
Re: (Score:2)
Re: (Score:2)
Hahahahaha, sounds entirely plausible!
Enrique Marguez (Score:5, Informative)
The FBI arrested the guy that supplied the guns used in the shooting. He is currently charged with providing material support to terrorists, which means they need to find evidence that he provided the weapons with the intent to support this particular attack. Otherwise they probably only can push weapons-related charges.
As he was buddies with the owner of the iPhone, odds are all they evidence they want against this guy is on that phone.
Re: (Score:3)
Cool, can we charge Senator Peter King with that? He sent money to the IRA to buy semtex explosives from Libya FFS.
http://en.wikipedia.org/wiki/Peter_T._King#Support_for_the_IRA
How about Oliver North, now one of the people running the NRA, who sent weapons to Hezbolla, including anti-tank weapons that were supposed to be too secret to sold to US allies?
It's really funny to hear both of them go on about terrorism as if they had not been en
Password change was by San Bernadino county (Score:5, Informative)
http://www.politico.com/f/?id=... [politico.com]
DOJ filing, page 18, footnote 7.
(credit: https://twitter.com/grimmelm/s... [twitter.com] on twitter)
Re:Password change was by San Bernadino county (Score:4, Informative)
Someone's already going under the bus for it:
http://abcnews.go.com/US/san-b... [go.com]
If an employee changed this... (Score:2)
Re: (Score:2)
then why not just ask that employee what they changed it to?
Exactly. If IT changed the password, they must know the new password.
Re: (Score:2)
Re: (Score:3)
iCloud password != phone passcode. That's like changing your email password and expecting your ATM card PIN number to change too.
It's getting ridiculous (Score:5, Insightful)
Re:It's getting ridiculous (Score:5, Insightful)
Re: (Score:3)
But if you can't tell someone "no" when they request your services, they own you.
So if the cops can subpoena you to produce documents, or compel you to testify, then they own you?
Forcing you to produce documents you already have, or to testify are _limited_ powers, written into law, and there are various safeguards such as the 5th and the right to argue that cost of compliance is an undue burden, or to seek recompense.
This writ implies that the cops also have the power to force you to _create_ new documents, or, essentially, to do anything they want. It is not clear that there would be any limits on this power, which in itself implies that the lawmakers did not intend it that way,
Go ahead, Apple (Score:2)
Help the FBI out. Write them their little app and let them crack the iPhone. Even though it appears that this is just an exercise in making you jump when the Justice Department whistles.
Then, go back to the drawing board and, between an OS patch and maybe some more secure hardware, fix it so that your back door program never works on a new phone.
Is this unreasonable search? (Score:2)
4th Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." -- Cornell Legal Information Institute [cornell.edu]
If the search is reasonable, I'm not seeing the hangup.
It's nice to have an unbreakable lockbox against anyone, even the NSA
Not a 4th Amendment issue, per se. (Score:5, Insightful)
I don't think you've got the issue here quite right. There's a couple reasons to believe that the 4th Amendment is not applicable in this case. The user of the phone is dead, so a lot of his privacy and autonomy interests are nullified now. He has no papers or effects that belong to him because he's a legal non-person. At best you could argue a chilling effect for other iPhone users -- and that's a pretty good argument. But thing this wasn't even his phone, it belonged to his employer. So while I think the 4th should be applied to phones owned or leased by living users, if the employer has no objection to the government searching the phone I don't see how the 4th applies in this case.
I've heard two serious issues actually raised, namely (1) that what the government is asking Apple to do is bad for the privacy of Apple's customers and (2) that the government has overstepped its authority in what it can compel Apple to do. This isn't a case of Apple sharing documents it has access to with the government, in fact Apple has already done that; the government is in effect asking Apple to develop a new tool that will give it easy access to any iPhone, any time, not just this one.
Aside from the fact that if Apple did it's job well (what are the chances?) developing this tool should be non-trivial, in absence of some kind of established oversight mechanism for using such toolsk the public shouldn't be too keen on letting the government have them.
Security flaws in iOS? (Score:3)
So there are 4 security flaws in the "encrypted" iCloud backups?
Re:Really ??? (Score:5, Interesting)
A known way around the encryption, if you backup to iCloud, is to reset the password on the iCloud account and restore the iCloud backup to a new device.
Re: (Score:2)
A known way around the encryption, if you backup to iCloud, is to reset the password on the iCloud account and restore the iCloud backup to a new device.
From what I read, the iCloud backup — which Apple provided to the FBI — was a month old prior to the attack.
Re: (Score:2)
The article says that Apple sent engineers to get the iPhone to connect to a known Wi-Fi network "and triggering an iCloud backup." It doesn't say if they were hoping it would do it on its own or if they had a method to trigger the backup.
Re: (Score:2)
Re: (Score:2)
"The Apple senior executives also pushed back on the government’s arguments that Apple’s actions were a marketing ploy, saying they were instead based on their love for the country and desire not to see civil liberties tossed aside."
Would you believe "love of their country" as a motivation for any large organization, including government agencies?
Re: (Score:2, Informative)
Re: (Score:3)
That's all they are asking for.
They didn't ASK for it, however, they had an unlawful order issued for it.
Apple could have helped them, perhaps, if they asked for it, but Apple has a civic duty to fight the unlawful order, lest it become a precedent for further abuses.
Re: (Score:2)
You forget that the phone is locked and likely there are trip-wires resulting in key-deletion on at least some attacks. That alone makes any updates very much non-trivial.
Re: (Score:2)
Re:Government Geniuses (aka Military Intelligence) (Score:4, Insightful)
If the US govt can force them to do it, the Chinese govt can force them to do it. And so on.
Re: (Score:2)
Re:what changed? permanent policy needed (Score:5, Informative)
Asked why the company is pushing back so hard against this particular FBI request when it has assisted the agency in the past, Apple executives noted that the San Bernadino case is fundamentally different from others in which it was involved. Apple has never before been asked to build an entirely new version of its iOS operating system designed to disable iPhone security measures.
Re: (Score:2)
does that mean they would have complied with government request, if it was easy to do as in previous cases?
as i said , apple should clearly articulate the principles on which it is basing its policy, instead of deciding case by case ( based on what seems to be variety of other factors )
Re: (Score:2)
Re: (Score:3)
They do articulate their policies regarding warrants and other such requests on their privacy policy pages. This goes beyond a warrant for data, however. This is a writ compelling them to build a malicious version of their own OS that is designed to compromise the system's own security. That's a far cry from delivering data you already have on hand, and Apple already pushes back on quite a few of those, based on the stats they publish.
Re: (Score:2)
what changed?
The claim is that the security scheme used in the phones has changed.
Re: (Score:2)
Apple has over $200 Billion in cash. They problably made a million in the time it took you to write your post. Money is a meaningless incentive to them (as well as a meaningless impediment to doing what was asked).
No. The reason Apple makes so much money is because many believe the
set of devices and software services provided by Apple are sufficiently secure.
If Apple caves... entire markets will look for other options.
Sure, at one level this is about money.
The writ compels Apple to develop and provide a service and
business Apple does not want to be in. A service that risks their
cash generation services in fact.
Re: (Score:2)
If Apple caves... entire markets will look for other options.
I don't think that's quite true. If Apple caves, most people won't care, since most people think the government has a right to search an ex-terrorist's cell phone, and most people won't consider the implications.
The scenario where the shit hits the fan for Apple is some months or years later, when the technique Apple provided the government to unlock the phone somehow escapes into the wild, and suddenly every iPhone is easy game for hackers and identify thieves.
That's when Apple's ability to sell cell phon
Re: (Score:2)
So he had an accomplice of some type?
Yes, his employer's IT department.
Re: (Score:2)
Only if the phone was on the air. That is the first thing any halfway competent forensics person stops. You can too, a tin-can is enough. Of course, in the future, we will see phones that wipe themselves after a while in that state. It is really pathetic that ordinary citizens need to think about protecting themselves from the government again. Have they learned absolutely nothing from history?
Re: (Score:2)
That is actually pretty standard. Do not expect that to be better with any other brand that offers cloud backup.
Re: (Score:3)
Is there any reason why Apple can't at least change the guys password? Then restore the backup to a new iPhone using the same account?
No need. Apple has handed over the complete backup to the FBI. But it is an _old_ backup.
If someone hadn't changed the iCloud password, the locked phone could be convinced to perform a backup. That's what iPhones do all the time; they perform backups while you are not using the phone. And then Apple could have easily delivered that backup with the latest data to the FBI.
br. But because the iCloud password was changed, the phone doesn't know the correct iCloud password and can't back up. And because you
Re: (Score:3)
So how come they do not just accept what ever the hell iCloud password comes from the phone as the correct password, so that it can do the backup. You have the phone, you can create a sealed room with the phone in it, so it can talk to your pretend tower and communicate with the pretend iCloud and have it's password accepted and you are done.
All they can ask for is the build details, which Apple should supply and from there on in, it is the FBIs problem to solve.
Reality is when any technological device