You might want to actually try reading the various news articles and other accounts. The owner of the phone is the county. It was the guy's work phone. And the county, the owner of the phone, has consented to the search of the phone.
I'm glad you brought that up. As the administrator of said phone, shouldn't they have done a better job of managing the device... including maintaining its security credentials?
It's disconcerting that Apple is taking the heat for this, instead of the responsible party.
The owner is dead. I guess that is giving support since he can’t refuse.
The owner is not dead. The iPhone in question is owned by San Bernardino County. It is the government issued work phone of the now dead terrorist. Questions are being raised as to why San Bernardino County officials don’t lock down their employee’s phones or have a county issued passcode that is synced to iCloud. I’m not familiar with Apple’s enterprise management software so maybe someone here can enlighten us as to whether it is possible to prevent an employee from changing the passcode.
This really isn't a 4th Amendment question. The FBI is operating well within those bounds in wanting to access the data on the phone. The search is reasonable and even has the support of the owner of the phone. It comes down to if Apple can be required/compelled to assist in those efforts, which would seem to fall more under freedom of speech (or in this case, freedom to refuse speech...in the form of computer code).
For those who are worried about their privacy should a tool be created which would allow brute for attacks on iPhones, the solution is simple. Use the alphanumeric passcode option and don't use a stupid password. And don't use Touch ID, either.
The owner is dead. I guess that is giving support since he can't refuse.
The tool requested by the FBI has nothing to do with TouchID since they requested it to be able to turn off the number of failed attempts before the data is erased. TouchID is simply another way of inputting the passcode using biometric fingerprint detection. The so-called news reports about a fingerprint workaround are all but bogus and Apple has continued to improve the security of using it with each new iPhone model as well as new versions of iOS.
By creating a software tool (which doesn't exist) the FBI is asking Apple to modify the security of the iPhone and iOS. The capability to erase the contents of the iPhone with failed attempts (as well as to remotely erase the data) was the subject of hearings and news conferences by lawmakers. They were the impetus for Apple to create the features in the first place. If Apple complies with the FBI what precedent will that set for future backdoor security tools? The leaders of other countries that have few privacy laws could use this as a case to compel Apple to create or use the FBI code to create additional security bypass tools. Once the hacker community is able to get this code they can and will exploit it. I am not convinced that the FBI is able to keep this tool secure and a one time use as they say.
A. The owner is not dead. A simple google search and watching tv for 3 minutes about this story will reveal the owner is the company he worked for (a.k.a. it was a company phone - not his personal phone) so the chances of them finding anything is bogus right there. What idiot would take the time to remove his laptop hard drive and throw it in a lake on the way to killing people then leave his work phone back home in plain sight for the reporters who got access to their apartment even before the FBI did? What idiot would put personal things on his business phone? Where's his REAL phone? Did they miss that in the lake? That said, he did turn off the iCloud on this phone the morning of the attacks. I'm guessing THATS what the FBI finds curious (as do I)
2. It was an iPhone 5c which did NOT have Touch ID. So there's no fingerprint scan to bypass.
When postng in in the future correct those two facts. That way the rest of your post will be more accurate. <GRIN>
The media siding with the government. Why am I not surprised.
its not just about this one phone. Are people really that naive to think once Apple does this they'll never be asked to do it again? Also can the government force a private company to create a product that currently doesn't exist in order to comply with a court order? What specific law gives the government that power?
The specific law in question is the All Writs Act. But like all government powers, it needs to have limits. This case will test those limits. I don't recall the exact scope of this act, but basically it stays that court orders have to be followed. If the court issues a warrant to search someone's apartment, the landlord is expected to cooperate and let them into the building. In this case, Apple as the landlord is a good analogy because, remember, the phone hardware may have been owned my someone else (in this case the shooter's employer) but the OS is owned by Apple...ah, there's that pesky "you don't own the software, you only have license to use it" issue rearing it's ugly head.
So can Apple be compelled to let the FBI into the building by disabling the 10 attempt limit for entering the password? They aren't being asked to unlock the apartment door. The FBI is going to use a battering ram for that (brute force attack). If I'm living in an apartment, I have no illusion that my landlord would refuse to obey a court order to let the police into my building to get to my door. If I'm concerned about the police breaking into my unit, I'm going to barricade the hell out of my door (aka, don't use the 4 or 6 digit pin numbers as passcodes to your phone and don't use Touch ID).
And while you are correct in expressing concern that "its not just about this one phone", the court order was written very specifically to only apply to this one phone. The FBI isn't asking for a key to every apartment building in the country. Despite what Tim Cook suggests in his public [relations] letter, the court order isn't asking for a back door to be created in the OS that is installed on every iPhone (but there are legislators asking for that). However, I believe it's unknown if there is a way to Apple to follow the court order while limiting its scope to just this one phone.
The real question, as you point out, is "can the government force a private company to create a product that currently doesn't exist." Is that violation of free speech, or in this case, the freedom to refuse speech (ie, write code)?
"In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.
The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement.
On Tuesday, the public got its first glimpse of what those efforts may look like when a federal judge ordered Apple to create a special tool for the FBI to bypass security protections on an iPhone 5c belonging to one of the shooters in the Dec. 2 terrorist attack in San Bernardino, California that killed 14 people. Apple Chief Executive Officer Tim Cook has vowed to fight the order, calling it a “chilling” demand that Apple “hack our own users and undermine decades of security advancements that protect our customers.” The order was not a direct outcome of the memo but is in line with the broader government strategy."
That was a news article from Bloomberg this morning.
The owner is dead. I guess that is giving support since he can't refuse.
You might want to actually try reading the various news articles and other accounts. The owner of the phone is the county. It was the guy's work phone. And the county, the owner of the phone, has consented to the search of the phone.
The county failed at the most basic level to properly manage and administer their own phones. Government screwup from A to Z.
"In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.
The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement.
On Tuesday, the public got its first glimpse of what those efforts may look like when a federal judge ordered Apple to create a special tool for the FBI to bypass security protections on an iPhone 5c belonging to one of the shooters in the Dec. 2 terrorist attack in San Bernardino, California that killed 14 people. Apple Chief Executive Officer Tim Cook has vowed to fight the order, calling it a “chilling” demand that Apple “hack our own users and undermine decades of security advancements that protect our customers.” The order was not a direct outcome of the memo but is in line with the broader government strategy."
That was a news article from Bloomberg this morning.
Our government does not represent the American people anymore. We are obviously considered the enemy and our constitutionally protected rights were the first victim.
Backdrop - once having concluded Apple is on track to developing the most advanced electric powertrain some have wished to be a bit more informed by creating a master key enabling them to tap Apple itself. As simple as that, you know the rest, Apple won't authorize anyone to such a ... deed. Apple's stance is the only viable, no masterkey to ignorant.
The owner is dead. I guess that is giving support since he can't refuse.
You might want to actually try reading the various news articles and other accounts. The owner of the phone is the county. It was the guy's work phone. And the county, the owner of the phone, has consented to the search of the phone.
And Apple already turned over the iCloud backup of the iPhone in question, complying with requests from law enforcement to provide everything they can within their power. In addition the government agency that owns this phone did not comply with their own standards of device management, and are themselves at fault for why this scumbag's information in question is not accessible. If those government low life's who were too lazy to do their job correctly simply did their job this would not be an issue.
You might want to actually try reading the various news articles and other accounts. The owner of the phone is the county. It was the guy's work phone. And the county, the owner of the phone, has consented to the search of the phone.
The county failed at the most basic level to properly manage and administer their own phones. Government screwup from A to Z.
Perhaps. I am entirely unfamiliar with whatever enterprise management tools Apple provides for managing groups of company owned iPhones. You are suggesting that there is a "company backdoor" to bypass the password that an employee uses to lock their phone. Many systems have such functions, often in the form of an administrative password reset function, usually used when someone forgets their password. What mechanism in Apple's enterprise management tools allow an employer to bypass the password on a user's phone?
Also, let's theorize that the phone was a personal phone owned by the shooter. I still don't believe we'd be talking about a violation of the 4th Amendment, which allows for reasonable searches. This particular case is a huge gift for the government's case because the facts clearly support the search as being reasonable and meeting the criteria set in the 4th Amendment. That the employer is the owner of the phone in question is simply convenient as it removes one layer of complexity. But I believe that layer would be trivial for any first year law student to argue their way through in any court in the land.
The county failed at the most basic level to properly manage and administer their own phones. Government screwup from A to Z.
Perhaps. I am entirely unfamiliar with whatever enterprise management tools Apple provides for managing groups of company owned iPhones. You are suggesting that there is a "company backdoor" to bypass the password that an employee uses to lock their phone. Many systems have such functions, often in the form of an administrative password reset function, usually used when someone forgets their password. What mechanism in Apple's enterprise management tools allow an employer to bypass the password on a user's phone?
Also, let's theorize that the phone was a personal phone owned by the shooter. I still don't believe we'd be talking about a violation of the 4th Amendment, which allows for reasonable searches. This particular case is a huge gift for the government's case because the facts clearly support the search as being reasonable and meeting the criteria set in the 4th Amendment. That the employer is the owner of the phone in question is simply convenient as it removes one layer of complexity. But I believe that layer would be trivial for any first year law student to argue their way through in any court in the land.
The "owner of the iPhone" is the county (and who are the owners of the county?), but the county doesn't "own" iOS. The only have a highly restricted license to use iOS and they have absolutely no right to the source code which was used to create iOS.
I I think one may safely assume our own government is doing everything in its power to get their claws into every secure component and secret Apple owns. Our government has become a criminal organization over time. They create the laws to reward their own and punish without hesitation any who challenge their authority. This isn't the Republic the states signed up for when the Constitution and Bill of Rights were created.
The media siding with the government. Why am I not surprised.
its not just about this one phone. Are people really that naive to think once Apple does this they'll never be asked to do it again? Also can the government force a private company to create a product that currently doesn't exist in order to comply with a court order? What specific law gives the government that power?
... And while you are correct in expressing concern that "its not just about this one phone", the court order was written very specifically to only apply to this one phone. T ...
The government wants Apple to create a tool to defeat the 10 attempt limit. Once that software is in their hands it can be used on ANY iPhone. So while they say "just this phone" it would actually apply to ALL phones from Apple.
For those who are worried about their privacy should a tool be created which would allow brute for attacks on iPhones, the solution is simple. Use the alphanumeric passcode option and don't use a stupid password. And don't use Touch ID, either.
Maybe you don't understand what this entails. This software will render ALL passwords moot, regardless of complexity. It furthermore sets a precedent legally with which the government can reference in the future when requesting even more invasive access and weakened encryption.
Most importantly, it does two other things.
First, criminals and foreign governments may be able to use the same software to overcome iOS security...compromising million of government and military phones, let alone civilians.
Second, it opens the market for foreign services providers to provide people with encryption software that is not bound by the US governments requirements yet may still have an unknown backdoor to foreign governments.
Perhaps. I am entirely unfamiliar with whatever enterprise management tools Apple provides for managing groups of company owned iPhones. You are suggesting that there is a "company backdoor" to bypass the password that an employee uses to lock their phone. Many systems have such functions, often in the form of an administrative password reset function, usually used when someone forgets their password. What mechanism in Apple's enterprise management tools allow an employer to bypass the password on a user's phone?
Also, let's theorize that the phone was a personal phone owned by the shooter. I still don't believe we'd be talking about a violation of the 4th Amendment, which allows for reasonable searches. This particular case is a huge gift for the government's case because the facts clearly support the search as being reasonable and meeting the criteria set in the 4th Amendment. That the employer is the owner of the phone in question is simply convenient as it removes one layer of complexity. But I believe that layer would be trivial for any first year law student to argue their way through in any court in the land.
The "owner of the iPhone" is the county (and who are the owners of the county?), but the county doesn't "own" iOS. The only have a highly restricted license to use iOS and they have absolutely no right to the source code which was used to create iOS.
How does that answer my question? You suggested that the county somehow failed and didn't properly manage their assets issued to employees to use when you said:
"The county failed at the most basic level to properly manage and administer their own phones."
This suggests that if the county had properly managed and administered their phones they could have already provided the FBI access. I was asking what administrative tool or function, if properly managed, would have allowed this?
Tim, Switzerland would be very welcoming to Apple, the offshore billions and all intellectual property owned by Apple. I understand they've been losing revenue from their famous watch industry and would be highly motivated to negotiate a mutually beneficial arrangement.
The owner is dead. I guess that is giving support since he can't refuse.
The tool requested by the FBI has nothing to do with TouchID since they requested it to be able to turn off the number of failed attempts before the data is erased. TouchID is simply another way of inputting the passcode using biometric fingerprint detection. The so-called news reports about a fingerprint workaround are all but bogus and Apple has continued to improve the security of using it with each new iPhone model as well as new versions of iOS.
By creating a software tool (which doesn't exist) the FBI is asking Apple to modify the security of the iPhone and iOS. The capability to erase the contents of the iPhone with failed attempts (as well as to remotely erase the data) was the subject of hearings and news conferences by lawmakers. They were the impetus for Apple to create the features in the first place. If Apple complies with the FBI what precedent will that set for future backdoor security tools? The leaders of other countries that have few privacy laws could use this as a case to compel Apple to create or use the FBI code to create additional security bypass tools. Once the hacker community is able to get this code they can and will exploit it. I am not convinced that the FBI is able to keep this tool secure and a one time use as they say.
A. The owner is not dead. A simple google search and watching tv for 3 minutes about this story will reveal the owner is the company he worked for (a.k.a. it was a company phone - not his personal phone) so the chances of them finding anything is bogus right there. What idiot would take the time to remove his laptop hard drive and throw it in a lake on the way to killing people then leave his work phone back home in plain sight for the reporters who got access to their apartment even before the FBI did? What idiot would put personal things on his business phone? Where's his REAL phone? Did they miss that in the lake? That said, he did turn off the iCloud on this phone the morning of the attacks. I'm guessing THATS what the FBI finds curious (as do I)
2. It was an iPhone 5c which did NOT have Touch ID. So there's no fingerprint scan to bypass.
When postng in in the future correct those two facts. That way the rest of your post will be more accurate. <GRIN>
joseph
I was fully aware that the iPhone in this case is the 5c which doesn't have the TouchID feature. My comments were about the suggestion to turn off TouchID as a means to control access. If you read my post I didn't say that the iPhone in question had TouchID.
I just turned on the TV for 3 minutes and didn't get any information about the owner of the iPhone <GRIN>. As you suggested I did a Google search and was educated about the county being the owner.
I will make sure that I correct the fact about the owner. I have made other posts on other article discussions that state that is the case.
I'm so glad that you have taken on the personal role of fact checking postings. Are you one of those spelling checkers too? Since you didn't comment on the rest of my post I can only assume that you don't give a shit about the privacy issues of this case.
... And while you are correct in expressing concern that "its not just about this one phone", the court order was written very specifically to only apply to this one phone. T ...
The government wants Apple to create a tool to defeat the 10 attempt limit. Once that software is in their hands it can be used on ANY iPhone. So while they say "just this phone" it would actually apply to ALL phones from Apple.
Do we know for a fact that it's not possible to create a method which would affect only a specific phone? Yes, that method would be repeatable; but it doesn't necessarily mean that the method itself has to be in the hands of the government. Regardless, the courts don't (shouldn't) deal with hypothetical future cases.
And to be clear, I'm not on the side of the government...not on anyone's side, really. Just trying to add to the conversation without the emotion and paranoia often associated with topics like this. If I look at this from a purely practical standpoint, Apple itself has done far more to promote easy access to our iPhones by the authorities when it comes to the vast majority of Americans. What's more likely? That the authorities specifically target you and gain possession of your iPhone and spend enormous resources to brute force crack it after Apple has removed the 10 attempt limit? Or that some joe-bag-of-donuts local cop takes possession of your iPhone during a route traffic stop and "compels" you to place your finger on the Touch ID sensor to unlock your phone? You have the choice to not use Touch ID. You also have the choice to not use a weak 4-digit pin to lock your phone. You can use an alphanumeric passcode which could render the FBI's request to remove the 10 attempt limit irrelevant.
For those who are worried about their privacy should a tool be created which would allow brute for attacks on iPhones, the solution is simple. Use the alphanumeric passcode option and don't use a stupid password. And don't use Touch ID, either.
Maybe you don't understand what this entails. This software will render ALL passwords moot, regardless of complexity. It furthermore sets a precedent legally with which the government can reference in the future when requesting even more invasive access and weakened encryption.
I agree with the second point, which is why this is a very important case.
But to your first point, you clearly have insider knowledge about how this hypothetical software would work. Please share!
As I understand it (and willing to be corrected if a source can be cited), the court order is only asking that the 10 attempt limit be removed. The FBI would still need to execute a brute for attack on the password to gain access to the data. This would be trivial in the case of a 4 digit numerical pin. Even the 6-digit numerical pin would be trivial to crack with a brute force attack. But if you use the alphanumeric passcode option it would take significant time and resources to crack.
So I disagree with your claim that "this software would render all passwords moot" and stand by my original point that if you using Touch ID or a 4-digit pin you clearly don't really care about your privacy.
Comments
2. It was an iPhone 5c which did NOT have Touch ID. So there's no fingerprint scan to bypass.
When postng in in the future correct those two facts. That way the rest of your post will be more accurate. <GRIN>
joseph
So can Apple be compelled to let the FBI into the building by disabling the 10 attempt limit for entering the password? They aren't being asked to unlock the apartment door. The FBI is going to use a battering ram for that (brute force attack). If I'm living in an apartment, I have no illusion that my landlord would refuse to obey a court order to let the police into my building to get to my door. If I'm concerned about the police breaking into my unit, I'm going to barricade the hell out of my door (aka, don't use the 4 or 6 digit pin numbers as passcodes to your phone and don't use Touch ID).
And while you are correct in expressing concern that "its not just about this one phone", the court order was written very specifically to only apply to this one phone. The FBI isn't asking for a key to every apartment building in the country. Despite what Tim Cook suggests in his public [relations] letter, the court order isn't asking for a back door to be created in the OS that is installed on every iPhone (but there are legislators asking for that). However, I believe it's unknown if there is a way to Apple to follow the court order while limiting its scope to just this one phone.
The real question, as you point out, is "can the government force a private company to create a product that currently doesn't exist." Is that violation of free speech, or in this case, the freedom to refuse speech (ie, write code)?
"In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.
The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement.
On Tuesday, the public got its first glimpse of what those efforts may look like when a federal judge ordered Apple to create a special tool for the FBI to bypass security protections on an iPhone 5c belonging to one of the shooters in the Dec. 2 terrorist attack in San Bernardino, California that killed 14 people. Apple Chief Executive Officer Tim Cook has vowed to fight the order, calling it a “chilling” demand that Apple “hack our own users and undermine decades of security advancements that protect our customers.” The order was not a direct outcome of the memo but is in line with the broader government strategy."
That was a news article from Bloomberg this morning.
Also, let's theorize that the phone was a personal phone owned by the shooter. I still don't believe we'd be talking about a violation of the 4th Amendment, which allows for reasonable searches. This particular case is a huge gift for the government's case because the facts clearly support the search as being reasonable and meeting the criteria set in the 4th Amendment. That the employer is the owner of the phone in question is simply convenient as it removes one layer of complexity. But I believe that layer would be trivial for any first year law student to argue their way through in any court in the land.
I I think one may safely assume our own government is doing everything in its power to get their claws into every secure component and secret Apple owns. Our government has become a criminal organization over time. They create the laws to reward their own and punish without hesitation any who challenge their authority. This isn't the Republic the states signed up for when the Constitution and Bill of Rights were created.
Most importantly, it does two other things.
First, criminals and foreign governments may be able to use the same software to overcome iOS security...compromising million of government and military phones, let alone civilians.
Second, it opens the market for foreign services providers to provide people with encryption software that is not bound by the US governments requirements yet may still have an unknown backdoor to foreign governments.
"The county failed at the most basic level to properly manage and administer their own phones."
This suggests that if the county had properly managed and administered their phones they could have already provided the FBI access. I was asking what administrative tool or function, if properly managed, would have allowed this?
I just turned on the TV for 3 minutes and didn't get any information about the owner of the iPhone <GRIN>. As you suggested I did a Google search and was educated about the county being the owner.
I will make sure that I correct the fact about the owner. I have made other posts on other article discussions that state that is the case.
I'm so glad that you have taken on the personal role of fact checking postings. Are you one of those spelling checkers too? Since you didn't comment on the rest of my post I can only assume that you don't give a shit about the privacy issues of this case.
bob
Do we know for a fact that it's not possible to create a method which would affect only a specific phone? Yes, that method would be repeatable; but it doesn't necessarily mean that the method itself has to be in the hands of the government. Regardless, the courts don't (shouldn't) deal with hypothetical future cases.
And to be clear, I'm not on the side of the government...not on anyone's side, really. Just trying to add to the conversation without the emotion and paranoia often associated with topics like this. If I look at this from a purely practical standpoint, Apple itself has done far more to promote easy access to our iPhones by the authorities when it comes to the vast majority of Americans. What's more likely? That the authorities specifically target you and gain possession of your iPhone and spend enormous resources to brute force crack it after Apple has removed the 10 attempt limit? Or that some joe-bag-of-donuts local cop takes possession of your iPhone during a route traffic stop and "compels" you to place your finger on the Touch ID sensor to unlock your phone? You have the choice to not use Touch ID. You also have the choice to not use a weak 4-digit pin to lock your phone. You can use an alphanumeric passcode which could render the FBI's request to remove the 10 attempt limit irrelevant.
But to your first point, you clearly have insider knowledge about how this hypothetical software would work. Please share!
As I understand it (and willing to be corrected if a source can be cited), the court order is only asking that the 10 attempt limit be removed. The FBI would still need to execute a brute for attack on the password to gain access to the data. This would be trivial in the case of a 4 digit numerical pin. Even the 6-digit numerical pin would be trivial to crack with a brute force attack. But if you use the alphanumeric passcode option it would take significant time and resources to crack.
So I disagree with your claim that "this software would render all passwords moot" and stand by my original point that if you using Touch ID or a 4-digit pin you clearly don't really care about your privacy.
Man where have you been don't you read, it doesn't have touch id it's a 5c!!