The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county. Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.
Hey - here's an unrelated question. I have an iPhone protected by the Activation Lock feature. Nobody has my Apple ID password. What happens if I die unexpectedly? If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID? Will Apple disable the Activation Lock upon presentation of a death certificate?
1) True about obtaining a used iPhone - but the county owns the phone and did not obtain a used iPhone. It's a county-owned phone for work, the user had no expectation of privacy, and the data belongs to the county. The county should have had some MDM system to control this. The issue at hand is not whether the government has the right to access the data - of course they do and for multiple reasons. The issue is whether Apple can be forced to develop a tool to circumvent the device security. Would not even have come up if the county had used MDM.
2) Good question. There is probably a way to do this. Plenty of folks die without disclosing their password to their next of kin - must be a lot of folks just forgetting the passwords. I suppose it would be bad form to use the finger of the deceased at an open casket funeral to unlock the phone.
The county has no right to the data on the phone. They probably monitored much of it in transit via web-proxy and email server - at least while on the corporate network - but as you said - if they cared about the data on the phone itself - they would have used an MDM solution from Airwartch, Radia or any of the less popular MDM solutions. By choosing NOT to use MDM and by allowing end users to configure their devices with a personal account - they have given up any right they may have had to the data residing on the phone. I'm not sure the employer ever had the legal right to ALL of the data on the phone anyhow - particular the location tracking that may have occurred outside of work hours. Different companies have different policies regarding personal use of employer provided computers and mobile devices. If this employer allowed personal use, would that mean they are entitled to all the Facebook messenger conversations that were cached on the device because you installed the app?
The iPhone is locked by a passcode that is combined with a hardware key built into each iPhone at manufacture. This hardware key is randomly generated and encoded into the silicon inside each iPhone AND IS NOT KNOWN EVEN TO APPLE. So to unencrypt data on an iPhone, you need the user passcode and the hardware key, which exists only in the phone's hardware.
To decrypt the data on an iPhone you need to enter the password ON THAT IPHONE so that the password gets combined with that iPhone's hardware encryption key. Taking the data off the phone and trying to decrypt it elsewhere won't work because you won't have the hardware key portion of the combined encryption key.
So you need to enter each password guess into the iPhone you are trying to unlock. And the iPhone has a security feature that wipes all the data in the phone after ten consecutive incorrect password attempts. This feature is what makes a simple four digit passcode such a strong security measure. Without that feature, it would be a simple process to manually sit there and try one password after another until you went through all 10,000 combinations. The FBI, or a school kid with a couple extra days on his hands, could break into any iPhone. But if the phone erases itself after ten unsuccessful password tries, then you won't dare even try to unlock it, as you'll have only a 10 in 10,000 chance of guessing the correct password and the consequences of that tenth incorrect guess is that you'll lose the data you're after.
The FBI is demanding that Apple remove this security feature so that they can simply brute-force the password. 10,000 tries, even if done manually, wouldn't take very long. Of course, they are also asking for two additional weaknesses. One is to allow passwords to be sent to the phone electronically (wirelessly). That would save time over manually sitting there trying one after another passcode. And the other is to remove a delay the software inserts between passcode attempts, so that it could blast passcodes at the phone at a very fast clip. You'd ask for these two additional weaknesses only if you are planning on turning this into a tool for law enforcement to use over and over. So that puts the lie to the FBI's stance that they want this only for this one time.
Apple is not being asked to use any method they want to just get the data. Apple is being demanded to build a forensic tool for law enforcement's repeated use. Apple, and those of us knowledgable about this sort of thing, knows that this tool will need to be maintained and documented, and submitted into evidence to be inspected by defense attorney experts, because defense attorneys will want to be certain that the tool does not modify the evidence it makes available. This is how the tool will get out into the wild, and when it does then none of us will have any security unless we install additional encryption software on top of the operating system. Which criminals and terrorists will immediately do, leaving them safe from law enforcement search while leaving the vast majority of casual users open to those same terrorists infiltrating their phones and grabbing their bank account passwords, etc.
Law enforcement will solve a few more crimes, committed by unwitting criminals who didn't think to add additional encryption on top of the weakened encryption in the operating system.
Casual users like you and me and your kids and wife will be more subject to snooping by hackers, some of which will be working for the fund-raising departments of terror organizations.
Terrorists will hold up this incident and the fallout from it as a major victory in their attempts to weaken and manipulate free society.
A couple more points:
1. Passcode being sent electronically does not necessarily mean wirelessly. Could be a wired keypad or wired device acting as a keypad. Apple currently only allows passcode entry via the on-screen keypad, thus they would have to further modify the iOS software to allow passcode entry via a wired or wireless device.
2. To make the changes to the chipsets inside an iPhone Apple has to 'flash the ROMs' by sending a 'signed' update using Apple's secret electronic signature. Normally this occurs via 'Software Update' where the user has to manually enter their passcode to authorize the download and install process. Apple Store Genius Bar employees USED TO be able to do this for a customer without entering the passcode by putting the iPhone into a 'factory mode' and updating the software while wired to a Mac/Mac Server. What people forget is that doing this erases the iPhone (on purpose) after which the customer must now set up the phone and download their saved data via iCloud or from their own computer via iTunes. The FBI wants a version of iOS that will install the modified iOS and NOT erase the data. THIS IS THE BIG BUGABOO! If Apple does this (which I'm sure they could because they have excellent engineers and coders) AND if this revised, less secure software gets into the wild, which it will under our current court system, then criminals and other nefarious entities will have a means to 'break' any iPhone, causing an immediate increase in stolen iPhones, AGAIN. We already went through this with high thefts rates in NYC, San Francisco and L.A. With the mayors of those cities threatening to sue Apple and others for NOT having their phones more secure! Now NYC wants Apple to make their phones less secure, reverting back to a time when thefts (and muggings and deaths) were rampant!
3. If Apple does build this forensic tool and does perform the work for law enforcement, they become a de facto 'agent of the state' for which other countries can now use as an excuse to ban Apple products, particularly iPhones, from their countries. Basically, the ruination of Apple as their products can no longer be trusted to be secure. Already there are proposals in the U.S. to ban any phone without a 'back door' for law enforcement (and spy agencies), and France is proposing heavy fines for not assisting their security agencies, and other are proposing to ban phone without heavy encryption. So what is a company to do? Make the same phone with different iOS software for different countries? If they do that, then the one's wanting 'secure' phones will purchase their phones from countries demanding security and not purchase phone sold in the USA. Like I said, the end of iPhone sales and the decline of Apple as an entity.
I'm sure others can add other very plausible scenarios to what I wrote above.
Amazing how two completely technologically ignorant socialites can be given so much air time. This is the true flaw of democracy - that everyone is entitled to their opinion - and it's this very flaw that is destroying democracy. Well, what remains of it in the US.
Good-bye Constitution. You had a good run, Amendments.
This is gettting more and more offensive; Lies upon lies upon lies upon lies. The utter incompetence of the god damn FBI got them there; it's not Apple's task to reassemble a device after it has been smashed to bits. "customer service call".... They fracking already did all that. Can't believe the shit she's peddling.
She knows she's lying and just telling it with god damn straight face too. She has no fucking clues about anything technical and weirdly enough she has no clue about the legal implications of this too (or she doesn't give a shit).
[quote]First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead.[/quote]
The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county. Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.
Hey - here's an unrelated question. I have an iPhone protected by the Activation Lock feature. Nobody has my Apple ID password. What happens if I die unexpectedly? If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID? Will Apple disable the Activation Lock upon presentation of a death certificate?
Newer iPhones have Touch-ID. Its very likely you will still have your fingers when you're dead.
[quote]First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead.[/quote]
The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county. Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.
Hey - here's an unrelated question. I have an iPhone protected by the Activation Lock feature. Nobody has my Apple ID password. What happens if I die unexpectedly? If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID? Will Apple disable the Activation Lock upon presentation of a death certificate?
If the owner of the phone, in this case the Government agency, that hired this terrorists that the U.S. Government let into this country want into Employee's phones, they should have been using MDM software installed on their phones!!! Then they could have gotten right in, and the Government could have snooped all they wanted. It's not Apple's job to create new software to get around security measures. This lie about being one phone is just that, a LIE!!! Why it keeps being repeated is a joke. I'm sure the Government thinks it'll work. Repeat a lie enough times and most people will believe it.
If you lose, or can't remember your passcode, it's not Apple's job to break into your own, even IF you're the owner. If you're memory is that bad, don't passlock your phone or keep the code in your safe or something.
I was going to add, that Smart people leave their Passcodes in their Will or Locked in a safe where family members can get into. I know my Dad's Passwords. If you use LastPass, you can set a Passcode where you say you need 4 out of 8 people with a code, which any 4 of the 8, or 5 out of 10, or whatever you have it set can then get into your Password Vault. Your friends or family aren't going to try to gain access when you're alive. This is how LastPass decided to set it up. Again, any company can setup MDM software on their business owned Android or iPhones which allows them to gain access when the person leaves or is fired, etc!!! It's not Apple's problem that the business was too cheap to do it. Apple can no longer get into phones. That all changed with iOS8 and newer.
[quote]First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead.[/quote]
The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county. Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.
Hey - here's an unrelated question. I have an iPhone protected by the Activation Lock feature. Nobody has my Apple ID password. What happens if I die unexpectedly? If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID? Will Apple disable the Activation Lock upon presentation of a death certificate?
Newer iPhones have Touch-ID. Its very likely you will still have your fingers when you're dead.
TouchID is supposed to only work on living fingers. Once dead, the body's chemistry changes making all newer fingerprint sensors not function properly. Dead people's fingerprints can be scanned and used to identify them but the sensors in TouchID are supposed to be able to distinguish between live and dead and faked fingerprints. People who want to challenge Apple's TouchID system will show you "real" bypassing of the system but these are always done under perfect conditions without our knowledge of how many times it took to get a successful attempt. Same issues apply with number of attempts. If the phone was turned off, it requires the passcode before it puts TouchID back into effect.
So if somehow Apple is forced to do this (which I hope isn't the case), can I ask Apple to create a operating system on my phone that causes my phone to overheat and catch fire if someone is trying to unlock my phone? There is not reason to ask Apple to provide either iOS solution.
If the government succeeds in getting a bill passed that forces technology companies to create back doors then all computer and smartphone manufacturers should be banned from advertising their devices as secure. There should be a disclaimer sticker on the face of every device stating that the government can access your data at any time without your knowledge or consent. But then most of the people I know with smartphones walk around without passcode locks in the first place. They say it’s too inconvenient to unlock the device every time they want to use it. Of course those same people then demand that their bank or credit card company make things right when they get their identities stolen. That is the stupidity of the modern American.
The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county. Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.
Hey - here's an unrelated question. I have an iPhone protected by the Activation Lock feature. Nobody has my Apple ID password. What happens if I die unexpectedly? If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID? Will Apple disable the Activation Lock upon presentation of a death certificate?
1) True about obtaining a used iPhone - but the county owns the phone and did not obtain a used iPhone. It's a county-owned phone for work, the user had no expectation of privacy, and the data belongs to the county. The county should have had some MDM system to control this. The issue at hand is not whether the government has the right to access the data - of course they do and for multiple reasons. The issue is whether Apple can be forced to develop a tool to circumvent the device security. Would not even have come up if the county had used MDM.
2) Good question. There is probably a way to do this. Plenty of folks die without disclosing their password to their next of kin - must be a lot of folks just forgetting the passwords. I suppose it would be bad form to use the finger of the deceased at an open casket funeral to unlock the phone.
Even if you could do item 2, you still cannot change the passcode via fingerprint. That has to be done via the touch keyboard. Also, if the iPhone was ever turned off, then back on, Touch ID is not active until the passcode has been entered.
If the owner of the phone, in this case the Government agency, that hired this terrorists that the U.S. Government let into this country want into Employee's phones, they should have been using MDM software installed on their phones!!! Then they could have gotten right in, and the Government could have snooped all they wanted. It's not Apple's job to create new software to get around security measures. This lie about being one phone is just that, a LIE!!! Why it keeps being repeated is a joke. I'm sure the Government thinks it'll work. Repeat a lie enough times and most people will believe it.
If you lose, or can't remember your passcode, it's not Apple's job to break into your own, even IF you're the owner. If you're memory is that bad, don't passlock your phone or keep the code in your safe or something.
I was going to add, that Smart people leave their Passcodes in their Will or Locked in a safe where family members can get into. I know my Dad's Passwords. If you use LastPass, you can set a Passcode where you say you need 4 out of 8 people with a code, which any 4 of the 8, or 5 out of 10, or whatever you have it set can then get into your Password Vault. Your friends or family aren't going to try to gain access when you're alive. This is how LastPass decided to set it up. Again, any company can setup MDM software on their business owned Android or iPhones which allows them to gain access when the person leaves or is fired, etc!!! It's not Apple's problem that the business was too cheap to do it. Apple can no longer get into phones. That all changed with iOS8 and newer.
Things get sticky when dealing with the DOJ. If your Dad was on trial, he doesn't have to divulge his passcode or passwords (maybe). Since you know them, you might be ordered to turn them over because you don't have the same 5th amendment rights. Putting your passwords into any encrypted application of storage device can protect them, that is until the government figures out a way to force you to divulge those passwords regardless of whether you/we have any current rights not to.
As for MDM software, and this is for everyone else who says the San Bernardino County should have been using it, it's been reported by other San Bernardino County employees that they were using MDM software and everyone knew they were and knew they didn't own any of the data on the phones they were using so they "never" used them for personal use. If you've ever worked for any respectable government agency, you've signed documents accepting the conditions of use. I know I had to sign them. What I don't understand about their MDM software, and the (stupid) FBI decision to tell the County to change the passcode or AppleID, is what they actually changed and how they changed it. If the MDM software they were using was installed and configured properly, they wouldn't have needed to change anything, they could have used their admin account to unlock the phone or at least had it perform a backup to the County's servers. I still don't understand why they were backing up an MDM-managed phone to iCloud instead of to the MDM server.
The iPhone is locked by a passcode that is combined with a hardware key built into each iPhone at manufacture. This hardware key is randomly generated and encoded into the silicon inside each iPhone AND IS NOT KNOWN EVEN TO APPLE. So to unencrypt data on an iPhone, you need the user passcode and the hardware key, which exists only in the phone's hardware.
To decrypt the data on an iPhone you need to enter the password ON THAT IPHONE so that the password gets combined with that iPhone's hardware encryption key. Taking the data off the phone and trying to decrypt it elsewhere won't work because you won't have the hardware key portion of the combined encryption key.
So you need to enter each password guess into the iPhone you are trying to unlock. And the iPhone has a security feature that wipes all the data in the phone after ten consecutive incorrect password attempts. This feature is what makes a simple four digit passcode such a strong security measure. Without that feature, it would be a simple process to manually sit there and try one password after another until you went through all 10,000 combinations. The FBI, or a school kid with a couple extra days on his hands, could break into any iPhone. But if the phone erases itself after ten unsuccessful password tries, then you won't dare even try to unlock it, as you'll have only a 10 in 10,000 chance of guessing the correct password and the consequences of that tenth incorrect guess is that you'll lose the data you're after.
The FBI is demanding that Apple remove this security feature so that they can simply brute-force the password. 10,000 tries, even if done manually, wouldn't take very long. Of course, they are also asking for two additional weaknesses. One is to allow passwords to be sent to the phone electronically (wirelessly). That would save time over manually sitting there trying one after another passcode. And the other is to remove a delay the software inserts between passcode attempts, so that it could blast passcodes at the phone at a very fast clip. You'd ask for these two additional weaknesses only if you are planning on turning this into a tool for law enforcement to use over and over. So that puts the lie to the FBI's stance that they want this only for this one time.
Apple is not being asked to use any method they want to just get the data. Apple is being demanded to build a forensic tool for law enforcement's repeated use. Apple, and those of us knowledgable about this sort of thing, knows that this tool will need to be maintained and documented, and submitted into evidence to be inspected by defense attorney experts, because defense attorneys will want to be certain that the tool does not modify the evidence it makes available. This is how the tool will get out into the wild, and when it does then none of us will have any security unless we install additional encryption software on top of the operating system. Which criminals and terrorists will immediately do, leaving them safe from law enforcement search while leaving the vast majority of casual users open to those same terrorists infiltrating their phones and grabbing their bank account passwords, etc.
Law enforcement will solve a few more crimes, committed by unwitting criminals who didn't think to add additional encryption on top of the weakened encryption in the operating system.
Casual users like you and me and your kids and wife will be more subject to snooping by hackers, some of which will be working for the fund-raising departments of terror organizations.
Terrorists will hold up this incident and the fallout from it as a major victory in their attempts to weaken and manipulate free society.
Well put, and worth forwarding to our representatives. I can add an encryption layer to my communications, but would still be vulnerable to a thief, terrorist, or other group wanting to do harm having access to my keychain access, and access to my home (via home automation).
This would be a step back in the progress made to reduce the desirability to steal iPhones.
The iPhone is locked by a passcode that is combined with a hardware key built into each iPhone at manufacture. This hardware key is randomly generated and encoded into the silicon inside each iPhone AND IS NOT KNOWN EVEN TO APPLE. So to unencrypt data on an iPhone, you need the user passcode and the hardware key, which exists only in the phone's hardware.
To decrypt the data on an iPhone you need to enter the password ON THAT IPHONE so that the password gets combined with that iPhone's hardware encryption key. Taking the data off the phone and trying to decrypt it elsewhere won't work because you won't have the hardware key portion of the combined encryption key.
So you need to enter each password guess into the iPhone you are trying to unlock. And the iPhone has a security feature that wipes all the data in the phone after ten consecutive incorrect password attempts. This feature is what makes a simple four digit passcode such a strong security measure. Without that feature, it would be a simple process to manually sit there and try one password after another until you went through all 10,000 combinations. The FBI, or a school kid with a couple extra days on his hands, could break into any iPhone. But if the phone erases itself after ten unsuccessful password tries, then you won't dare even try to unlock it, as you'll have only a 10 in 10,000 chance of guessing the correct password and the consequences of that tenth incorrect guess is that you'll lose the data you're after.
The FBI is demanding that Apple remove this security feature so that they can simply brute-force the password. 10,000 tries, even if done manually, wouldn't take very long. Of course, they are also asking for two additional weaknesses. One is to allow passwords to be sent to the phone electronically (wirelessly). That would save time over manually sitting there trying one after another passcode. And the other is to remove a delay the software inserts between passcode attempts, so that it could blast passcodes at the phone at a very fast clip. You'd ask for these two additional weaknesses only if you are planning on turning this into a tool for law enforcement to use over and over. So that puts the lie to the FBI's stance that they want this only for this one time.
Apple is not being asked to use any method they want to just get the data. Apple is being demanded to build a forensic tool for law enforcement's repeated use. Apple, and those of us knowledgable about this sort of thing, knows that this tool will need to be maintained and documented, and submitted into evidence to be inspected by defense attorney experts, because defense attorneys will want to be certain that the tool does not modify the evidence it makes available. This is how the tool will get out into the wild, and when it does then none of us will have any security unless we install additional encryption software on top of the operating system. Which criminals and terrorists will immediately do, leaving them safe from law enforcement search while leaving the vast majority of casual users open to those same terrorists infiltrating their phones and grabbing their bank account passwords, etc.
Law enforcement will solve a few more crimes, committed by unwitting criminals who didn't think to add additional encryption on top of the weakened encryption in the operating system.
Casual users like you and me and your kids and wife will be more subject to snooping by hackers, some of which will be working for the fund-raising departments of terror organizations.
Terrorists will hold up this incident and the fallout from it as a major victory in their attempts to weaken and manipulate free society.
A couple more points:
1. Passcode being sent electronically does not necessarily mean wirelessly. Could be a wired keypad or wired device acting as a keypad. Apple currently only allows passcode entry via the on-screen keypad, thus they would have to further modify the iOS software to allow passcode entry via a wired or wireless device.
2. To make the changes to the chipsets inside an iPhone Apple has to 'flash the ROMs' by sending a 'signed' update using Apple's secret electronic signature. Normally this occurs via 'Software Update' where the user has to manually enter their passcode to authorize the download and install process. Apple Store Genius Bar employees USED TO be able to do this for a customer without entering the passcode by putting the iPhone into a 'factory mode' and updating the software while wired to a Mac/Mac Server. What people forget is that doing this erases the iPhone (on purpose) after which the customer must now set up the phone and download their saved data via iCloud or from their own computer via iTunes. The FBI wants a version of iOS that will install the modified iOS and NOT erase the data. THIS IS THE BIG BUGABOO! If Apple does this (which I'm sure they could because they have excellent engineers and coders) AND if this revised, less secure software gets into the wild, which it will under our current court system, then criminals and other nefarious entities will have a means to 'break' any iPhone, causing an immediate increase in stolen iPhones, AGAIN. We already went through this with high thefts rates in NYC, San Francisco and L.A. With the mayors of those cities threatening to sue Apple and others for NOT having their phones more secure! Now NYC wants Apple to make their phones less secure, reverting back to a time when thefts (and muggings and deaths) were rampant!
3. If Apple does build this forensic tool and does perform the work for law enforcement, they become a de facto 'agent of the state' for which other countries can now use as an excuse to ban Apple products, particularly iPhones, from their countries. Basically, the ruination of Apple as their products can no longer be trusted to be secure. Already there are proposals in the U.S. to ban any phone without a 'back door' for law enforcement (and spy agencies), and France is proposing heavy fines for not assisting their security agencies, and other are proposing to ban phone without heavy encryption. So what is a company to do? Make the same phone with different iOS software for different countries? If they do that, then the one's wanting 'secure' phones will purchase their phones from countries demanding security and not purchase phone sold in the USA. Like I said, the end of iPhone sales and the decline of Apple as an entity.
I'm sure others can add other very plausible scenarios to what I wrote above.
One more scenario, and one all mobile device users need to understand.
The current sham is against Apple but the ultimate precedent that WILL be set by a successful FBI and DOJ attack on Apple is that all phones will be subject to the same requirements. That means all Android phones, all Microsoft phones, all Blackberry phones and server, and anything else that uses encryption that any form of government agency, whether US of foreign, wants to break into. Nobody's devices will be secure, not just people using Apple devices. I don't believe I've heard this stated from any TV commentator or even Apple during their discussions. I also haven't seen comments from the many Apple haters on this topic so maybe they understand this but if they don't, it's about time you join Apple users in fighting this illegal and unconstitutional activity by our government.
First of all she doesn't have a clue. Second they are asking for a back door plain and simple. And they are asking for Apple to work for them literally to rewrite an entire operating system and make it weaker with a door that anyone can use. Third that door would lead to other governments not friendly with the US to ask or just break in and steal all kinds of data which could be disastrous if you work for some corporation. Fourth that leads to criminals getting our data which could lead to mass identity theft. Lynch doesn't know anything and should keep her mouth shut. It's not just about 1 phone or 12, it's about all data, hardware, and services that could be open to attack if they keep asking to open these doors. A horrible terrific mistake. Write your congressman, the president and let them know this cannot happen.
We just need to wait this out. At some point either the courts or Congress will do something to finally resolve this, one way or another. Keep in mind everybody believes what they are saying is true. The problem is not giving the government access to this phone or all phones, it is when the government observes something they don't like and cannot find it to be illegal, then using some obscure law like the Writs Act to take action. See I don't think the government realizes that it will do what Apple is saying. Maybe none of the people now involved like the Director of the FBI or the Attorney General would abuse the new capability, but what about the next one. That is one thing we know for sure that there are people out there that would abuse this to the fullest and they are also the ones that will work very hard to get into a position to do so.
1) True about obtaining a used iPhone - but the county owns the phone and did not obtain a used iPhone. It's a county-owned phone for work, the user had no expectation of privacy, and the data belongs to the county. The county should have had some MDM system to control this. The issue at hand is not whether the government has the right to access the data - of course they do and for multiple reasons. The issue is whether Apple can be forced to develop a tool to circumvent the device security. Would not even have come up if the county had used MDM.
2) Good question. There is probably a way to do this. Plenty of folks die without disclosing their password to their next of kin - must be a lot of folks just forgetting the passwords. I suppose it would be bad form to use the finger of the deceased at an open casket funeral to unlock the phone.
The county has no right to the data on the phone. They probably monitored much of it in transit via web-proxy and email server - at least while on the corporate network - but as you said - if they cared about the data on the phone itself - they would have used an MDM solution from Airwartch, Radia or any of the less popular MDM solutions. By choosing NOT to use MDM and by allowing end users to configure their devices with a personal account - they have given up any right they may have had to the data residing on the phone. I'm not sure the employer ever had the legal right to ALL of the data on the phone anyhow - particular the location tracking that may have occurred outside of work hours. Different companies have different policies regarding personal use of employer provided computers and mobile devices. If this employer allowed personal use, would that mean they are entitled to all the Facebook messenger conversations that were cached on the device because you installed the app?
Just FYI, I am familiar with examining seized electronic evidence. The county certainly does have a right to the data on the phone and so does the FBI. They just can't make Apple get it for them. An employee has some reasonable expectation of privacy but if there's probable cause that they're breaking the law, don't count on it.
U.S. Attorney General Loretta Lynch toed the line in an appearance on The Late Show with Stephen Colbert on Thursday, and reiterated that the government is merely requesting Apple for help in unlocking a single iPhone linked to last year's San Bernardino terror attack, not a backdoor into iOS.
While not the main topic of discussion, Colbert touched upon the contentious encryption debate sparked by Apple's resistance of a court order compelling its assistance in the ongoing FBI investigation.
"Well, you know we've disagreed publicly in court, and I've had a number of great discussions with [Apple CEO] Tim Cook on issues of privacy," Lynch said. "What I'll say about this, though, is I understand why this is important to everybody, because privacy is an important issue for everyone. It's important to me as the attorney general, it's important to me as a citizen."
Attempting to provide context, Colbert incorrectly claimed the Department of Justice wants Apple to create a backdoor into iPhone, specifically a device issued to terror suspect Syed Rizwan Farook by his former employer the San Bernardino County Health Department. As stated in legal briefs and a very public campaign for public sentiment, the DOJ is asking Apple to create and sign an intentionally flawed version of iOS to suppress the passcode attempt counter on Farook's phone. FBI agents will brute-force the device to extract actionable data pertaining to the case, if any is present.
Colbert brought up one of Apple's main contentions in its case to resist government pressure, noting that the creation of a new operating system puts undue burden on the company's resources. He also made note of the slippery slope argument presented by Cook and other Apple executives in recent interviews.
Apple has argued that a government win in the San Bernardino court case sets dangerous precedent for future law enforcement requests. The FBI and fellow agencies would be granted a powerful tool that could one day be used to compel technical assistance far beyond software construction. For example, Cook and SVP Eddy Cue said in separate interviews that government agents might leverage precedent to force Apple to remotely turn an iPhone camera or microphone.
"First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead."
Lynch said much the same in an interview earlier this month when she suggested Apple treat the case like a normal customer service call.
Last night's segment comes on the heels of a court filing from federal prosecutors in support of the government's request of Apple, a letter that both addressed and attempted to dismantle each of Apple's assertions.
Apple and the DOJ are set to discuss the issue in court on March 22.
Well, then if this idiot says the government is not asking for a backdoor, then Apple does not have to write a new version of iOS. Case closed. Apple can simply state it has done all it can.
Comments
1. Passcode being sent electronically does not necessarily mean wirelessly. Could be a wired keypad or wired device acting as a keypad. Apple currently only allows passcode entry via the on-screen keypad, thus they would have to further modify the iOS software to allow passcode entry via a wired or wireless device.
2. To make the changes to the chipsets inside an iPhone Apple has to 'flash the ROMs' by sending a 'signed' update using Apple's secret electronic signature. Normally this occurs via 'Software Update' where the user has to manually enter their passcode to authorize the download and install process. Apple Store Genius Bar employees USED TO be able to do this for a customer without entering the passcode by putting the iPhone into a 'factory mode' and updating the software while wired to a Mac/Mac Server. What people forget is that doing this erases the iPhone (on purpose) after which the customer must now set up the phone and download their saved data via iCloud or from their own computer via iTunes. The FBI wants a version of iOS that will install the modified iOS and NOT erase the data. THIS IS THE BIG BUGABOO! If Apple does this (which I'm sure they could because they have excellent engineers and coders) AND if this revised, less secure software gets into the wild, which it will under our current court system, then criminals and other nefarious entities will have a means to 'break' any iPhone, causing an immediate increase in stolen iPhones, AGAIN. We already went through this with high thefts rates in NYC, San Francisco and L.A. With the mayors of those cities threatening to sue Apple and others for NOT having their phones more secure! Now NYC wants Apple to make their phones less secure, reverting back to a time when thefts (and muggings and deaths) were rampant!
3. If Apple does build this forensic tool and does perform the work for law enforcement, they become a de facto 'agent of the state' for which other countries can now use as an excuse to ban Apple products, particularly iPhones, from their countries. Basically, the ruination of Apple as their products can no longer be trusted to be secure. Already there are proposals in the U.S. to ban any phone without a 'back door' for law enforcement (and spy agencies), and France is proposing heavy fines for not assisting their security agencies, and other are proposing to ban phone without heavy encryption. So what is a company to do? Make the same phone with different iOS software for different countries? If they do that, then the one's wanting 'secure' phones will purchase their phones from countries demanding security and not purchase phone sold in the USA. Like I said, the end of iPhone sales and the decline of Apple as an entity.
I'm sure others can add other very plausible scenarios to what I wrote above.
This is the true flaw of democracy - that everyone is entitled to their opinion - and it's this very flaw that is destroying democracy. Well, what remains of it in the US.
Good-bye Constitution. You had a good run, Amendments.
She has the technological savvy of a rotten corpse.
The utter incompetence of the god damn FBI got them there; it's not Apple's task to reassemble a device after it has been smashed to bits.
"customer service call".... They fracking already did all that. Can't believe the shit she's peddling.
She knows she's lying and just telling it with god damn straight face too.
She has no fucking clues about anything technical and weirdly enough she has no clue about the legal implications of this too (or she doesn't give a shit).
Even if you could do item 2, you still cannot change the passcode via fingerprint. That has to be done via the touch keyboard.
Also, if the iPhone was ever turned off, then back on, Touch ID is not active until the passcode has been entered.
Things get sticky when dealing with the DOJ. If your Dad was on trial, he doesn't have to divulge his passcode or passwords (maybe). Since you know them, you might be ordered to turn them over because you don't have the same 5th amendment rights. Putting your passwords into any encrypted application of storage device can protect them, that is until the government figures out a way to force you to divulge those passwords regardless of whether you/we have any current rights not to.
As for MDM software, and this is for everyone else who says the San Bernardino County should have been using it, it's been reported by other San Bernardino County employees that they were using MDM software and everyone knew they were and knew they didn't own any of the data on the phones they were using so they "never" used them for personal use. If you've ever worked for any respectable government agency, you've signed documents accepting the conditions of use. I know I had to sign them. What I don't understand about their MDM software, and the (stupid) FBI decision to tell the County to change the passcode or AppleID, is what they actually changed and how they changed it. If the MDM software they were using was installed and configured properly, they wouldn't have needed to change anything, they could have used their admin account to unlock the phone or at least had it perform a backup to the County's servers. I still don't understand why they were backing up an MDM-managed phone to iCloud instead of to the MDM server.
This would be a step back in the progress made to reduce the desirability to steal iPhones.
The current sham is against Apple but the ultimate precedent that WILL be set by a successful FBI and DOJ attack on Apple is that all phones will be subject to the same requirements. That means all Android phones, all Microsoft phones, all Blackberry phones and server, and anything else that uses encryption that any form of government agency, whether US of foreign, wants to break into. Nobody's devices will be secure, not just people using Apple devices. I don't believe I've heard this stated from any TV commentator or even Apple during their discussions. I also haven't seen comments from the many Apple haters on this topic so maybe they understand this but if they don't, it's about time you join Apple users in fighting this illegal and unconstitutional activity by our government.
Lynch doesn't know anything and should keep her mouth shut. It's not just about 1 phone or 12, it's about all data, hardware, and services that could be open to attack if they keep asking to open these doors. A horrible terrific mistake. Write your congressman, the president and let them know this cannot happen.
Well, then if this idiot says the government is not asking for a backdoor, then Apple does not have to write a new version of iOS. Case closed. Apple can simply state it has done all it can.