US Attorney General Loretta Lynch talks iPhone encryption case with Stephen Colbert

13

Comments

  • Reply 41 of 67
    mike1mike1 Posts: 3,018member
    tenly said:
    nitrokev said:
    A lot of people are starting to leave their passwords in their will, that way your son could unlock your phone once you have gone, and no apple don't unlock even with a certificate
    That's a very bad thing to do.  The contents of a will are public.  If someone gets the password before the intended, grieving recipient has a chance to change it - they could steal the account.   It might even still have a valid credit card attached to it - they could purchase loads of music and even demand a ransom for the return of the account...  People should be advised not to leave passwords in their will...however I don't know what the best way to handle the situation would be.

    Don't be silly. It's not left in the will, per se, but the password is bequeathed to somebody, just like the contents of a safe deposit box. If you put the password in an envelope and leave with your attorney, then when the will is administered, somebody gets the envelope.
    lostkiwi
  • Reply 42 of 67
    "We don't comment on ongoing investigations - except the iPhone one... that one we need to tell everyone about because we want the SECURITY OF THE CHILDREN!"
    You can see her tell when she knows that she is lying - she looks down and to the right.
    radarthekatlostkiwi
  • Reply 43 of 67
    SpamSandwichSpamSandwich Posts: 33,407member
    tenly said:
    [quote]First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead.[/quote]

    The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county.  Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.

    Hey - here's an unrelated question.  I have an iPhone protected by the Activation Lock feature.  Nobody has my Apple ID password.  What happens if I die unexpectedly?  If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID?  Will Apple disable the Activation Lock upon presentation of a death certificate?
    Not only that, but Apple remains the owner of the software on the phone. Software is LICENSED to the owner of the phone. The rights to the software itself remain with Apple alone.
  • Reply 44 of 67
    freerangefreerange Posts: 1,595member
    "Attempting to provide context, Colbert INCORRECTLY claimed the Department of Justice wants Apple to create a backdoor into iPhone" INCORRECTLY??? WTF AppleInsider. This IS a backdoor!!!!!! If doing this allows them to then easily break into the phone it is a fk'n backdoors! Period! Quit repeating the absolutely moronic position of the government! Otherwise go work for the National Enquirer....
    edited March 2016 retrogustoxamax
  • Reply 45 of 67
    Yeas Loretta, Americans do not trust the DOJ. You let Jim Clapper and Keith Alexander off the hook after lying under oath to Congress, yet you coerce companies to do what you want with your unconstitutional overreach of power. 
    edited March 2016 SpamSandwichlostkiwi
  • Reply 46 of 67
    xmhillxxmhillx Posts: 112member
    Wait, what?

    Two issues I take here:

    1) "That isn't what we're asking". That's manipulative wording. It's akin to saying "I'm not asking you to punch me in the face. I'm asking you to swing your arm at a very high rate of speed with a trajectory towards my face". It's not a lie, gov isn't asking with those words. So it's true on paper.
    "We're not asking you to break the chicken egg...... we're asking you to throw the chicken egg really high in the air and catch it with your hands. Two distinct requests". Which is a literary truth. Not a practical truth. 

    2) "We're asking for what the owner of the phone wants, why won't Apple do it?" That argument wouldn't apply in a lot of circumstances. Why would she argue with that? As the owner of my iPhone, I want apple to write a new OS only for me and with the features I want and the way I want them to work..." 
    That argument is silly. Because that's the argument she put forth on national tv, that tells me she either has not stronger arguments or she's is pandering to the emotions of the viewership. 
  • Reply 47 of 67
    rob53rob53 Posts: 3,008member
    rob53 said:

    jbdragon said:
    I was going to add, that Smart people leave their Passcodes in their Will or Locked in a safe where family members can get into.  I know my Dad's Passwords.  If you use LastPass, you can set a Passcode where you say you need 4 out of 8 people with a code, which any 4 of the 8, or 5 out of 10, or whatever you have it set can then get into your Password Vault.  Your friends or family aren't going to try to gain access when you're alive.  This is how LastPass decided to set it up.   Again, any company can setup MDM software on their business owned Android or iPhones which allows them to gain access when the person leaves or is fired, etc!!!  It's not Apple's problem that the business was too cheap to do it.  Apple can no longer get into phones.  That all changed with iOS8 and newer.  

    Things get sticky when dealing with the DOJ. If your Dad was on trial, he doesn't have to divulge his passcode or passwords (maybe). Since you know them, you might be ordered to turn them over because you don't have the same 5th amendment rights. Putting your passwords into any encrypted application of storage device can protect them, that is until the government figures out a way to force you to divulge those passwords regardless of whether you/we have any current rights not to. 

    As for MDM software, and this is for everyone else who says the San Bernardino County should have been using it, it's been reported by other San Bernardino County employees that they were using MDM software and everyone knew they were and knew they didn't own any of the data on the phones they were using so they "never" used them for personal use. If you've ever worked for any respectable government agency, you've signed documents accepting the conditions of use. I know I had to sign them. What I don't understand about their MDM software, and the (stupid) FBI decision to tell the County to change the passcode or AppleID, is what they actually changed and how they changed it. If the MDM software they were using was installed and configured properly, they wouldn't have needed to change anything, they could have used their admin account to unlock the phone or at least had it perform a backup to the County's servers. I still don't understand why they were backing up an MDM-managed phone to iCloud instead of to the MDM server. 
    Just found an article, http://losangeles.cbslocal.com/2016/02/21/san-bernardino-county-paid-for-but-didnt-install-software-that-would-have-let-fbi-unlock-attackers-iphone/, that "says" the IT people at the San Bernardino County office did NOT install the MDM software they paid for. This conflicts with other information I've read but it doesn't surprise me that they didn't install it even though other County employees were under the impression it was.

    Here's why I don't trust many IT people, especially managers and spokespersons:

    "San Bernardino had an existing contract with a technology provider, MobileIron Inc., but did not install it on any inspectors’ iPhones, county spokesman David Wert said. There is no countywide policy on the matter and departments make their own decisions, he said.

    Wert disputed the value of the remote management technology because he said Farook — or any other county employee — could have removed it manually. That would have alerted county technology employees and led them to intervene."

    MobileIron has a good MDM system, which would have worked fine in this case. The real issue continues to be the utter lack of understanding by people in charge, including those representing the grand old state of California where I lived and worked for a long time, regarding any kind of computer security. I spent years dealing with computer security in California yet these idiots in San Bernardino aren't competent enough to open their eyes and demand proper protection of government equipment. Every single one of these people should be fired and/or imprisoned. The State of California has computer security regulations so the County has to have them as well. The County is the one that's at fault, not Apple, so the DOJ needs to go after the County for mismanaging government computing devices. 

    As for Farook or anyone else disabling the MDM software, no way in hell can this be done on a properly configured iPhone. All they could do, and I'm not sure on a newer phone they could even do this, is totally wipe the phone but all MDM software monitors managed phones and this would have shown up in the MDM's monitoring software and the IT people would have required the phone to be returned for re-installing of the MDM software. It's the County's fault they couldn't get the data and they should be held liable. Apple did their job to protect the County's data, MobileIron did their job by providing good MDM software. The data is gone, deal with it. 


  • Reply 48 of 67
    tzeshantzeshan Posts: 2,351member
    Apple's best defense is to tell Americans a backdoor will allow terrorists to prey on Americans.  But this defense will alienate defense-industrial complex.  Because if the world is safer than there is much less need for Congress to grant trillions of dollars to defense-industrial complex.  
    lostkiwixamax
  • Reply 49 of 67
    imagladryimagladry Posts: 102member
    Gee, This case must be really important. I've never seen the US Government and the Justice Department try so hard to get a case heard in the court of public opinion. They've always stuck to the Courts of Justice, with the belief that the law is on their side. Now, they seem to be trying to convince J.Q. Public that the FBI should have its request fulfilled. That is one of the scariest precedence of Apple v. FBI.
    lostkiwixamax
  • Reply 50 of 67
    jfc1138jfc1138 Posts: 3,090member
    tenly said:
    [quote]First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead.[/quote]

    The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county.  Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.

    Hey - here's an unrelated question.  I have an iPhone protected by the Activation Lock feature.  Nobody has my Apple ID password.  What happens if I die unexpectedly?  If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID?  Will Apple disable the Activation Lock upon presentation of a death certificate?
    You bequeathed the phone bit not the information. He's going to get a nice paperweight there.
  • Reply 51 of 67
    jfc1138jfc1138 Posts: 3,090member

    jungmark said:
    Lynch is full of sh1t. It's not just one phone. It sets a precedent for all future requests. Today it's terrorism, tomorrow it's protesters. 
    Which her very own FBI Director already admitted to in open Congressional testimony.
  • Reply 52 of 67
    focherfocher Posts: 687member
    rob53 said:
    As for MDM software, and this is for everyone else who says the San Bernardino County should have been using it, it's been reported by other San Bernardino County employees that they were using MDM software and everyone knew they were and knew they didn't own any of the data on the phones they were using so they "never" used them for personal use. If you've ever worked for any respectable government agency, you've signed documents accepting the conditions of use. I know I had to sign them. What I don't understand about their MDM software, and the (stupid) FBI decision to tell the County to change the passcode or AppleID, is what they actually changed and how they changed it. If the MDM software they were using was installed and configured properly, they wouldn't have needed to change anything, they could have used their admin account to unlock the phone or at least had it perform a backup to the County's servers. I still don't understand why they were backing up an MDM-managed phone to iCloud instead of to the MDM server. 
    What has been reported is that, while the county of San Bernardino does have and use MDM, the particular county agency in this case was not using it. A device enrolled in an MDM service can have it's passcode reset and the device unlocked. Without that enrollment, the device has no way to receive and verify a command to do those things. By the way, MDM doesn't provide any backup service or functionality. If you want to see what MDM can manage on an iOS device, you can download the free Apple Configurator 2 in the Mac App Store.
  • Reply 53 of 67
    The AG suggests that Apple should do what their customer (in this case the county) is requesting. Resetting the passcode is not a service Apple can provide with iOS 9. To say otherwise is (to quote Tim Cook himself) "political crap." Apple does suggest several methods to restore your phone without losing data if you forget your passcode: https://support.apple.com/en-us/HT204306. As Apple has said repeatedly, these options were presented to the DOJ but hasty actions by their agents made the options useless. So it's not Apple's fault that the data can't be recovered, it's the DOJ. If they had been more careful, and contacted Apple sooner, this whole thing could have been solved a long time ago. Furthermore, while it is true that the DOJ is not asking specifically for a backdoor into all iOS installation, the solution to forcibly accessing this single iPhone would be an enabling technology which could easily lead to the creation of a backdoor. And that is what makes it so dangerous. If it were well know that this technology exists in the government, it would definitely be a popular target for hackers. Given the government's inability to secure it's own systems (the IRS alone has had at least a half million taxpayer records hacked in the past 12 months) they would most likely be able to acquire it. With such a track record, winning the opinion of the people with be a struggle. Kudos to Apple for having the courage to stand up against government overreach.
    SpamSandwichfastasleep
  • Reply 54 of 67
    xamaxxamax Posts: 135member
    rob53 said:

    jbdragon said:
    I was going to add, that Smart people leave their Passcodes in their Will or Locked in a safe where family members can get into.  I know my Dad's Passwords.  If you use LastPass, you can set a Passcode where you say you need 4 out of 8 people with a code, which any 4 of the 8, or 5 out of 10, or whatever you have it set can then get into your Password Vault.  Your friends or family aren't going to try to gain access when you're alive.  This is how LastPass decided to set it up.   Again, any company can setup MDM software on their business owned Android or iPhones which allows them to gain access when the person leaves or is fired, etc!!!  It's not Apple's problem that the business was too cheap to do it.  Apple can no longer get into phones.  That all changed with iOS8 and newer.  

    Things get sticky when dealing with the DOJ. If your Dad was on trial, he doesn't have to divulge his passcode or passwords (maybe). Since you know them, you might be ordered to turn them over because you don't have the same 5th amendment rights. Putting your passwords into any encrypted application of storage device can protect them, that is until the government figures out a way to force you to divulge those passwords regardless of whether you/we have any current rights not to. 

    As for MDM software, and this is for everyone else who says the San Bernardino County should have been using it, it's been reported by other San Bernardino County employees that they were using MDM software and everyone knew they were and knew they didn't own any of the data on the phones they were using so they "never" used them for personal use. If you've ever worked for any respectable government agency, you've signed documents accepting the conditions of use. I know I had to sign them. What I don't understand about their MDM software, and the (stupid) FBI decision to tell the County to change the passcode or AppleID, is what they actually changed and how they changed it. If the MDM software they were using was installed and configured properly, they wouldn't have needed to change anything, they could have used their admin account to unlock the phone or at least had it perform a backup to the County's servers. I still don't understand why they were backing up an MDM-managed phone to iCloud instead of to the MDM server. 
    Maybe you're looking at it the wrong way. It doesn't make sense the same way that stating its just once doesn't make sense. Maybe this is not what it seems? Maybe that's why Apple it's reacting this way, because pf it all being a stunt to achieve something else such as precedence?

    Thing is, they know - NSA must spy on Apple - that Apple will launch an unbreakable iPhone in the near future and the feds want in before that happens. They already get in phones through rigged free Apps etc, what they want is Law based power, to make it a case of terrorism and not a case that an iPhone is an extension of the users' mind - yes you write your thoughts there in so many ways - and once in they can know everything and control everyone. Also, we are heading towards the crypto currency reality which from Apple and many people's will may be uncontrollable or from secret government will fully controlled. You know, like it was written in the bible regarding 666, search in Revelation
  • Reply 55 of 67
    xamaxxamax Posts: 135member

    sog35 said:
    The real questions should be:

    1. Why did the government hire a terrorist?
    2. Why did the government not track the terrorist WORK phone?
    3. Why did the government not act on the information that the wife of the terrorist openly supported ISIS?


    Those are the REAL questions.  Those are the REAL issues that show where the REAL failure is.  Law enforcement had this information or should have know about this information and did nothing. 
    It's starting to sound like the twin towers thing. If a situation doesn't make sense then start working on what would make sense even if you're afraid of the answer. If they knew it and didn't act then, was it really a failure? Don't be naive man.
    fastasleep
  • Reply 56 of 67
    xamaxxamax Posts: 135member
    dewme said:
    If the owners of the phone wanted to exert total and absolute control over the phone they would have used mobile device management (MDM) software to manage the phone. These tools are readily available and used by thousands of commercial and government entities around the world. They chose not to use MDM either through ignorance or choice. So now, having failed to take the actions necessary to properly control their own assets and information they want Apple to mitigate their chain of ineptitude by compromising every single one of Apple's billions of other customers because they consciously made bad business and management decisions around protecting themselves, their assets, and their information. This is the United State of Litigious America - you screw up - then you find a way to blame your screw up on someone else. To see a government official playing spin games and trying to fabricate a fictional narrative in order to cover their tracks, agenda, and evil intent is appalling. 

    This is yet another great example that shows how inept, inefficient, and ineffective government agencies are as a whole. Yeah, they're understaffed, underfunded, don't get to skim from the top of the talent pool, some are ridiculously underpaid for the responsibilities they hold, some are grossly overpaid for the load they add to the system, everyone loves to hate them, and they are frustrated and jealous of the compensation that their peers in industry enjoy. But in many parts of the country the government is the largest employer and government jobs and bureaucracy are basically what keeps the unemployment rate less than 30-40% that it would otherwise be. When you add in government contractors and other entities sucking money from the never ending supply of money in government coffers - all of which is squeezed from taxpayers, the impact of government bureaucracy on everyday life in the US is staggering. If not for the relatively few private entities, Apple included, that actually create wealth and value outside of the constantly flowing pipeline of government spending we'd all be working for the government. You could argue that the US government creates and secures an environment in which companies like Apple can be successful - and to a large extent you'd be right - if it were 1975 today. But in a global economy the situation has changed.

    The only way companies like Apple can be successful on a global scale and in the global economy is to have global credibility around protecting the fundamental rights of all of its customers in all of the markets it serves. It has to provide products that are intrinsically secure and private. If individual countries or other entities decide that they don't want to allow Apple's products to be used in their pure form in their environments, there are non-Apple tools like MDM to allow masters of government and industry to foist control over their subjects. The tools are there. If the FBI, NSA, DOJ, or a mom & pop hot dog stand business issues an asset that they need total control over to their subjects that is their prerogative and a condition of employment for everyone who signs on with the employer. That's the way it should work. All these terrorphobics who think the FBI should have the power to compel Apple to break their product for the investigation of a crime should have no opposition to signing up to have an FBI managed MDM system installed on their phone. Make it opt-in and then we'll see how many people would back their commitment to law enforcement based on the will of the enforcer. On the other hand the government should not be allowed to force Apple to automatically and universally opt-in all of its customers into an expansion of the mass surveillance programs already in place. Those kinds of actions should not take place in a democracy. Maybe in North Korea, Nazi Germany, Soviet Union, or whatever rebranding would come to the US if Trump becomes Grand Master of the Republican Party - maybe Trumpsylvania? 

    The bottom line: owners of smartphones already have ways to provide total control of their devices in a way that circumvents the Apple provided privacy protections. If they choose not to use these tools that's their problem, not Apple's. If other owners of devices want to opt-in to other device management programs run by other agencies, say the FBI, DOJ, Google, or whatever, they should be allow to do so by by choice. Anything less than "by choice" is unacceptable. 

     


    This is totally brilliant. I'm happy to see that more and more awakened people are showing up. Times they are a-changing. Let's see what happens
  • Reply 57 of 67
    xamaxxamax Posts: 135member
    sog35 said:
    What many FBI supporters are forgetting is if Apple builds a backdoor then the FBI can easily plant evidence on your phone.

    How easy would it be for a rouge FBI agent who is desperate to prosecute someone to:

    1. remotely hack into your iPhone
    2. download incriminating evidence on your phone
    3. use your phone to send emails to know terrorist

    These are serious questions.

    Criminals could also plant evidence on your phone and demand ransom.  Imagine if a criminal hacks into your phone and plants pics/video's that could have you thrown into jail?  It can ruin your marriage, your reputation, your life.  It is VERY difficult to plant physical evidence in a person's home. It requires a warrant and multiple people to conspire. But to plant digital evidence of criminal behavior on a phone would only take 1 person and 2 minutes.  Scary as hell.
    Brilliant post! Thank you!
  • Reply 58 of 67
    tenlytenly Posts: 710member
    tenly said:
    [quote]First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead.[/quote]

    The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county.  Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.

    Hey - here's an unrelated question.  I have an iPhone protected by the Activation Lock feature.  Nobody has my Apple ID password.  What happens if I die unexpectedly?  If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID?  Will Apple disable the Activation Lock upon presentation of a death certificate?
    Someone help me out here.
    How did this post earn 3 dislikes?

    The only statement I made in it is that "ownership of a phone does not necessarily equal ownership of the data stored on it"...  Which I thought was common knowledge and pretty obvious.  The owner of the data is the owner of the Apple ID.  In most cases, the owner of the phone also owns the Apple ID it is configured to use - but there are plenty of cases where that is not true!  For example, a parent buying a phone for their kid to use, a husband letting his spouse use his old phone, a rented, leased or temporary loaner phone.  In all those cases, the owner of the phone is different than the user of the phone and the owner most definitely does NOT own the users data.

    Is that really what people disliked?  Or did they misread the quoted first paragraph - not realize it was a quote from the article and "disliked" it because they thought they were my words?  

    If so - I guess it's my fault for not quoting it properly - but I can never seem to make it work right when posting from my phone.  Is there a trick to quoting things when posting from Safari on an iPhone?


  • Reply 59 of 67
    tenlytenly Posts: 710member
    nitrokev said:
    tenly said:
    "First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead."

    The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county.  Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.

    Hey - here's an unrelated question.  I have an iPhone protected by the Activation Lock feature.  Nobody has my Apple ID password.  What happens if I die unexpectedly?  If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID?  Will Apple disable the Activation Lock upon presentation of a death certificate?
    A lot of people are starting to leave their passwords in their will, that way your son could unlock your phone once you have gone, and no apple don't unlock even with a certificate
    I want referring to a passcode unlock.  I was referring to the Activation Lock feature that was designed to prevent a thief from being able to wipe the phone and set it up as a brand new phone.  It has nothing to do with privacy or encryption.  It's strictly a theft deterrent.  I would expect that this happens frequently enough that Apple must by now have a process in place that can be followed to have them disable that feature.

    Without that, I suppose a person could try to reset the Apple ID password - but that could require access to the deceased persons email account.  It could however be easier to get an ISP to turn over email credentials upon proof of death.
  • Reply 60 of 67
    crowleycrowley Posts: 10,353member
    sog35 said:
    What many FBI supporters are forgetting is if Apple builds a backdoor then the FBI can easily plant evidence on your phone.

    How easy would it be for a rouge FBI agent who is desperate to prosecute someone to:

    1. remotely hack into your iPhone
    2. download incriminating evidence on your phone
    3. use your phone to send emails to know terrorist

    These are serious questions.
    Not easy at all.  The FBI aren't asking for any remote access capability at all; they're asking for Apple to apply a modified version of iOS in a controlled environment that overrides the password attempt feature.  The FBI aren't even asking for the code, or for the code to be retained by Apple.  That's why they're able to say that this request only applies to this one phone.

    And if planting evidence is your major concern, there's really no unique problem with that here.  If your hypothetical rogue FBI agent were so desperate they could plant evidence in any number of places that are far easier for them to access, and don't require a court order.  Emails sent to terrorists once the phone is in FBI custody would be rather suspect.
Sign In or Register to comment.