Apple Reiterates Inability to Unlock iOS Devices Running iOS 8 or Higher in New Court Filing

[Misaki]

I'm not really sure why law enforcement would need access to a device. Online activity as well as voice and sms communication can be accessed without accessing a phone. What they may want though is access to iCloud and iMessage networks. I expect that, regardless of how big Apple is, they will eventually be made to store encryption keys in future IOS releases. Will we be more safe from terrorism? No.

If the cops want the contents of the text messages all they have to do is pull the sim card out, assuming the SIM card hasn't been PIN locked, put it in another device and wait.

The contents of email, skype, imessage, icloud, etc is only partially on the device to begin with. If a suspect is suspected of a crime by which the communication is by text message, the above is correct, pull the sim card. If it's by Skype, then that is overly reliant on the phone to stay logged in.

Smartphones are rapidly being able to replace keys and passwords for services not on the phone itself. So a biometric key should always be connected to a "something you know" key. The biometric should only unlock convenience features (eg Applepay, non-progression games, calculator) without the PIN, and require the PIN to be entered before any data-usage or data-storage is unlocked. For example, dropbox should be inaccessible until the PIN is entered. Games that don't save progress (eg card games) should be allow a guest to play without needing to PIN unlock as long as the owner of the device biometricly unlocked it before starting the game.

The other option of course is to use the "wrong finger" 5 times but much harder to do in a pinch. And of course 99% of people probably use their thumb or forefinger. Hmm, i guess we should all set up our off hand ring finger for touch ID, they'd never suspect that one

You get 10 attempts, you have 10 fingers.

Admittedly, when you have a case on the iphone, it actually makes the touch id harder to operate, so you may nuke your phone simply from holding it wrong.

 

[JCrz]

PSA for all the criminals out there running iOS 7 or earlier: Update your OS!!!

 

[doctor-don]

Apple's encryption changes, implemented in 2014 with iOS 8, have been unpopular with some law enforcement officials. FBI Director James Comey has expressed concern that encryption implemented by companies like Google and Apple lets people "place themselves above the law."

Seriously?

But I would not want my phone being accessed by criminals / thieves, and that is the point of the encryption. While I have never had a phone stolen or even lost, I would not want it to be accessed in the event I did lose it or have it stolen. I PAID for my phone, so why should anyone else be able to use it!

 

[nando87]

The scenario I'm more worried of goes more like:

"Hello, it's the NYPD. We have a report from an individual who claims that her boyfriend repeatedly raped her while videotaping the events on his phone. He doesn't dispute the existence of the video, but claims the sex was consensual and the allegation is revenge for some suspicion of cheating. He refuses to unlock his phone, as per his constitutional rights.

The phone contains definitive proof - either this man is an abusive sexual assaulter, or he isn't. We don't have enough evidence to secure a conviction without this evidence, and will have to let him go unless you can provide the key to decrypt his data."

In olden times, society understood perfectly well that in such circumstances, a person's otherwise-inaccessible personal affects might need to be investigated. That's why they created warrants. Now we've shut the most important places of the 21st century - the digital worlds inside our smartphones - out of the warrant system.

Government surveillance in general is bad, but I feel we will regret how we're reacting to secure our liberty. We're being held hostage by the NSA - either we submit to their privacy-invading schemes, or we make it incredibly hard for local police to perform the targeted, specific police work that is necessary for a functioning society.

How about doing proper police job instead of being so lazy. What if it were the 90s and that video were a VHS which was thrown to the fire. How about scientific tests, investigation, antecedents, following, questions...

But no. Hey, it's easier to blame apple or privacy. I bet that if our ideas could be seen by opening our skull, then there would be a lot of situations when you would agree to do such a thing.

The world will always be violent and unfair in some situations, no matter how little privacy we have. That's no reason for killing our privacy.

 

[citysnaps]

This issue is being allowed to play out to try to convince us that the iOS 8 and above does not have a back door! Believe me, there is one. If anyone believes we have the technology to destroy the planet multiple times over, but can't unlock an iPhone, I would like to sell you a bridge.

Why should I believe you?

 

[MRrainer]

For some reason I like the $5 wrench approach.

The encryption on the iPhone is like a safe. None is impenetrable - they all just buy you time (the more money you spend, generally, the better safe you get and the more time it will take to break it).
The idea of the iPhone encryption (and encryption in general) is to buy yourself time, to get a lawyer, to file a counter-suit - whatever.

 

[samcraig]

Raise your hand if you truly believe Apple can't get into your device if they wanted to. I'm not saying they should. Or that they should be forced to. But I have doubts as to whether or not they could.

 

[ConnYoungy]

This is all fine and dandy, until it's a child molester, or someone who stole something from you, or a mental patient with a bunch of guns.

Firstly, don't assume it's the "mental patients" who are the dangerous ones with guns - it's a separate issue entirely but very few gun crimes are committed by ill people, the media just hypes it that way.

Second, the problem I have with your child molester scenario is that the court would only need to see a phone in that situation if they already suspect the person to have committed that crime. They would need to already have reasonable evidence to be able to get a warrant to see the phone, so hidden child porn on a phone probably wouldn't be a case-closer in any case. It's more likely online activity having been monitored and laptops seized that would lead to a prosecution. There could be hundreds of pedophiles walking around right now with content on their pre-ios8, crack-able phones, but just because the content is or isn't encrypted doesn't mean they're any more likely to be caught - you cant walk past someone in the street and scan their unencrypted phone to see what pictures are on it. Some thoughts on why that argument doesn't hold up.

This is certainly bad but I think you can still fight this in a pinch unless the cops feel that because of this ruling they can just grab your hand physically and apply your finger to unlock the phone.

Unfortunately that's exactly how it works, in the same way that they hold your fingers and move them for you to do your prints

 

[macfoxpro]

Apple this week informed a federal magistrate judge in Brooklyn, New York that it "would be impossible" for the company to access data on a locked iPhone running iOS 8 or later, reports Reuters. Apple was responding to a request from the judge, James Orenstein, to help him decide whether to fulfill a U.S. Justice Department request that would have forced Apple to help authorities gain access to a seized iPhone.

Apple's response is not a surprise, as it is the same thing the company has said several times in the past. Since iOS 8, Apple has stopped storing encryption keys for devices, making it impossible for the company to unlock iPhones and iPads under police request. Without an encryption key, Apple cannot bypass a passcode to gain access to an iOS device.

In a brief filed with the court, Apple said 90 percent of its devices are running iOS 8 or higher and are thus inaccessible. Apple is able to access the 10 percent of devices that continue to use iOS 7 or below, but the company told the judge that being forced to comply with the Justice Department's request could tarnish its brand.Apple's encryption changes, implemented in 2014 with iOS 8, have been unpopular with some law enforcement officials. FBI Director James Comey has expressed concern that encryption implemented by companies like Google and Apple lets people "place themselves above the law."

Just yesterday, Apple CEO Tim Cook told an interviewer encryption is a necessity and that software backdoors are unacceptable, reiterating Apple's long-standing opinion on the subject.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Reiterates Inability to Unlock iOS Devices Running iOS 8 or Higher in New Court Filing

I thought I read that law enforcement could and does have access, but only if and when the device has been backed up in the cloud.
Is this true? And if so, could someone elaborate on this, and how it is achieved by law enforcement?
Thanks.

 

[AdonisSMU]

I support Apple. Enough is enough with the technological intrusion from government into our lives. If we followed the government's logic we should allow the FBI to put cameras in our bedrooms, our cars and everywhere, as it should help capture some criminal. I prefer to have privacy even if it means a slightly higher risk of a criminal getting away.

The government's backdoor is the same door that people will use to steal personal information for nefarious purposes. China, Russia and various other countries will use that backdoor as will criminals.

 

[Jess13]

I can not get over this quote.

Like mining and storing millions of communication records illegally collected from American citizens.

Like not requiring the use of a court system to subpoena information because it's inconvenient or will never been have accepted.

Like attempting to circumvent software designed for consumer protection by using malware to grant that access.

Like giving authority to government entities for full, free access to devices under a law that was never designed to be interpreted under today's technological conditions or by lying about the situation in which those conditions were not actually met.

Let's see..

I'm just going to leave this Snowden related graphic right here

 

[sik08amg]

I guess nothing on Person of Interest is true...

I do though think Apple holds the "key" to unlock these devices and I also think that if someone is suspected of a violent crime or act of terror they should have to relinquish their property, in a state that the information can be accessed. Opinions otherwise are skewed because they currently aren't the victim and until they are, those views will not change.

 

[Benjamin Frost]

The one thing I applaud Tim Cook for is his stance on privacy.

 

[33scottie33]

Why should I believe you?

It would be better for you to answer this question, "Why should I believe Tim Cook?"

 

[alexmarchuk]

Choose an alphanumerical password for both iOS and OSX and have OSX encrypted with FileVault2, keep your key safe and your password. What is the problem again?

Oh yeah, poor security measures.

 

[Tech198]

yay, ...."place themselves above the law."


for me, this only a small part, I go way further than that with privacy and security as to me its #1.... regardless.

however, as a company Apple is sure walking a thin line here... At the end of the day law don't even need to access a "phone that's impossible to get at" since that same data we store is all backup-ed to cloud service..

game over man .....!! different rules apply about law enforcement in the cloud..

However, u have to think are Apple "refusing" an order here, OR are they saying "we don't store keys, and we won't tell u that our secret third party supplier does either."

Guess that bit will always be a mystery. Either way, another impressive act by Apple...

Tip#1: Never use iCloud and u'll be above the law .... oh wait... u do ? oh crap...well, it's been nice knowing ya.

 

[techwhiz]

This is a simple issue:

No, Apple should not have to provide a mechanism to "crack" my phone.

Yes, the courts can and should be able to issue a warrant and compel the owner to unlock it, within the confines of the law, just as they can search your home, your car, etc. with a court order.

If this is unacceptable to the individiual, then he/she has several choices:

1. Ignore the law and be in contempt of court (and jailed for it)
2. Lobby and have the law changed
3. Leave the country
4. Suck it up
5. Destroy your phone before it is admitted into evidence

The courts have recently determined that a password is an extension of our thoughts and an individual cannot be compelled to unlock their phone via password. A fingerprint does not have that exclusion.
http://www.americancriminallawreview.com/aclr-online/phones-fingerprints-and-fifth-amendment/

If it's password protected. "I forgot the password."
Now prove that I did not.

 

[techwhiz]

The whole point is that warrants now basically mean nothing when it comes to smartphones. Whether or not the police obtain a warrant, they can't access your data unless they get the PIN.

"Oooh... you got a warrant. What you gonna do? Call Apple and have them give the key to my iPhone? Nice try, sucker!"

Same thing with a computer that is protected with a hardware password and has filevault.
Criminals in the past encrypted paper communications. They encrypted phone calls.

I don't have an issue.

 

[Tech198]

after re-reading Apple's own PDF about National Security Letters, like any other "to the extent permitted..." there are always *exceptions" or any privacy/security related documents..

i hate that word....

Privacy policies mean nothing to me.. I don't care how much Apple talks about it.

and yes, i can't be compelled to reveal your password, yet u can be compelled with Touch ID...

Strange how this works doesn't it ? A LESS secure method is actually more stronger in law than a "unique" finger that is supposed to be better.

Something u have,,, u can be compelled to press that Home button.... but u can make up anything if only have a password... ("I've been drinking, u caught me on an "off' day come back later, etc...)

 

[techwhiz]

I guess nothing on Person of Interest is true...

I do though think Apple holds the "key" to unlock these devices and I also think that if someone is suspected of a violent crime or act of terror they should have to relinquish their property, in a state that the information can be accessed. Opinions otherwise are skewed because they currently aren't the victim and until they are, those views will not change.

Actually they don't hold the key.
To hold the key at this point would have them in violation of the law, perjury.

 

[Tech198]

put it this way...

If u use a password, its gonna be simple so u can remember it.or complex and it will be stored in a text file, book (third letter of each word "the brown fox jumped over the fence." <example> but had dots other characters mixed in..

in any case, it won't be too hard to crack.

Apple cannot unlock a phone and does not hold the "key", but if u ring then up and answer the questions correction to give u your recovery key stored with Apple to unlock your filevault 2 encrypted hard drive they CAN and will ? Talk abut being selective....

If any own security model was like that with third parties, u could just email them and they will give *your key to your computer* in the same manner, it wouldn't be very good security would it..

I thought the idea was so there was no way in.... not "there is now a backdoor we can use, so we have nothing to worry about if we store our key with Apple" if I even use FV this is also why i ignore this recovery key... cos i don't want another way it...

It's how i do all my encryption..... so i I forget, i should have known better... I have erased my NAS several times because didn't have a "backup" of a encryption key. but for security, i keep one copy only. If i must keep two then its not secure if u loose one key. because there is *another way* in not only for you but for anyone else who gets their hands on it.

 

[dk001]

From your article:



I'm not in favour of government spying in general, but it's scary that the police in this case couldn't access his phone with a warrant. I'll admit I never really considered it's impact on local, 'traditional' policing.

I mean, this guy could have this phone loaded with photos and videos of him abusing his girlfriend -- even make it his wallpaper -- and it's totally sealed from the rest society unless he approves its release.

There is a legitimate need in society to investigate people who are suspected of committing serious crimes. Why would it be okay for them to requisition all of his other personal data from service providers, search his house, car, place of work, etc, but suddenly it crosses a moral line once they search his smartphone?

I mean, read that snippet again. If the cops didn't search the suspect's phone, you'd think they weren't doing their jobs - especially if you were the victim! Smartphones are just such a fundamental part of life today that cutting the police out of them really does risk making them toothless in lots of domestic situations.

It's tragic that the NSA has reduced us to this: In order to protect ourselves from our protectors, we are willing to sacrifice our ability to quickly determine the innocence of these people who are within our borders. The internet is global, and its technology scales right the way through the chain, so that technology in the fight against international terrorism ends up affecting the police's ability to collect evidence in a domestic abuse situation.

Right now we're suffering a kind of breakdown between government and society. The police aren't trusted on any level - whether it's the local police busting drug dealers or the NSA trying to bust global terrorist cells. The thing is that the police, especially at the local level, are there to protect us from ourselves (or more accurately, other members of society). I wouldn't want the police to abandon my neighbourhood! I don't want them to be toothless! None of us want to live in a lawless society, so at the end of the day we still need an effective police force. Eventually we will be willing to openly admit that the government, in certain circumstances, needs a key to access your data. With a warrant, but without your consent.

and how is this different than the encrypted HDD an accused could have (with hidden partitions) that law enforcement can't crack and the owner will not provide the key. Say "Phone" all you want. It's a computer.

 

[dk001]

If the cops want the contents of the text messages all they have to do is pull the sim card out, assuming the SIM card hasn't been PIN locked, put it in another device and wait.

The contents of email, skype, imessage, icloud, etc is only partially on the device to begin with. If a suspect is suspected of a crime by which the communication is by text message, the above is correct, pull the sim card. If it's by Skype, then that is overly reliant on the phone to stay logged in.

Smartphones are rapidly being able to replace keys and passwords for services not on the phone itself. So a biometric key should always be connected to a "something you know" key. The biometric should only unlock convenience features (eg Applepay, non-progression games, calculator) without the PIN, and require the PIN to be entered before any data-usage or data-storage is unlocked. For example, dropbox should be inaccessible until the PIN is entered. Games that don't save progress (eg card games) should be allow a guest to play without needing to PIN unlock as long as the owner of the device biometricly unlocked it before starting the game.


You get 10 attempts, you have 10 fingers.

Admittedly, when you have a case on the iphone, it actually makes the touch id harder to operate, so you may nuke your phone simply from holding it wrong.

Use your nose or toes. They work too

 

[unplugme71]

Its bothersome that government agencies accuse us of placing our data above the law. I'm sorry, but why should I let anyone, including Apple, the Govt, or even my neighbour from reading data on my phone. You are sounding more like the jealous girlfriend type stating that.

It's like saying, we need gun control. We need to ban the private sale of guns. Ok. That'll prevent citizens from owning guns. But guess what idiots, criminals and the govt will have them still. And guess what, when the criminals overtake the govt, you'll be wondering why your citizens aren't helping.

Sadly we are operated by idiots.

 

[Tech198]

As always says... the act of encryption or prevention of giving it up, forces u into that "i'm a criminal" space, weather u wanna be or not.

That's the way it is becoming.... or already here..

"so, i'm a criminal" so shoot me already and lets get it over with

u can't blame the law for saying "makes it hard to crack an iPhone because it's above the law" so to speak,

I mean we elect them in power,,, they the king pins..... and they reckon they know what's right (within the limitations of their intelligence.) U gotta admit, they have done pretty dumb things. Chasing down criminals only to find there is no lead.... DMCA take downs where the owner have not infringed on anything. the list goes on...