Apple Says Apple ID Password on Shooter's iPhone Changed in Government Possession, Losing Access to Data

[charlituna]

Maybe I'm confused - and I probably am having read it quickly. But if Apple could have helped them before the password change but won't after - really - what's the difference. Not that I'm saying that Apple should help the FBI. But how genuine is their statement? You're either going to break into someone's phone or not. What difference does it make if the password has been changed?

its the how the FBI wants help. they can't access the backup system anymore because of the password change so they want Apple to create a bypass to the passcode disabling protocol so they can try to brute force out the passcode and unlock the phone. They say that this is for this one phone but once Apple does it, the DOJ etc know that it is possible and will likely demand Apple do it for other phones and then eventually demand that it be a part of iOS itself rather than something that has to be added upon a warrant. Apple feels that this creates a potential for some other party to hack the system for their own benefit and is refusing to do it.
[doublepost=1455938497][/doublepost]

What's on the phone that wouldn't be in the backups?

potentially every text sent or received from Oct whatever it was to the day of the attack, plus call logs etc

 

[ATC]

yes, indeed.

If you think further, one could even imagine the many persons, enterprises, hackers and secret services will not only be able to read everything anyone stored on his iPhone but perhaps also be able to inject data on the phone.
You don´t like to have candidate XYZ to be elected? Just put some pedophilic photos on his iPhone and make them go out of his phone…

You could blackmail EVERYONE in ANY parliament or government on earth to do or NOT to do whatever you want and when you want. It´s called totalitarism.

Absolutely. It's amazing how far reaching this is going to be if Apple is forced to give in. After reading about this issue for days now, I have renewed respect for Tim Cook; beyond question he is on point.

But what's amazing, scary actually, is how many ill-informed people are out there, quick to side with the FBI on this, even supporting Trump's apple boycott. And the media is playing this insincere game, furnishing false-equivalency in the notion that people are divided on this issue. People who are at least somewhat educated on the subject are on one side, and those who aren't are on the other. Why give equal weight and airtime?

But I have to hand it to the FBI, they are smart and opportunistic to tug on peoples' fears, using this one case to shoehorn this insanity of a precedent.

 

[Cory Bauer]

And NASA faked the moon landings, right?

There is a bad reputation being built for Apple too. Just saying. Not assisting in the investigation of a terrorist attack when asked to do so isn't exactly good publicity.

It's only bad publicity amongst those who don't understand the reprecutions of Apple caving to the FBI and why they're fighting this so adamantly; unfortunately, there's a lot of uneducated people out there. If only we lived in a country where our best and brightest were campaigning for president...

 

[felt.]

Apple encrypts your iCloud data in storage, but they encrypt it with their own key, not with your passcode key, which means that they are able to decrypt it to comply with government requests.

I was not aware of this key piece of information. It seems pretty important.

 

[Rigby]

potentially every text sent or received from Oct whatever it was to the day of the attack, plus call logs etc

If that was all they could get the information from Verizon. Not sure what they are looking for.

 

[Brookzy]

I was not aware of this key piece of information. It seems pretty important.

Indeed, and if true I am disappointed in Apple.

And this must surely harm Apple's case: they're happy to decrypt a user's backup for the government, but not to facilitate the bypassing of a passcode? While these are technically very different, the principle is the same.

 

[nicho]

Indeed, and if true I am disappointed in Apple.

And this must surely harm Apple's case: they're happy to decrypt a user's backup for the government, but not to facilitate the bypassing of a passcode? While these are technically very different, the principle is the same.

The principle isn't the same. The backup is an OPTIONAL copy of certain contents for convenience.

 

[Brookzy]

The principle isn't the same. The backup is an OPTIONAL copy of certain contents for convenience.

Whether it is optional or not, the fact is both the iCloud backup and the iPhone are inaccessible to the FBI, but Apple was happy to bypass the backup but not the phone.

 

[charlituna]

Steve would tell the FBI to shove it.

when Steve Jobs was alive this wasn't an issue. Not if the guy in question had a laptop that he had ever done a backup or a sync to. Because prior to iOS 8 which released in 2014, almost 3 full years after Steve died, any iPhone that had connected to a computer would reconnect automatically to that same computer and do a backup without having to unlock the passcode. That was a feature that was changed under Tim's regime. We have no way of knowing, since Steve was very very dead by the time of that change, if he would have mandated it or left that item as it was.

How is hacking an iPhone going to bring dead back to life? This is not about single incident or iPhone. This is about creating a backdoor to every iPhone in the world. Also, it's worth noticing that they are not asking Apple to provide the actual information. They want the backdoor instead.

yep. The issue is wanting to set precedent to get the backdoor they want and to look good by declaring that they need into the phone because this fellow was likely talking to other terrorists etc

 

[Rigby]

Or never back up your phone.

Encrypted iTunes backups are safe. Just make sure that you actually enable encryption in iTunes and pick a good password.

 

[IHelpId10t5]

They only want that phones info, get it for them. what is more important privacy or life ?

Your statement makes no sense whatsoever. This is NOT about one phone, it's about everyone's right to privacy and security. In many oppressive countries, not having effective encryption can actually result in the loss of your life. In the US, it means at a minimum that your personal data WILL be easy to steal by any low-life that steals your phone or wants to intercept your family's locations, texts, photos, bank transactions, etc.

If you don't understand the repercussions of Apple giving in to this overreach of government, then stop commenting and read up so you can understand the issue.

 

[nicho]

Whether it is optional or not, the fact is both the iCloud backup and the iPhone are inaccessible to the FBI, but Apple was happy to bypass the backup but not the phone.

If he didn't choose to make an iCloud backup, neither would be accessible to anyone...

 

[Rigby]

Whether it is optional or not, the fact is both the iCloud backup and the iPhone are inaccessible to the FBI, but Apple was happy to bypass the backup but not the phone.

They cannot really bypass the phone's encryption. They can weaken certain protections, but accessing the data still depends on running a brute force attack. If the user had chosen a strong alphanumeric passcode instead of a simple 4-digit code, the FBI wouldn't be able to decrypt the information even if Apple complied with their request.

It seems they are working on stronger protection for user data in the cloud too:

http://mobile.nytimes.com/2016/02/1...ook-became-a-bulwark-for-digital-privacy.html

"Far from backing down from the fight, Mr. Cook has told colleagues that he still stands by the company’s longstanding plans to encrypt everything stored on Apple’s myriad devices, services and in the cloud, where the bulk of data is still stored unencrypted."

 

[Brookzy]

They cannot really bypass the phone's encryption. They can weaken certain protections, but accessing the data still depends on running a brute force attack. If the user had chosen a strong alphanumeric passcode instead of a simple 4-digit code, the FBI wouldn't be able to decrypt the information even if Apple complied with their request.

Well really that just furthers my point. Apple are happy to decrypt encrypted data, but not to facilitate a brute force attack.

I don't think they should be doing either. The iCloud backup is protected by encryption and the phone is protected by a password. If you are happy to decrypt someone's data without their consent, you should be happy to allow a brute force attack on their passcode, too.

 

[IHelpId10t5]

I suppose after this, at WWDC, Apple will announce that iOS 10 will create encrypted backups on iCloud.

This is indeed a possible positive effect that the DOJ didn't take into account. After this case, everyday users will now better understand the protections that encryption provides to everyone, everyday. As a result, those intelligent American public and industry will demand that data is encrypted in transit and at rest in the cloud as well. Just like good cloud backup services allow the addition of a client-side key, Apple (and all providers) should do this for all Cloud data that is not already protected in this way.

 

[tgara]

It's only bad publicity amongst those who don't understand the reprecutions of Apple caving to the FBI and why they're fighting this so adamantly; unfortunately, there's a lot of uneducated people out there. If only we lived in a country where our best and brightest were campaigning for president...

In defying the FBI and a legal court order, Apple risks alienating consumers concerned about terrorism and criminal activities, and being blamed for a future attack, murder, or child abduction. On the other hand, because many customers and Internet activists care deeply about privacy, Apple risks a backlash if it complies with the government request.

No, it's bad for Apple regardless of the outcome.

 

[duffman9000]

Absolutely. It's amazing how far reaching this is going to be if Apple is forced to give in. After reading about this issue for days now, I have renewed respect for Tim Cook; beyond question he is on point.

But what's amazing, scary actually, is how many ill-informed people are out there, quick to side with the FBI on this, even supporting Trump's apple boycott. And the media is playing this insincere game, furnishing false-equivalency in the notion that people are divided on this issue. People who are at least somewhat educated on the subject are on one side, and those who aren't are on the other. Why give equal weight and airtime?

But I have to hand it to the FBI, they are smart and opportunistic to tug on peoples' fears, using this one case to shoehorn this insanity of a precedent.

Most people are ignorant. They see *F*B*I* and they see stars. Then they forget that the FBI has a long history of dirty deeds. Those deeds shouldn't be forgotten.

 

[Rigby]

Well really that just furthers my point. Apple are happy to decrypt encrypted data, but not to facilitate a brute force attack.

I don't think they should be doing either. The iCloud backup is protected by encryption and the phone is protected by a password. If you are happy to decrypt someone's data without their consent, you should be happy to allow a brute force attack on their passcode, too.

There is a difference in how encryption is applied. The data in the cloud is primarily encrypted because it is stored not by Apple, but by large 3rd party cloud providers such as Amazon AWS. The encryption scheme is currently not designed in a way that it can keep Apple out. The device encryption, on the other hand, is. As I said, if the user had chosen a strong passcode, the device would not be vulnerable to brute force attacks even with the requested firmware modifications.

 

[HEK]

And all those companies with turn over that data when asked.

Not only have they and will they turn it over, they are under court order to not even say if they did so.

Stalin, Hitler, bo pot, Kim il Jung would be proud. A once free society, has turned on itself, abandoned the principles that the an informed people should decide how their government proceeds. Like all other regimes in history the leaders in charge have decided they know best. That the people they are supposed to serve, in order to keep them safe, must lie to them, spy on them.

I can't express the sadness I feel, to have lived through a time to to witness the gradual, systematic dismantling of what this country, this experiment in democracy, was founded to achieve. To unravel from within. It was said no foreign power would ever bring down the United States. Only from within could it decay, if the people did not remain vigilant to guard against the loss of their freedoms and their rightful control over government actions.

The fabrication of foreign enemies to justify spending, suppression of rights, entry into fruitless wars, wholesale surveillance of entire society and retention of power by those in power, has been marketing genius. The arrogance of the leadership to believe the people can not be trusted with the truth and to chart their own course as a true democracy is shameful.

I remember traveling the world as a youth, when being an American was looked up to, when we were perceived as having the high moral ground where other people's and countries aspired to emulate us. Sadly we are now just a super power, that kills at will, makes and breaks allegiances when it suits, backs foreign dictators toppling regimes, a country to be feared, not emulated.

 

[Brookzy]

There is a difference in how encryption is applied. The data in the cloud is primarily encrypted because it is stored not by Apple, but by large 3rd party cloud providers such as Amazon AWS. The encryption scheme is currently not designed in a way that it can keep Apple out. The device encryption, on the other hand, is.

Again, the technical element is another matter. From a technical perspective, both decrypting iCloud backups and brute forcing the passcode can be done. But Apple has decided that decrypting iCloud backups should be done, but brute forcing passcodes shouldn't, and that's a double standard in my book.

 

[nicho]

Again, the technical element is another matter. From a technical perspective, both decrypting iCloud backups and brute forcing the passcode can be done. But Apple has decided that decrypting iCloud backups should be done, but brute forcing passcodes shouldn't, and that's a double standard in my book.

Your book doesn't take into account that nobody is forced to use iCloud to use an iPhone...

 

[Moshe1010]

Even if they build a new iOS like that, how are they going to upgrade the device? The device still has a passcode, how are they going to skip that in order to upgrade the device?

 

[Rigby]

Again, the technical element is another matter. From a technical perspective, both decrypting iCloud backups and brute forcing the passcode can be done. But Apple has decided that decrypting iCloud backups should be done, but brute forcing passcodes shouldn't, and that's a double standard in my book.

It's not really about the technical details. It's about Apple's intention. The current cloud system was never designed to prevent Apple from accessing the data. They never promised their users otherwise. They did, however, promise that they wouldn't be able to access data on devices without the user's consent. And now they are being asked to dismantle some of the mechanisms they implemented to fulfill this promise. It's essentially as if the government demanded from a safe manufacturer, whose business depends on making secure safes, to use weaker locks so the safes can be cracked more easily.

 

[Brookzy]

Your book doesn't take into account that nobody is forced to use iCloud to use an iPhone...

And no one is forced to use an iPhone either. This is such a moot point - even if you're arguing that the optional nature of iCloud somehow makes data in it less deserving of privacy, there is no warning to the user that by using iCloud you are forgoing your privacy to some extent. In fact, Apple's marketing would lead you to believe the opposite.

 

[IHelpId10t5]

I find it strange that the FBI had access to the iCloud info. Access to all numbers called and received. All websites visited....Any non-iMessage texts sent and received. Access to the MDM info (work phone)

But still need apple to build a new OS to defeat security against brickforcing?!???

As many others have stated, this is not at all about wanting access to this one phone. They want to win a court precedent so that they have the ability to bypass all strong encryption on all consumer devices. Make no mistake that this is NOT about terrorism, it's not about Apple, and it's certainly not about protecting Americans from an imminent threat. It is about getting unbelievably stupid Americans to give in to government overreach because the timing is right for terrorism fear-mongering. Right-wing propaganda has reached a feverish pace in this election year and the idiotic lemmings that are Republican voters are convinced that the terrorists are going to come to their houses and kill their children if they don't allow trampling of their own Constitutional rights.