Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Says Apple ID Password on Shooter's iPhone Changed in Government Possession, Losing Access to Data

Rigby said:
It's not really about the technical details. It's about Apple's intention. The current cloud system was never designed to prevent Apple from accessing the data. They never promised their users otherwise. They did, however, promise that they wouldn't be able to access data on devices without the user's consent. And now they are being asked to dismantle some of the mechanisms they implemented to fulfill this promise. It's essentially as if the government demanded from a safe manufacturer, whose business depends on making secure safes, to use weaker locks so the safes can be cracked more easily.
Click to expand...
Point taken. And for the record on the whole I side with Apple.

But I don't think they should be decrypting iCloud backups. While as you say they never promised they wouldn't, the average user does not appreciate the divide between local and server and would expect Apple to take the same approach with both. The user is not informed that by using iCloud backup Apple and the government could access your data. Rather, they advertise its encryption so heavily that I would argue the user would expect the backup to be impenetrable.
 
  • Like
Reactions: SantaFeNM
Brookzy said:
And no one is forced to use an iPhone either. This is such a moot point - even if you're arguing that the optional nature of iCloud somehow makes data in it less deserving of privacy, there is no warning to the user that by using iCloud you are forgoing your privacy to some extent. In fact, Apple's marketing would lead you to believe the opposite.
Click to expand...

https://www.apple.com/privacy/government-information-requests/

https://www.apple.com/privacy/docs/legal-process-guidelines-us.pdf

It's almost certainly in the terms and conditions everyone blindly agrees to without reading...
[doublepost=1455941381][/doublepost]
Brookzy said:
Point taken. And for the record on the whole
I side with Apple.

But I don't think they should be decrypting iCloud backups. While as you say they never promised they wouldn't, the average user does not appreciate the divide between local and server and would expect Apple to take the same approach with both. The user is not informed that by using iCloud backup Apple and the government could access your data. Rather, they advertise its encryption so heavily that I would argue the user would expect the backup to be impenetrable.
Click to expand...

The point is it's impenetrable by criminals... I expect the press would have a field day if Apple were advertising iPhones for criminals
 
nicho said:
Skype, WeChat, line, whatsapp, viber etc can be used as a substitute for cellular calls. VPN might have prevented the other also
Click to expand...

Be assured that the precedents set in the results of this case will directly effect those services as well. If the DOJ wins, you can be sure that all services that protect your private communications and private data using strong encryption will be next on the DOJ's chopping block.
 
mikefla said:
Just blame it all on the poor guy. Has he even said anything about all of this in public yet?

-Mike
Click to expand...
He is too smart for that. He has department heads to do that. Ask yourself, is it a mear coincidence that under Obama prosecutions against whistleblowers and suspected leakers has been more aggressive than under Bush? That more drone strikes have occurred by a huge number under Obama than Bush. That the Patriot act has been used more aggressively and over wider parameters under Obama than Bush. The are documented, but not widely advertised facts. Obama should never be considered a "poor guy". These things have been systematically executed during both his administrations, and not by accident.
 
Brookzy said:
Indeed, and if true I am disappointed in Apple.

And this must surely harm Apple's case: they're happy to decrypt a user's backup for the government, but not to facilitate the bypassing of a passcode? While these are technically very different, the principle is the same.
Click to expand...

Not really. Decrypting for the cloud is using an existing key (Apple's own key). The other involves Apple having to write new code to bypass counting wrong tries at password on a locked device with a wipe on too many tries.
 
  • Like
Reactions: gigi1701 and HEK
nicho said:
The point is it's impenetrable by criminals...
Click to expand...
The user expects - rightly or wrongly - that encryption means their stuff is safe, including from Apple. In reality by using iCloud they are rendering their data vulnerable to a court order, and the user is not made aware of this (expect potentially in the Ts&Cs no one reads, as you highlighted).

I expect before long iCloud backups will be encrypted in such a way that Apple cannot access it.
 
  • Like
Reactions: SantaFeNM
MrAverigeUser said:
You nailed it.

I though exactly the same since this demand of "cooperation" and the fact that it was the phone of his employer got public. No terrorist would ever use this phone even for the least thing connected with illegal activities.

Everyone should think he had a simple cellphone with prepaid cards and surely made backups neither…

The FBI and whatever agency is involved take their citizens and apple for fools.

You should show that you are NOT…

Imagine McCarthy and Edgar J. Hoover had this almighty instrument when they tried to turn the USA in direction of Totalitarism...
Click to expand...
You do know two other crushed phones were recovered by FBI. Any bets as to how much interesting data was on those. The ones they crushed before executing their murders.
 
  • Like
Reactions: gigi1701 and diegogaja
LizKat said:
Not really. Decrypting for the cloud is using an existing key (Apple's own key). The other involves Apple having to write new code to bypass counting wrong tries at password on a locked device with a wipe on too many tries.
Click to expand...
The writing new code is only part of it though - such code will only be actionable via the capabilities Apple has via another of their keys, i.e. signing, and in my opinion that is where both are the same principle.
 
Brookzy said:
Point taken. And for the record on the whole I side with Apple.

But I don't think they should be decrypting iCloud backups. While as you say they never promised they wouldn't, the average user does not appreciate the divide between local and server and would expect Apple to take the same approach with both. The user is not informed that by using iCloud backup Apple and the government could access your data.
Click to expand...
I don't agree. They have a very nice and easy to read privacy overview. In the iCloud section is says clearly: "Apple retains the encryption keys in our own data centers, so you can back up, sync, and share your iCloud data".

In the device section, on the other hand, they say this: "We also refuse to add a "backdoor" into any of our products because that undermines the protections we’ve built in. And we can’t unlock your device for anyone because you hold the key". And now the FBI is asking them to do something that directly contradicts this policy.
 
charlituna said:
its the how the FBI wants help. they can't access the backup system anymore because of the password change so they want Apple to create a bypass to the passcode disabling protocol so they can try to brute force out the passcode and unlock the phone. They say that this is for this one phone but once Apple does it, the DOJ etc know that it is possible and will likely demand Apple do it for other phones and then eventually demand that it be a part of iOS itself rather than something that has to be added upon a warrant. Apple feels that this creates a potential for some other party to hack the system for their own benefit and is refusing to do it.
[doublepost=1455938497][/doublepost]

potentially every text sent or received from Oct whatever it was to the day of the attack, plus call logs etc
Click to expand...
And GPS data of where the phone was and when.
 
So much hate for the FBI in this thread. What about Apple's lawyers? No hate for them? Is it not their fault for not doing a good job of convincing the judge the FBI's idea is bad? Or maybe the FBI some how bribed Apple's lawyers.
 
Brookzy said:
The user expects - rightly or wrongly - that encryption means their stuff is safe, including from Apple. In reality by using iCloud they are rendering their data vulnerable to a court order, and the user is not made aware of this (expect potentially in the Ts&Cs no one reads, as you highlighted).

I expect before long iCloud backups will be encrypted in such a way that Apple cannot access it.
Click to expand...

They cannot technically do that without rendering a backup useless upon changing the password. It's somewhere in their developer notes.
 
Brookzy said:
The user expects - rightly or wrongly - that encryption means their stuff is safe, including from Apple. In reality by using iCloud they are rendering their data vulnerable to a court order, and the user is not made aware of this (expect potentially in the Ts&Cs no one reads, as you highlighted).

I expect before long iCloud backups will be encrypted in such a way that Apple cannot access it.
Click to expand...
The data has to be accessible in the same way a user has acccess to their own backups. You buy a new iPhone, you chose the option to restore from an iCloud backup, enter your iCloud username and password and down it comes. No one's cracking the iCloud backups themselves so encryption is irrelevant there (although I assume they are encrypted).
 
Strongly urge all isers of latest iPhone to up there pass codes to at least ten digits and add some letters as well. That should keep any brute force hacking even with back door no erase/no slowdown software runing for a good ten years.
 
HEK said:
You do know two other crushed phones were recovered by FBI. Any bets as to how much interesting data was on those. The ones they crushed before executing their murders.
Click to expand...


Yes. And NO interesting data on the iPhone at all…. You confirmed that again.
So - the real aim of the DOJ and FBI is evident…. it is not about terrorism… it is not about protection…
look at Boston and 9/11: In both cases they KNEW the persons that committed murder 2 persons in each case...… and what did they do? NOTHING.
 
  • Like
Reactions: gigi1701 and tampageek
Keirasplace said:
He also thinks the I cloud password is actually sent in the clear... Oh my
Click to expand...

Agreed. Something tells me that the Apple engineers that were involved in iOS 9 security development are currently quite proud of their work. I applaud them for a job well done!

If the DOJ actually can't do this brute-force hack for themselves (with all the resources of the US government and "cyber" minds at their disposal), then every Apple engineer involved should be given a massive bonus and an award for protecting the privacy of millions of people.
 
  • Like
Reactions: HEK
mikefla said:
Oh no please not another theory of "The US government destroyed the twin towers...". Lets get real...

-Mike
Click to expand...
Try re-reading what I said. I did not say terrorist attach was by us government. I am saying they picked this court order out of a number of them because they can propagandize terror more easily than other cases.
 
OceanMindedBoy said:
Have you guys ever thought that the FBI provoked this San Bernardino incident with the sole purpose of forcing Apple to make a backdoor for their devices?

Just the way the government provoked the 911 incident.

Bad reputation is building up for the FBI right now.
Click to expand...
No one needs to provoke anything. **** happens, politicians exploit it.
 
  • Like
Reactions: MrAverigeUser
Rogifan said:
If iCloud backup was turned off in settings how does Apple get that data?

According to Guardian reporter Danny Yardon Apple says no other country has asked it to do what the DOJ/FBI is seeking.
Click to expand...
If the FBI wins, I see dozens of countries demanding the same rights.
France, UK, Germany, Turkey, Indonesia, China, Russia, they have ALL had terrorist attacks.

To say no, means the US tacitly supports those terrorist groups.
It also says those countries have less rights to protect their citizens than the US does.
Do those countries in return say US citizens have no rights under their laws ?
Do those countries block all US tech on the basis it is a CIA subcontractor and spyware can not be excluded.
It may even force the breaking of the internet

The US is playing a VERY dangerous and stupid game here.
 
  • Like
Reactions: tampageek and AdonisSMU
Cory Bauer said:
If you're suggesting that the President is calling the shots in regards to the minutia of individual FBI investigations, well that's coo-coo; the man's got enough on his plate without demanding to know what's on some nobody's iPhone. The director of the FBI is appointed by the President, but after that he doesn't even report directly to the President. Hell, the FBI can even investigate the President if need-be.
Click to expand...
I never said nor suggested that the president is directing the minutia. He has set forth a policy to pursue every available avenue to hack back into what once was totally hacked. If you believe that over the last 18 months that the FBI, and Justice department have not been in contact with the president during national security conferences, I'm not the one that is coo-coo.
 
Brookzy said:
The writing new code is only part of it though - such code will only be actionable via the capabilities Apple has via another of their keys, i.e. signing, and in my opinion that is where both are the same principle.
Click to expand...

Yeah I suppose it's even possible all the FBI lacks is Apple's unique ability to sign their own software. But that is not how they would put the request, is it.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back