Saturday, February 20, 2016

Apple vs FBI

This post has been updated to a newer post.

Update II.--The Washington Post is reporting the FBI asked the San Bernadino (SB) county officials to reset the password on the iPhone's iCloud account. This disconnects the sync between the iCloud and iPhone.

No one has reported if SB county officials told the FBI of the account ID and password which they could have used to access and download the latest backup with Apple reported was 6 weeks old at the time of the shooting, so it's little use to the FBI who want recent information from the iPhone.

But Apple has reported this made getting into the account impossible without the ID and password. No one is reporting SB county officials knew the passcode and unlocked the iPhone. Without the passcode the iPhone is impossible to access and retrieve information on it, hence why the FBI got the court order.

No one has reported if SB county officials know the passcode or not, and if so, did they access the iPhone. There is software for iPhones for corporate and government employees where only a few IT people can change passcodes/words to ensure employees don't restrict access to IT folks.

The FBI still has access to the iCloud account through the SB county officials who changed it. Surely they informed the FBI of the new password, something Apple doesn't know. As for the iPhone, it's still a big mystery who knows what, and it's still a possiblity the FBI is not forthcoming with everything they know.

Update.--There appears to be some confusion, especially maybe on my part, about what the county knew about the passcodes to the iPhone and iCloud account. The news story I read (Apple Insider) said the county had the iPhone's passcode, and changed the iCloud account passcode, preventing anyone from accessing it, including Apple.

The question is how the county accessed the iCloud account, through their computers to Apple's server or through the iPhone, but the key is that the iPhone has to have the right matching Apple ID and password on the iPhone to sync the iCloud and iPhone, which means they had to also access the iPhone, at least from my understanding (an my iPhone and iPad).

This still means the county employees had to unlock the iPhone. The second question is that they say this was done at the instruction of the FBI, so the FBI also knew the iCloud account password had been reset, something they could have equally accessed from the county with the Apple ID and new password.

Anyway, that's my understanding for now. I'll stand by what I say until proven otherwise, and to me the FBI appears to act to protect the iPhone and iCloud account with new passwords, thinking that it would be impossible for Apple to get into the iCloud account, which means they may have set Apple up to look like they're the bad guy.

Original.-- It's safe to say a lot of people, especially people with iPhones (iPads less so), are paying attention to the court order granted the FBI (Department of Justice representing them in federal court) the right to order Apple to write tools for iPhones to bypass the passcode security protection feature.

The FBI says it only applies to the one iPhone they have from the two terrorists who commited the mass shooting in San Bernadino county last fall. The request is for Apple to write a version of IOS which the FBI can load into the iPhone to then try to determine the passcode to unlock it.

In their public releases the FBI has stated they don't know the passcode and the iPhone may have the passcode security feature enabled which erases the iPhone's memory after 10 successive failed attempt to unlock it. They want to use the "brute force" method to repeatedly try passcodes.

Apple has contended that any IOS software can't be written specifically for one iPhone, it would work on all iPhone with IOS 9 or later. Technology experts argue Apple could write a specific version of IOS for this one iPhone if they had detailed information about it to put into the code, but the FBI could alter it later.

Let's remember the FBI isn't giving the iPhone to Apple to unlock  and return it permanently unlocked for the FBI to gather the information on it. That would be the common sense approach to the problem, let Apple solve it in-house protecting their work and give the FBI an unlocked iPhone.

On Friday (2/19/2016) Apple released a public statement which contradicts the FBI assertion they don't know the passcode. The statement says San Bernadino county officials knew the passcode and unlocked it. It was county property to the own and control the use of it by employees.

The statement also asserts that when told of this, meaning the county had unlocked it, the FBI instructed them to change the passcode to protect the contents, meaning someone at the county unlocked it and changed the passcode security and iCloud settings before giving it back to the FBI.

This means the FBI doesn't need any tool to unlock, but it's possible they wanted to try to unlock through their forensic computer tools, and failed, so they got a federal judge to issue the order saying they need the tool for their investigation.

At this point that appears the intent is to compel Apple to give the FBI a tool to unlock any iPhone they want by going around IOS security features to protect the user's content. I wonder how much or how little the DOJ lawyers told the judge that the passcode was known and the iPhone unlocked, and then locked at the FBI instructions.

This is a good example of government overreach, and fraud on the American people by the FBI, to use terrorism, with the San Bernadino shooting, to scare people, but mostly courts, politicians and even the White House into thinking Apple is the bad guy.

The FBI is the bad guy here, and they know it. Apple's statement make it clear the iPhone was unlocked and the contents accessible to the FBI, and they didn't need any help from Apple for their investigation at that time, but they instructed county officials to change things and not tell them the new passcodes.

We'll see what the court says when Apple goes back before the judge February 26th with the evidence the FBI was not thoroughly honest about the iPhone being locked and the contents protected such that the FBI couldn't get access to it. They had their chance and refused it.

The FBI doesn't deserve a court order, they deserve a judge to rescind the orignal order and later motion to Apple. And they need to get the county official to divulge the passcodes to the FBI, which unlocks the iPhone and iCloud accout.

Then they can continue with their investigation without any involvement from Apple. That's what they could have done in the first place. They set the public stage to make it a national security issue that could be embarrassing. But there is a simple solution the FBI refuses to use.

No comments:

Post a Comment