WWTBAM Bored

First, please don't let this escalate into an argument one way or the other, ok???

Let's say Apple is successful in keeping the FBI from getting into the shooters phone. Two months down the road, Mr. X goes out and guns down a dozen people. It later turns out that there was information on the original phone that linked these two shooters, could the families of the dead and wounded come back and sue Apple for not handing over the information????

Ray

I'm not a lawyer, but will clarify at least what I understand the issues to be.

rayxtwo wrote: Let's say Apple is successful in keeping the FBI from getting into the shooters phone.

Apple is not keeping the FBI from getting the information. They are just refusing to build a tool, that does not yet exist, that will enable the FBI to get the information.

rayxtwo wrote: Two months down the road, Mr. X goes out and guns down a dozen people. It later turns out that there was information on the original phone that linked these two shooters, could the families of the dead and wounded come back and sue Apple for not handing over the information????

Ray

Apple does not have the information to hand over. Nor, does Apple have a tool that would get that information.

Could they build one? Sure, maybe...

But I don't see how someone could successfully sue Apple for not making, or even trying to make, something that does not exist, just because they possibly could.

Also without trying to derail the basic question -- is what I hear in the news media a bit off on what Apple is asked to do?

My understanding (which is likely wrong) is that the problem is the self-destruct function in the phone; too many bad attempts to get into it will cause it to erase the data on it. What is basically requested of Apple is a way to disable that function, presumably so the folks at FBI/CIA/NSA/LSMFT can take shots at trying to decipher it themselves, rather than to have Apple actually do the work.

Maybe that's just splitting hairs. But it's two different things in my noggin.

(My personal opinion -- I find it ironic or hypocritical that some of Apple's supporters, especially Mr. Zuckerberg, is complaining about the government intruding on privacy when their entire business model involves selling off information of their users, even things not meant to be shared.)

rayxtwo wrote:First, please don't let this escalate into an argument one way or the other, ok???

Let's say Apple is successful in keeping the FBI from getting into the shooters phone. Two months down the road, Mr. X goes out and guns down a dozen people. It later turns out that there was information on the original phone that linked these two shooters, could the families of the dead and wounded come back and sue Apple for not handing over the information????

Ray

No. Under these circumstances, it would be established that Apple has no duty to disclose.

And BiT is correct that Apple isn't preventing the FBI from getting into the phone. It's refusing to build a currently non-existent workaround for the phone's already-existing security features. --Bob

There are at least two things about this that I don't understand.

If any iPhone can have its data permanently wiped out whenever someone enters ten wrong passwords in a row, isn't this a problem that happens all the time, either intentionally or unintentionally? Wouldn't many angry spouses, boyfriends, girlfriends, kids, coworkers, etc. do this for spite when they are angry at someone? Is this a common problem?

Apple doesn't have a monopoly on smart people. If they are smart enough to create a tool that the FBI wants, aren't there other non-Apple employees who could do the same thing?

TheConfessor wrote:There are at least two things about this that I don't understand.

If any iPhone can have its data permanently wiped out whenever someone enters ten wrong passwords in a row, isn't this a problem that happens all the time, either intentionally or unintentionally? Wouldn't many angry spouses, boyfriends, girlfriends, kids, coworkers, etc. do this for spite when they are angry at someone? Is this a common problem?

Apple doesn't have a monopoly on smart people. If they are smart enough to create a tool that the FBI wants, aren't there other non-Apple employees who could do the same thing?

As I understand it, the idea is to force-feed the phone a software update. For the phone to accept it, the update must include an Apple signature that's not available to non-Apple people.

The auto-wipe setting can be changed by the user so that it doesn't happen. It's also not very quick, because another security feature is escalating delays before the phone gives you another chance to enter a password. You'd need a couple of hours of uninterrupted access to the phone to wipe it. --Bob

Bob78164 wrote:

TheConfessor wrote:There are at least two things about this that I don't understand.

If any iPhone can have its data permanently wiped out whenever someone enters ten wrong passwords in a row, isn't this a problem that happens all the time, either intentionally or unintentionally? Wouldn't many angry spouses, boyfriends, girlfriends, kids, coworkers, etc. do this for spite when they are angry at someone? Is this a common problem?

Apple doesn't have a monopoly on smart people. If they are smart enough to create a tool that the FBI wants, aren't there other non-Apple employees who could do the same thing?

As I understand it, the idea is to force-feed the phone a software update. For the phone to accept it, the update must include an Apple signature that's not available to non-Apple people.

The auto-wipe setting can be changed by the user so that it doesn't happen. It's also not very quick, because another security feature is escalating delays before the phone gives you another chance to enter a password. You'd need a couple of hours of uninterrupted access to the phone to wipe it. --Bob

Also, IIRC, it also actually doesn't wipe the data after 10 unsuccessful tries. Instead it wipes the encryption key so the phone is permanently locked unless it is reset to its original settings (I could be wrong on this).

However, what most people do is regular Cloud backups of their phone, so in addition to that escalating delay Bob talked about, the vindictive party would also have to be able to get at the person's Cloud backups.

In one interview I saw part of, the Apple rep said Apple tried to get info to the Feds on how to have the backups to "the cloud" ( which you all know is just some server somewhere) to happen, but Feds didn't & now some opportunity for Feds to crack that info in the cloud is lost.

I know nothing about iPhones except that I don't want one, however, I believe what the Feds want is for Apple to disable the feature that permanently locks the phone after ten attempts.

If activating this feature is optional, how does the FBI know it is activated?

I have set my Windows 10 phone to backup everything to the cloud, even text messages. I have a desktop app that copies my text messages from the cloud to a file on my desktop system. Does Apple have this feature? If so, it should be easy for the feds to pull all text messages from the cloud.

What action is there when an iPhone is linked to a desktop system? Can anything be read from it when it's locked? If so, they should be able to retrieve the text messages. Unless they're idiots that can't be done.

Can a locked iPhone receive software updates when it's locked? If so, it should be easy to hack the phone.

Bob Juch wrote:I know nothing about iPhones except that I don't want one, however, I believe what the Feds want is for Apple to disable the feature that permanently locks the phone after ten attempts.

Not permanently lock the phone. Erase its data.

Bob Juch wrote:If activating this feature is optional, how does the FBI know it is activated?

It doesn't. But if the feature is activated, once they trigger it, the data's gone.

Bob Juch wrote:I have set my Windows 10 phone to backup everything to the cloud, even text messages. I have a desktop app that copies my text messages from the cloud to a file on my desktop system. Does Apple have this feature? If so, it should be easy for the feds to pull all text messages from the cloud.

The users turned off cloud backup about a month before the shootings.

Bob Juch wrote:What action is there when an iPhone is linked to a desktop system? Can anything be read from it when it's locked? If so, they should be able to retrieve the text messages. Unless they're idiots that can't be done.

Can a locked iPhone receive software updates when it's locked? If so, it should be easy to hack the phone.

Yes, but only if the update is authenticated with an Apple signature. So maybe hacking the phone isn't so easy after all. --Bob

Bob Juch wrote:I know nothing about iPhones except that I don't want one, however, I believe what the Feds want is for Apple to disable the feature that permanently locks the phone after ten attempts.

If activating this feature is optional, how does the FBI know it is activated?

I have set my Windows 10 phone to backup everything to the cloud, even text messages. I have a desktop app that copies my text messages from the cloud to a file on my desktop system. Does Apple have this feature? If so, it should be easy for the feds to pull all text messages from the cloud.

What action is there when an iPhone is linked to a desktop system? Can anything be read from it when it's locked? If so, they should be able to retrieve the text messages. Unless they're idiots that can't be done.

Can a locked iPhone receive software updates when it's locked? If so, it should be easy to hack the phone.

a) The last backup to the Cloud of this particular phone was in mid-October, about six weeks before the attack. No more back-ups are possible because the FBI instructed the Dept of Public Health, which owned the phone, to change the AppleID and password.
b) I do not believe you can read anything from a locked iPhone when you plug it into a desktop computer. I know for sure you can't do it with an Android phone because we couldn't retrieve anything off my son's phone after he smashed his screen.
c) They may not know for sure if Syed activated the features that cause the encryption erasure after 10 tries, but if he did, and they try and brute force it, they'll lose the info.

Oh well, I was pretty sure they had explored all options.

Time to send it to CSI:Cyber.

The FBI has unlocked the terrorist's iPhone without Apple's help, so they're ending their court battle with Apple.

The rumor I'm hearing (take it for what it's worth) is that an outside firm made multiple copies of the data and used brute force until they got through (so I'm guessing they made 10,000 copies (or whatever amount) and if one chip got erased after 10 tries, they went to the next copy until they cracked it).

This is such a logical technique that I wonder why it took an outside firm to think of it. And Apple's obvious next move, because their sworn privacy protection obviously doesn't hold under this approach, will be to make chips that erase themselves if copied without a permission code being given. Or something like that.

ten96lt wrote:The rumor I'm hearing (take it for what it's worth) is that an outside firm made multiple copies of the data and used brute force until they got through (so I'm guessing they made 10,000 copies (or whatever amount) and if one chip got erased after 10 tries, they went to the next copy until they cracked it).

That's what I've heard too; however the phone's data is encrypted.

ghostjmf wrote:This is such a logical technique that I wonder why it took an outside firm to think of it. And Apple's obvious next move, because their sworn privacy protection obviously doesn't hold under this approach, will be to make chips that erase themselves if copied without a permission code being given. Or something like that.

This sounds like the approach suggested by the ACLU. I'm not worried about thieves using this technique. It's awfully expensive. --Bob

Thieves probably wouldn't use this technique to get their usual stuff, your ID so that they can buy stuff & screw up your credit, but I could see a particular targeted phone of some celeb or government official having this technique used on it. What the thieves got would have to be worth the expense of making all those clones.

And probably a decent amount of manpower and/or man hours.

Well, as demonstrated on CSI Cyber, my source for technowizardry, that password-testing machine just clips to your phone & whizzes through the combos. The personpower would come in at stopping it every 10 tries & clipping a new clone in.

ghostjmf wrote:Well, as demonstrated on CSI Cyber, my source for technowizardry, that password-testing machine just clips to your phone & whizzes through the combos. The personpower would come in at stopping it every 10 tries & clipping a new clone in.

That and how much time did it take to copy the data and put it onto all of those chips. Did they have to then copy them into physical phones or were they able to put the chip into a computer that acted as a virtual iPhone? Lot of other working parts.

ten96lt wrote:

ghostjmf wrote:Well, as demonstrated on CSI Cyber, my source for technowizardry, that password-testing machine just clips to your phone & whizzes through the combos. The personpower would come in at stopping it every 10 tries & clipping a new clone in.

That and how much time did it take to copy the data and put it onto all of those chips. Did they have to then copy them into physical phones or were they able to put the chip into a computer that acted as a virtual iPhone? Lot of other working parts.

This is a moot argument as they didn't crack it that way.

Bob Juch wrote:

ten96lt wrote:

ghostjmf wrote:Well, as demonstrated on CSI Cyber, my source for technowizardry, that password-testing machine just clips to your phone & whizzes through the combos. The personpower would come in at stopping it every 10 tries & clipping a new clone in.

That and how much time did it take to copy the data and put it onto all of those chips. Did they have to then copy them into physical phones or were they able to put the chip into a computer that acted as a virtual iPhone? Lot of other working parts.

This is a moot argument as they didn't crack it that way.

How do you know that? --Bob

Bob78164 wrote:

Bob Juch wrote:

ten96lt wrote: That and how much time did it take to copy the data and put it onto all of those chips. Did they have to then copy them into physical phones or were they able to put the chip into a computer that acted as a virtual iPhone? Lot of other working parts.

This is a moot argument as they didn't crack it that way.

How do you know that? --Bob

I can't tell you.