Apple Won't Create 'Backdoor' to Help FBI Access San Bernardino Shooter's iPhone

[jamil]

Now I am laughing even more. Holy crap, you comment on my post but do not understand....
(My post is about the absolute and complete knowledge of an engineered product and all the development tools needed to accomplish it, to disassemble and / or interact with the product is like a father playing with a son. It is natural consequence of the creation process.)

This Apple vs FBI 'debate' is NOT about Encryption.

It is about Apple's image in the marketplace. Read Tim Cook's letter to his employees... "Is it possible? Yes. but, but, but"

Apple was initially claiming is was impossible, which the letter confirms it is possible.

It is not about Security. It is not about Privacy. ...because Apple CAN do it!!!

...should they do what FBI wants? I say "NO, but can they get it, YES" .... and ... .... OK .... .... ... GO! Continue with the ridiculous debate.

I don't really think the central part of the argument has been that they *can't* do it. It IS mostly about *should* they do it. Of course part if it is positioning of their image of the company that's fighting for freedom against the oppressive FBI. And I think most people get that. When all of that distills away, it is about what the government should have the power to do.

BTW, I am disappointed in the supposed "constitutional" candidate Ted Cruz's position. He said it's like a search warrant. They get the warrant. They get to do the search. But this situation really isn't that. I don't think the constitution grants government the power to compel the locksmith to retrofit someone's lock to make it easier for law enforcement to unlock it. It's not Apple's iphone. It's the dead terrorist's. Their beef is with him.

 

[churchmouse]

I don't really think the central part of the argument has been that they *can't* do it. It IS mostly about *should* they do it. Of course part if it is positioning of their image of the company that's fighting for freedom against the oppressive FBI. And I think most people get that. When all of that distills away, it is about what the government should have the power to do.

BTW, I am disappointed in the supposed "constitutional" candidate Ted Cruz's position. He said it's like a search warrant. They get the warrant. They get to do the search. But this situation really isn't that. I don't think the constitution grants government the power to compel the locksmith to retrofit someone's lock to make it easier for law enforcement to unlock it. It's not Apple's iphone. It's the dead terrorist's. Their beef is with him.

I totally agree with this.

And I do not see this as a ridiculous debate. It is a credible threat to our few remaining freedoms.

 

[Expat]

I saw Tim Cook on some show. He compared it to a landlord of a house. A court can order the landlord to unlock the door to the house for the police to enter. The court can not order the landlord to build a door for the police to enter through. He said to comply, they would have to assign a team of engineers to the project and it would likely take several weeks.

 

[jamil]

I saw Tim Cook on some show. He compared it to a landlord of a house. A court can order the landlord to unlock the door to the house for the police to enter. The court can not order the landlord to build a door for the police to enter through. He said to comply, they would have to assign a team of engineers to the project and it would likely take several weeks.

But Apple isn't the landlord. They're the lock maker. Still pretty much the same point carries.

 

[Expat]

But Apple isn't the landlord. They're the lock maker. Still pretty much the same point carries.

He may have been referencing the county that actually owned the phone as the landlord, with Apple being the contractor having to build the door? Not sure.

 

[dusty88]

But Apple isn't the landlord. They're the lock maker. Still pretty much the same point carries.

If they really would have to "build" the door, then it's not the same. It is forcing someone to work for the state. That's another issue beyond the privacy. And should be vehemently opposed for the standard it sets.

 

[WebSnyper]

Because you cant unlock them programmatically. You have to have the phone in your hand and press the wrong code over and over.

As an IT guy, the lack of remote control is what I despise in Apple devices. Until last year, they had the opinion that absolutely ZERO corporations buy iDevices. The ONLY buyers are individuals that take part in BYOD programs where they work so the company has absolutely no right to do anything to your device. (even if it truly isnt yours and the company bought it) Last year they finally started moving toward corporate ownership of the devices and created separate spaces for user personal/health data and everything else. God I cant wait until we get back to the control of the Crackberries. I loved those things... you could do ANYTHING to them if they were connected to your C&C server. Wipe, push/pull software, change configs, etc. The user could be a user and never had to do ANYTHING adminstratively. Now we have to email them and ask them pretty please to do this procedure to bring it into compliance. So frustrating. /rant

I was wondering about this as soon as I saw it was an employer owned phone. I haven't been in mobile device administration since I worked with BES servers and BlackBerry devices. I assumed that iDevices allowed the same capabilities of remote management and that San Bernadino just didn't have the proper administrative policies on the device to unlock it, like we could previously do with BlackBerry devices. Although I did have a user once who turned off all radio on the device (cellular and Wifi), then proceeded to forget the PIN code and wondered why we could not reset the PIN password remotely .

We can remotely wipe Android devices if they're connected via ActiveSync to our Exchange. Pretty sure the option is there for iOS devices as well?

Here's one of my iPhone users. This is Exchange 2007... but I've worked places with Exchange 2010, and it had even more options. We're rolling out 365 next month, so I'm curious what's included in that as far as handling ActiveSync connected devices...

In 2007, this might just wipe the activesync data... but 2010 has the capability to wipe the entire device and lock it down. Every user gets a warning they have to accept before the activesync works on their phone.

Having a BES server was nice. It's pretty powerful in what it would allow you to manage on the BBs. We got rid of ours here, since we only had one user remaining on it. Everyone is now Android/iPhone.

Oh yeah, I can remote wipe. But I cant force configs like wireless profiles, apps, specific settings, etc. If I want to "force" the few things I can push down with a MDM, the end user still has final veto. "wireless policy is being installed." with two buttons, allow/deny.

And we have already had one app break. Luckily its still in development and not production, so it was no big deal. But the ability to prevent a user from upgrading the OS phone that I own (its mine as a company, bought and paid for with company funds, not theirs) would be a HUGE benefit.

I'm just waiting for the day a year or two from now when an end user (or multiple users) ignore the hold policy on a newly released iOS and it temporarily and effectively bricks their phone because the app they use to do their job isnt compatible and now wont work. And Apple wont typically let you downgrade to a the previous iOS unless there is a massive worldwide failure. My 900 devices wouldnt even be a blip on their radar to allow us to roll back so those users would be stuck until the incompatible app was upgraded and made it through the apple store vetting process. (up to 4 weeks)

Thanks for the info. I have seen this discussed at one of my customers (inability to keep users from updating iOS version). Again coming from the days of BES administration with BlackBerry devices I thought this seemed like a big step back for corporate devices. I can certainly see it as reasonable for BYOD but for company owned this just seems ridiculous not to be able to do this.

Takeaway from that article. Backing up to the Apple cloud service means your data is less secure.

That's generally the case for any network connected/remotely backed up device. There would generally be ways to decrypt and read remote backup copies, especially in this case where doing that is more inline with responding to a warrant for information than being compelled to create software that does not exist in order to bypass product security.

"The auto reset was executed by a county information technology employee, according to a federal official. Federal investigators only found out about the reset after it had occurred and that the county employee acted on his own, not on the orders of federal authorities, the source said."


"Apple executives say the iPhone was in the possession of the government when iCloud password was reset. A federal official familiar with the investigation confirmed that federal investigators were indeed in possession of the phone when the reset occurred."



From the referenced ABC News link. Aren't these statements contradictory? Are the Fed's lying (I would be shocked, shocked I say!)? Could the whole pick a fight with Apple thing be CYA at its heart?

Hard to believe once the Fed's took posession ANY county employee would have access to it w/o feds aquiescing

I'm guessing the password reset for iCloud is done remotely and there is no need to actually have possession of the device. However, it does appear from later news reports that San Bernadino did the iCloud reset at the direction of the Feds.

If you can't remember a four digit password perhaps you should not own an iPhone. I find it hard to believe you are able to earn enough to pay for it yourself. Heck, I even remember my childhood phone number, the first number I had to memorize.

Why didn't the FBI just whack off the terrorist thumb and gain access to the phone with the biometrics? A great question for all the anti's that want biometric safeties on handguns.

This version of iPhone does not have a biometric reader from what I understand. I think it was reported this was a 5c.

Microsoft founder Bill Gates is backing the FBI in its standoff with Apple

Microsoft has backed Apple in this, as have most of the other large players in the industry. It is pretty much irrelevant what Bill said, although he has since said the reports that he is backing the FBI were not correct.

And for those saying that this is all about PR for Apple. Of course these companies need to protect their products and their image within the industry. If they just rollover it would certainly impact their bottom line significantly. That is certainly part of the equation, (and what makes it feasible for them to spend a ton of $ fighting this) but it is not the entire equation. Being compelled to create software in order to crack your own product security by the US govt is not far from being compelled to do it by any govt in any country where you do business. I think we can all agree that would not be a good thing.

To go back to Cameramonkey's observations though, if these devices had the proper administrative tools/capabilities, there would be no issues since this was in effect a Corporate or Govt owned phone. The owners of the phone (in this case the Govt, or in other cases, the company) could just remotely unlock it (again if there were good tools in place to do so). A personal device would be a different thing, but that is not the situation here. Maybe all levels of govt and companies that deem they may have the need to unlock the device remotely should think about what they are buying into before they implement/use these devices, rather than trying to strong arm the manufacturer to do something. Instead these entities have provided their users with what has been primarily a consumer based device that has worked its way into the enterprise, without being what many considered an enterprise ready/managed device.

 

[Trigger Time]

Good for Apple for fighting it

 

[ArcadiaGP]

Apple Doesn't Have to Help FBI in New York iPhone Case, Judge Says - NBC News

Wonder if that ruling will carry over into the San Bernadino situation

 

[pudly]

Encryption is math. Giving US products backdoors won't stop bad guys from using good tools.

ISIS Supporters Abandon U.S. Encryption Tools As Apple-FBI Fight Rages - Slashdot

 

[AmmoManAaron]

BTW, I am disappointed in the supposed "constitutional" candidate Ted Cruz's position. He said it's like a search warrant. They get the warrant. They get to do the search. But this situation really isn't that. I don't think the constitution grants government the power to compel the locksmith to retrofit someone's lock to make it easier for law enforcement to unlock it. It's not Apple's iPhone.

I'm a Ted Cruz supporter and I too am disappointed in his position on this issue. Hopefully, it was just a lack of information and he will change his position if he learns more about the case. I suspect that a case like this is not at the top of a presidential candidate's radar and he may not be very well informed about the case. I know he changed his position on the Trans-Pacific Partnership after he learned more about it (or got an earful from his supporters).

It is forcing someone to work for the state. That's another issue beyond the privacy. And should be vehemently opposed for the standard it sets.

^^^That is exactly how I've been seeing it, I'm 100% with you^^^

 

[Tombs]

I'm a Ted Cruz supporter and I too am disappointed in his position on this issue. Hopefully, it was just a lack of information and he will change his position if he learns more about the case. I suspect that a case like this is not at the top of a presidential candidate's radar and he may not be very well informed about the case. I know he changed his position on the Trans-Pacific Partnership after he learned more about it (or got an earful from his supporters).



^^^That is exactly how I've been seeing it, I'm 100% with you^^^

After awhile of seeing the case and what people are actually arguing over, it's very likely Cruz saw things the way I do. The legal authority has been given to see the information on that phone, it's not wrong to say they should be able to see it.

Arguing that apple should be legally forced to write in a back door or decryption tool is another matter entirely and almost unrelated, as far as I see it.

McAfee already offered to get that data to them for free, and they keep turning it down. So their game plan is not to get the data, they clearly couldn't care less about what's on the phone, they just want a tool, which is outside the scope of a search warrant.

 

[JettaKnight]

I guess the FBI will have to wait till President Trump makes encryption illegal.

He needs to know what libelous reporting might be hiding under layers of encryption.

 

[pudly]

Meanwhile at Amazon: Amazon just removed encryption from its tablet devices

 

[jkaetz]

Meanwhile at Amazon: Amazon just removed encryption from its tablet devices

Completely unrelated.

 

[JettaKnight]

Completely unrelated.

Yup.

Amazon's decision prompted a wave of customer complaints on support forums, blogs, and social media.

 

[pudly]

Amazon's decision prompted a wave of customer complaints on support forums, blogs, and social media.

Damn terrorists and criminals...

So, Amazon starts with Android which has encryption as a built-in service, disables it and distributes to their customers. I'll stick with my Android tablet running a Kindle app and encrypted storage. Thanks.

 

[Cameramonkey]

I was wondering about this as soon as I saw it was an employer owned phone. I haven't been in mobile device administration since I worked with BES servers and BlackBerry devices. I assumed that iDevices allowed the same capabilities of remote management and that San Bernadino just didn't have the proper administrative policies on the device to unlock it, like we could previously do with BlackBerry devices. Although I did have a user once who turned off all radio on the device (cellular and Wifi), then proceeded to forget the PIN code and wondered why we could not reset the PIN password remotely .

To go back to Cameramonkey's observations though, if these devices had the proper administrative tools/capabilities, there would be no issues since this was in effect a Corporate or Govt owned phone. The owners of the phone (in this case the Govt, or in other cases, the company) could just remotely unlock it (again if there were good tools in place to do so). A personal device would be a different thing, but that is not the situation here. Maybe all levels of govt and companies that deem they may have the need to unlock the device remotely should think about what they are buying into before they implement/use these devices, rather than trying to strong arm the manufacturer to do something. Instead these entities have provided their users with what has been primarily a consumer based device that has worked its way into the enterprise, without being what many considered an enterprise ready/managed device.

Meanwhile at Amazon: Amazon just removed encryption from its tablet devices

There is relatively little you can do with impunity on an iDevice as an admin. Want to add an email profile? It requires approval from whomever is holding it. The only things I can do remotely without approval is lock, wipe, and locate, as well as adding an app if using a MDM. Thats it.

We would have LOVED to stick with BlackBerries. Unfortunately they stopped innovating and we had to move on to get the necessary features that were evolving in mobile devices.

 

[pudly]

We would have LOVED to stick with BlackBerries. Unfortunately they stopped innovating and we had to move on to get the necessary features that were evolving in mobile devices.

The government is in the same position. They were heavy Blackberry users and have since largely switched to iPhones. One side effect of the FBI's desire for a back door would be that government phones would become more vulnerable.

 

[jamil]

There is relatively little you can do with impunity on an iDevice as an admin. Want to add an email profile? It requires approval from whomever is holding it. The only things I can do remotely without approval is lock, wipe, and locate, as well as adding an app if using a MDM. Thats it.

We would have LOVED to stick with BlackBerries. Unfortunately they stopped innovating and we had to move on to get the necessary features that were evolving in mobile devices.

As a user I'm quite okay with that.