Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > DOJ affidavit in FBI-Apple case reveals botched recovery

DOJ affidavit in FBI-Apple case reveals botched recovery
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Feb 19, 2016, 09:50 PM
 
In the hours after the workplace massacre in San Bernardino that is at the center of the current controversy between the US government, Apple, and a divided public, the actual registered owner of the work iPhone used by the gunman -- the San Bernardino Health Department, his employer and target -- reset the iCloud account password on the device in a move that may have crippled the FBI's case, the affidavit filed by the Department of Justice has revealed.

It is unclear if the resetting was deliberate or accidental, but it meant that the device could no longer automatically back up the present contents of the device to iCloud. The gunman, Syed Rizwan Farook, deliberately destroyed his personal smartphone, but left the work iPhone untouched -- and had not backed up the device since October 19, suggesting that there is little of any value on the device anyway.

According to the DOJ affidavit, the FBI has already obtained cell phone call logs for the remaining device and the other smartphones owned by Farook and his wife, and has already obtained all of the older backups and other computer records with Apple's help from the devices owned by the couple, who were killed in a shootout with police several hours after the attack.



In a call with reporters late on Friday, senior Apple executives spoke on background about areas they were previously barred from talking about, areas that delve into the specifics how and why they could not comply with the FBI's request. Thanks to the revelations contained in the DOJ's affidavit, Apple officials could now outline exactly what the FBI has requested, and how the government's own botched handling of the recovered iPhone -- rather than Apple's refusal to hack its own operating system -- has prevented the FBI from obtaining the information it wanted.

Apple revealed that it had been in discussions with the FBI since shortly after the December attacks about ways to provide law enforcement with as much information as possible about the seized iPhone. Apple's engineering staff had, in fact, informed FBI officials about legal and viable ways for the agency to induce an unencrypted backup of the iPhone to iCloud, which would have then generated a backup of the unit's current contents, and allowed Apple to provide the agency with the sort of information it hoped to find on the device.

The backups Farook had initiated weeks before the attacks were sporadic and unencrypted, suggesting that they were done manually, and that the gunman had not turned off the ability of the device to be backed up -- leaving open the possibility that the device could be made to do an iCloud backup. This would have provided the government with the data it was looking for -- though the lack of encrypted backups on what was a government-issued work smartphone hints that Farook did not have any sensitive information on the device.

However, the Apple ID was changed by either officials from either San Bernardino County government or the government during the first 24 hours after the attack, rendering the advice Apple had given moot, because the device could no longer auto-backup to iCloud. Apple has already helped provide the FBI with access to the backups Farook made up until October 19.

Because of this error on the part of the government, the FBI decided that Apple would now have to create a tool that would work with both older and newer iPhones -- including models with the "secure enclave" -- that would allow the government (and others who obtained, reverse-engineered, or other created a version of the tool) complete access to the full contents and data store in the device's flash storage and processors.

The Apple executives emphasized that the FBI is misleading people with claims that its interest in such a tool extends only to this one particular device, and that Apple is refusing to help the agency at all. They pointed out that no government until now -- even China -- has asked for a special "backdoor" to be created that could access the sensitive contents, and that if it acquiesces to the US government's demands, it will have to do the same for all countries worldwide.

The executives also said explicitly that previous statements by government officials, from FBI Director James Comey to Manhattan District Attorney Cyrus Vance have made it clear that the US government would use such a tool, if it were created, to bypass the security on at least 175 iPhones that have been seized as part of more mundane criminal investigations. While saying that Apple "abhors" terrorism in any form, the methods the FBI has gone to court to try and force Apple to create would create a "master key" that the government would then use to unlock any devices they deem of interest for any reason.

The Apple executives were motivated to provide a rebuttal due to the voiding of a confidentiality agreement through the DOJ's detailed affidavit, and because FBI officials attempted to capitalize on Apple's forced silence by claiming that the company's refusal to give the agency what it wanted was more to "protect the brand" and "a marketing strategy," maligning the company's motives while forcing it to leave the allegations unanswered.



The affidavit, however, allowed Apple to set the record straight and reveal specifics of what it had done to help the agency freely. The filing by the DOJ has also provided Apple with the opportunity to defend itself from the agency's deliberate mischaracterization, and explain why the FBI has had to go to court in an attempt to get Apple to hack its own software; it was because a US government official, either from San Bernardino County, law enforcement personnel, or the FBI itself bungled the handling of the device, leaving Apple's guidance and advice on how to get what the FBI was looking for obsolete.

Various observers have questioned whether the FBI is simply using the tragedy of the San Bernardino workplace massacre to intimidate lawmakers and courts into changing the law or ordering tech companies to comply with various requests in the name of "terrorism" or, as one FBI official claimed, protecting the "need to know" from the victims' families of any details that could conceivably be on such devices. The officials from Apple indicated that it will continue to tighten and harden the security of the iPhone in an effort to ensure that users are protected from both hardware and software "cracking" attacks that could compromise personal data by any attacker.
     
Steve Wilkinson
Senior User
Join Date: Dec 2001
Location: Prince George, BC, Canada
Status: Offline
Reply With Quote
Feb 20, 2016, 12:31 AM
 
They talked about this a bit on the No Agenda show, episode 800 at about 1:35:45 min in (where the start to break down what Apple is being ordered to do).

http://mp3s.nashownotes.com/NA-800-2016-02-18-Final.mp3

If I'm following it correctly, they basically want to be able to push a modified version of the OS onto the phones that gets rid of the erase after failed attempts and time delay between attempts, so they can simply brute-force work the combinations at the full speed of the hardware. In other words, with such a tool, they could be into any phone in pretty short order.
------
Steve Wilkinson
Web designer | Christian apologist
cgWerks | TilledSoil.org
     
HPeet
Fresh-Faced Recruit
Join Date: Oct 2011
Status: Offline
Reply With Quote
Feb 20, 2016, 07:59 AM
 
steve

Link is dead. LA Times has some pretty extensive coverage.
     
Charles Martin
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status: Offline
Reply With Quote
Feb 20, 2016, 02:37 PM
 
Yes, Steve, that is the essence of what the FBI wants. It's the claim that it will only be used in this particular case that I find particularly incredible (as in "not credible"), since with this tool there will clearly be other present and future cases where the agency will want to use it.

I'm certainly not unsympathetic to the desire of law enforcement to have easy access to important data or evidence for particular sorts of cases, but a door on the scale of what they are asking for opens both ways -- and our society is set up on the foundations of the Constitution, which was deliberately designed to ensure personal security, which is the key to liberty in the first place. The founders understood very well the danger in giving authorities too much power, and deliberately limited it for exactly this reason.
Charles Martin
MacNN Editor
     
Steve Wilkinson
Senior User
Join Date: Dec 2001
Location: Prince George, BC, Canada
Status: Offline
Reply With Quote
Feb 20, 2016, 11:37 PM
 
Originally Posted by HPeet View Post
steve

Link is dead. LA Times has some pretty extensive coverage.
I think the link is fine... it's just a reasonably big MP3 file, so take a bit to start playing. Then you'd have to scrub through to that time-frame.

Here's the written version they were discussing... the pertinent part is on page 2.
https://assets.documentcloud.org/doc...sst-iPhone.pdf
------
Steve Wilkinson
Web designer | Christian apologist
cgWerks | TilledSoil.org
     
HPeet
Fresh-Faced Recruit
Join Date: Oct 2011
Status: Offline
Reply With Quote
Feb 21, 2016, 11:12 AM
 
Both links return:

"This page cannot be opened because the server can't be found".
     
chimaera
Dedicated MacNNer
Join Date: Apr 2007
Status: Offline
Reply With Quote
Feb 21, 2016, 02:27 PM
 
Works fine for me. Your ISP may have a DNS problem, with a bad (or no) listing for that domain. You could try putting in 8.8.8.8 for google DNS, see if that lets you find the documentcloud server.
     
emulator@fronti
Fresh-Faced Recruit
Join Date: Apr 2005
Status: Offline
Reply With Quote
Feb 22, 2016, 11:04 AM
 
The link is dead for me, too...but here's why:

Clicking the link take me to:

http://https//assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf

Notice the "http://https//assets..."

Getting rid of the http:// and placing a colon after the https corrects the problem.
     
chimaera
Dedicated MacNNer
Join Date: Apr 2007
Status: Offline
Reply With Quote
Feb 22, 2016, 02:19 PM
 
Staff, front-page alert again. I clicked the link in the forums side, all was well. On the News side, the URL is gummed up like emulator@fronti says.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 10:18 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,