Apple ordered to create software to help unlock a phone for FBI

[Russic]

On twitter somebody likened it to Apple building 1/3 of the homes in the world. Somebody did something terrible in one of those houses, so now the FBI wants a set of keys to everybody's house. This key can also be cut by criminals.

I get it if you don't like Apple and you like to argue on the internet about it, but this is way bigger than that.

[ken0042]

I am actually surprised that this hasn't come up before. Basically what the FBI wants is for Apple to crack the 4 digit passcode. Once the phone is unlocked- all the info is there.

I would have thought that at some point in the past there would have been a case where somebody died- and a family member wanted access to their phone.

The fact that Apple doesn't have the ability to plug the phone into their system and change the unlock code to "1234" concerns me a little.

[Erick Estrada]

Quote:

Originally Posted by ken0042

I am actually surprised that this hasn't come up before. Basically what the FBI wants is for Apple to crack the 4 digit passcode. Once the phone is unlocked- all the info is there.

I would have thought that at some point in the past there would have been a case where somebody died- and a family member wanted access to their phone.

The fact that Apple doesn't have the ability to plug the phone into their system and change the unlock code to "1234" concerns me a little.

Do you use an Apple phone?

[photon]

That's like saying it's concerning the maker of the safe you bought doesn't have the ability to change the combination whenever they feel like it.

[ken0042]

Yes, I use an iPhone.

Photon- I liken it more to a network administrator being able to change a password. We've had it happen before where somebody at my work dies, and we need to log in as them to retrieve data.

[Traditional_Ale]

Quote:

Originally Posted by ken0042

Yes, I use an iPhone.

Photon- I liken it more to a network administrator being able to change a password. We've had it happen before where somebody at my work dies, and we need to log in as them to retrieve data.

Yeah, but the business owns the data and therefore there is a precedent to "hack" their work account. The phone is a personal thing, and the data is the private property of the owner.

[Russic]

Quote:

Originally Posted by ken0042

I am actually surprised that this hasn't come up before. Basically what the FBI wants is for Apple to crack the 4 digit passcode. Once the phone is unlocked- all the info is there.

I would have thought that at some point in the past there would have been a case where somebody died- and a family member wanted access to their phone.

The fact that Apple doesn't have the ability to plug the phone into their system and change the unlock code to "1234" concerns me a little.

Really? I count that among the benefits of Apple. These phones can contain enough information to do serious damage to people – especially in regions that have Apple Pay. Only the user should be able to access that imo.

I believe there was a case a couple weeks back where apple couldn't open a deceased man's phone after he died. I'm sure it sucks in a few instances, but it's for the greater good.

[HotHotHeat]

Quote:

Originally Posted by ken0042

Yes, I use an iPhone.

Photon- I liken it more to a network administrator being able to change a password. We've had it happen before where somebody at my work dies, and we need to log in as them to retrieve data.

And that's the difference between enterprise and personal.

If this was an iPhone belonging to a company with MDM, the issue would never have made its way to Apple.

[GoinAllTheWay]

I'm actually quite surprised it isn't as easy as I assumed it was. I figured it's a computer, they could hack it if they really wanted too. And I, for one, am happy to find that is not the case.

How does Android compare to apple in a situation like this? If a pin is required to unlock my phone and I have the same 10strikes and your out policy enforced, is it basically the same situation?

And how does all of this compare to Blackberry? They have the best security out there, no?

[northcrunk]

Quote:

Originally Posted by Traditional_Ale

Yeah, but the business owns the data and therefore there is a precedent to "hack" their work account. The phone is a personal thing, and the data is the private property of the owner.

The phone in question is a business phone and is not the dead terrorists property but rather that of his employer which I believe is the state.

[cam_wmh]

Quote:

Originally Posted by northcrunk

I didn't really say I disagree with Apples decision. I just hate Apple as a company. Always have.

Sounds rational, thanks for the constructive discourse. +1 post tho, amirite?

Quote:

Originally Posted by HotHotHeat

And that's the difference between enterprise and personal.

If this was an iPhone belonging to a company with MDM, the issue would never have made its way to Apple.

Exactly. It's a slow adoption, but w/DEP more companies getting aboard.

[Resolute 14]

Quote:

Originally Posted by ken0042

I am actually surprised that this hasn't come up before. Basically what the FBI wants is for Apple to crack the 4 digit passcode. Once the phone is unlocked- all the info is there.

I would have thought that at some point in the past there would have been a case where somebody died- and a family member wanted access to their phone.

The fact that Apple doesn't have the ability to plug the phone into their system and change the unlock code to "1234" concerns me a little.

The question you pose in the third paragraph is answered in the first.

Once you crack the security, everything is wide open.

[Rathji]

Quote:

Originally Posted by northcrunk

The phone in question is a business phone and is not the dead terrorists property but rather that of his employer which I believe is the state.

If that is the case, then the business would have needed to install mobile device management tools to allow them to reset the password.

Since they didn't do that, then who the device or the data belongs to is totally irrelevant. If they build this tool, they pretty much have said to their entire userbase: "We don't care about you or your privacy, and the promises we made by offering this product and service to you means nothing"

[psicodude]

Quote:

Originally Posted by GoinAllTheWay

I'm actually quite surprised it isn't as easy as I assumed it was. I figured it's a computer, they could hack it if they really wanted too. And I, for one, am happy to find that is not the case.

How does Android compare to apple in a situation like this? If a pin is required to unlock my phone and I have the same 10strikes and your out policy enforced, is it basically the same situation?

And how does all of this compare to Blackberry? They have the best security out there, no?

You have to understand that this has very little to do with a PIN. The issue at hand is that these devices are fully encrypted, and therefore, the data contained within them is completely inaccessible without the encryption keys that you enable by entering the correct PIN or fingerprint. Without this encryption, you could easily connect the phone to a computer and gain access to the data externally.

I am not an expert and stand to be corrected, but my understanding is that encryption on Android pre-Marshmallow (below 6.0) is optional and not enabled by default. It is easy and recommended that you do this, by they way. Google has said that encryption will be mandatory on all new devices with Marshmallow and above.

Apple and BlackBerry, however, have encryption enforced by default on all of their phones for several years.

[Locke]

Quote:

Originally Posted by Resolute 14

The FBI would have similar difficulty accessing a macbook or other computer if it was encrypted and no back door was available.

And, of course, it is notable that the FBI is abusing a 227 year old law to try and undermine personal privacy and security.

Whoa, wait. What?

[photon]

Quote:

Originally Posted by Locke

Whoa, wait. What?

Heh...

Quote:

In its 40-page filing, which was also filed on Tuesday, the government cited the All Writs Act, which has come up in other cases.

At its core, the 18th-century catchall statute simply allows courts to issue a writ, or order, which compels a person or company to do something. In the past, feds have used this law to compel unnamed smartphone manufacturers to bypass security measures for phones involved in legal cases. The government has previously tried using this same legal justification against Apple as well.

[Muffins]

Why don't the FBI just call their buddies at the NSA? They've already got all this info.

Oh wait, they're trying to do this legally.

[GoinAllTheWay]

Quote:

Originally Posted by psicodude

Without this encryption, you could easily connect the phone to a computer and gain access to the data externally.

Right...duh...I should have known that. Actually after I posted that I started to look around and it looks like Android is quite poor in terms of security. They don't get patched with any regularity either although I do understand why that is.

[Locke]

I see. Yes. That should be sufficient ground to bitch-slap the Government in the face.

Holy crap. If someone comes at you with centuries old legislation that should be your first indicator that you should slap them in the face with same said legislation.

[Rathji]

Quote:

Originally Posted by Muffins

Why don't the FBI just call their buddies at the NSA? They've already got all this info.

Oh wait, they're trying to do this legally.

Only if they have the keys.

Now, the NSA does have lots of encryption keys that they have obtained through various techniques, including some expires ones to go through old data if I am remembering correctly, but I would say they do not have these keys.

If they did, I doubt this would ever have became a thing, because they could easily do exactly what they are asking Apple for and keep it on the down low for use for years without anyone becoming the wiser.