FBI: Apple's new privacy features protect kidnappers, pedos and terrorists

[The Merg]

The Government is not trying to make it so that it is butt-simple to access data from the phones. They are trying to keep things as they were.

Currently (iOS 7 and earlier), there are two ways that law enforcement can access data on an iPhone:
1. Consent
2. Search Warrant

In going the consent route, it is logical to think that the owner of the phone is providing the passcode to allow access to the phone. Once that is done, law enforcement can physically go through the phone or they can download the contents via certain tools at their disposal. There is currently no tool that can bypass the passcode on an iPhone/iPad.

In going the search warrant route, it is logical to assume that the owner of the phone has not provided their passcode. As mentioned above, there is no tool that can bypass the passcode on an iPhone. In these cases, law enforcement have to write and serve a second search warrant to Apple itself in CA. They provide the phone to Apple along with the second search warrant. Apple would then bypass the passcode and download the contents of the phone to provide them to law enforcement.

With iOS 8 and the new encryption, while Apple could bypass the passcode, the data on the phone will be encrypted and useless. The alternative for law enforcement is to request the data that is currently stored in iCloud. This would mean that mail, calendar, and backups would be available. The mail and calendar info is only available if the phone owner used iCloud for their service though.

Brute force is not generally an option as after just a few attempts the phone will lock the user out for extended periods of time and depending on settings will erase the phone.

- Merg

 

[Rakehellion]

You can't brute force the PIN. The key is stored in the memory controller ot the phone and hashed with a longer, unique identifier. You could physically open the chip and connect it to a machine that reads the electrical signals, but that obviously isn't a straightforward process.

 

[mchammer187]

for the average jane/john doe, what percentage are likely to enable a lockout longer than the standard 4 or 5 digit pincode... i'm guessing not many. shouldn't that make brute forcing the password an easy task for all phones with such short pincodes?

i'd also expect thee to be some sort of way to clone the entire phone into a virtual device sitting on a forensic examiner's harddrive. encrypted phones may create the incentive for a tech company to create just such software and market it to big bro.

anyway you slice it, i think it is highly unethical to suggest to anyone that mobile phones are secure devices.

I thought your device gets wiped after a certain amount of bad attempts also there is definitely a lockout where you have to wait an hour per attempt so is it bulletproof no but it is relatively secure even with a simple passcode

 

[smackababy]

I thought your device gets wiped after a certain amount of bad attempts also there is definitely a lockout where you have to wait an hour per attempt so is it bulletproof no but it is relatively secure even with a simple passcode

You have to enable a setting for a wipe after a certain number of attempts.


And, I think a lot of you need to think of the children. What if a pedophile has pictures on his phone? The cops won't know if he doesn't give up his password!

 

[TheSlamma]

And, I think a lot of you need to think of the children. What if a pedophile has pictures on his phone? The cops won't know if he doesn't give up his password!

You know what George Carlin said about the children.

 

[smackababy]

You know what George Carlin said about the children.

Fuck 'em?

 

[Zodiark1593]

You have to enable a setting for a wipe after a certain number of attempts.


And, I think a lot of you need to think of the children. What if a pedophile has pictures on his phone? The cops won't know if he doesn't give up his password!

Like anything else, they're free to take an image of the encrypted portion and have a crack at it. A suspect is not at liberty to actively aid the police in any way.

However, any half wit that has potentially incriminating stuff to hide would be best served by encryption tools not made by the largest software companies, preferably programmed by said half wit.

Law enforcement must be very thankful computer programming is an uncommon skill.

 

[Subyman]

Padlocks only help pedos keep their torture chambers secret!

 

[smackababy]

Like anything else, they're free to take an image of the encrypted portion and have a crack at it. A suspect is not at liberty to actively aid the police in any way.

And, this is what I originally asked. Has the entire "plead the fif" worked when demanded to give up a password? I remember a story where someone was ordered, by a judge, to give the password of their laptop and they said they forgot what it was. I didn't follow the story to learn what eventually happened, though.

 

[mizzou]

I actually don't think you have to tell, even when ordered. With the right to not self incriminate, if evidence exists on my phone, could I plead the 5th with asked for the password? Has that actually held up in court? Didn't someone claim to have forgotten the password to a laptop and that went to court?

I would love for this forced telling or unlocking of a device to be challenged up the courts.

you need probable cause a crime was committed to search someone's cell phone contents. So, they can do a forensic search on it if they are pretty sure you have kitty porn (on purpose )

would be interesting though if you had the ONLY password knowledge...how could they break it if its unbreakable and you refuse to do it..would it be obstruction?

 

[smackababy]

you need probable cause a crime was committed to search someone's cell phone contents. So, they can do a forensic search on it if they are pretty sure you have kitty porn (on purpose )

would be interesting though if you had the ONLY password knowledge...how could they break it if its unbreakable and you refuse to do it..would it be obstruction?

That is what I am wondering. You'd think that providing the password could be considered self incrimination, right? Couldn't you plead the 5th?

 

[werepossum]

You can turn off simple password on an iPhone and make it as complex as you want.
I don't know exactly how secure the encryption is but I have been hearing that it's not practical to brute force it. Organisations like the NSA can break it but not for every single device and communication as they'd like to.

Sounds ideal to me. Get a subpoena, disassemble the phone, image the drive, and crack it by brute force. Or, alternately, give them the password and have them immediately download the contents to demonstrate that you are not breaking the law - your choice.

Padlocks only help pedos keep their torture chambers secret!

+1

 

[NoStateofMind]

Padlocks only help pedos keep their torture chambers secret!

We must demand entry into each and every house to ensure all padlocks are easily picked or said company of the padlock must provide a master key! By george I think we got those pedo's this time!!!

 

[The Merg]

you need probable cause a crime was committed to search someone's cell phone contents. So, they can do a forensic search on it if they are pretty sure you have kitty porn (on purpose )

would be interesting though if you had the ONLY password knowledge...how could they break it if its unbreakable and you refuse to do it..would it be obstruction?

Apple is able to bypass the passcode. The issue is that the data on the phone is encrypted even if Apple gains access to it.

- Merg

 

[The Merg]

We must demand entry into each and every house to ensure all padlocks are easily picked or said company of the padlock must provide a master key! By george I think we got those pedo's this time!!!

You do realIze that by your analogy, the way things were prior to iOS 8 was that the said company had a master key. They didn't give the key to law enforcement, but with a search warrant they would provide the contents of the locked up items to law enforcement after said company used the key themselves.

- Merg

 

[Zodiark1593]

And, this is what I originally asked. Has the entire "plead the fif" worked when demanded to give up a password? I remember a story where someone was ordered, by a judge, to give the password of their laptop and they said they forgot what it was. I didn't follow the story to learn what eventually happened, though.

Physically speaking, data is simply a bunch of 0s and 1s that when arranged give meaning toward a user. Encrypting it simply switches around those 0s and 1s according to the parameters the user has set. In a way, you could consider the data going from one language to an entirely new one (more accurate than the metaphor of calling it a lockbox).

Under court order, a suspect hands over his data (of 0s and 1s) which represents such for him, but is unintelligible for investigators. Under this reasoning, said suspect has fulfilled obligation and doesn't need to assist in translating the data for investigators. A judge ordering otherwise violates a suspect's right to silence or otherwise protection against self incrimination in certain cases (though invoking self incrimination protection will likely imply evidence of criminal activity in an encrypted container).

Of course, not all judges are computer savvy, so unless the suspect have a lawyer that is up to speed, it's a mixed bag as to whether the above will stand, or whether the judge decides to apply the Lockbox Metaphor to the encrypted data. (Said metaphor equating your password to an actual key as opposed to it's physical nature)

Edit: I've read one case where as opposed to demanding the suspect divulge the password, he simply demanded the unencrypted contents. However, if a decrypted copy doesn't currently exist (a suspect can't provide what doesn't exist) a skilled attorney could fight that as well.

 

[Pipeline 1010]

That is what I am wondering. You'd think that providing the password could be considered self incrimination, right? Couldn't you plead the 5th?

I seem to remember a couple of cases where the person was NOT allowed to plead the 5th. I don't know how appeals and such settled out.

On the other hand, what if your password was "I did commit the fraud in question" or "I killed Billy Smith" or some other password that was itself directly self-incriminating?

 

[Zorba]

My question is, if you have a safe in your house, are you required to open it for a search warrant? It seems like computer passwords would be basically the same thing.

 

[The Merg]

My question is, if you have a safe in your house, are you required to open it for a search warrant? It seems like computer passwords would be basically the same thing.

You are not. The police can take the safe and have it opened.

- Merg

 

[Jaskalas]

Solution: Catch people in the physical act.

Do not make digital security a crime.

 

[The Merg]

Solution: Catch people in the physical act.

Do not make digital security a crime.

For many crimes, that's almost impossible. Plus, how do you handle crimes that are reported after that fact?

- Merg

 

[Jeff7]

And our basic Constitutional rights make it difficult to just throw suspected criminals in jail. There's all this bullshit about "due process" and "no cruel or unusual punishment" that also makes their jobs more difficult.


:hmm:

 

[IHateMyJob2004]

FBI:
Privacy features found via Pen and Paper proctect Pedos, terrorists and kidnappers. Therefore, the creation of paper and writing utensils are to be banned.

Yawnn ....

 

[IHateMyJob2004]

Brute force is not generally an option as after just a few attempts the phone will lock the user out for extended periods of time and depending on settings will erase the phone.

- Merg

Apple gets data off phone that is encrypted. Brute force that data? Doing so would not lock the phone since it does not need to be on the phone.

If people actually care, they can just get a Blackberry. Nothing can be taken off that so long as you encrypt all the data. That's why world leaders use Blackberrys.

 

[Zodiark1593]

My question is, if you have a safe in your house, are you required to open it for a search warrant? It seems like computer passwords would be basically the same thing.

The police can crack it open for an uncooperative suspect. If a physical key is used, a search warrant can cover that too.

However, encryption of data is physically completely different from a safe which is what I pointed out above. Metaphors (should) have no place in a court of law.