Re: Apple deluged by police demands to decrypt iPhones

[Stephanie Daugherty <sdaugherty () gmail com>]

Good idea. Digital equivalent to having to break down the door and change
the locks. - works but messy enough to keep LE honest.



On Sat, May 11, 2013 at 2:20 AM, Steve Pirk <pirkster () gmail com> wrote:

> I like Google's approach, resetting the password and then supplying that
> the LE. You definitely get notified. I am wondering what happens when you
> have two factor author enabled? I imagine you would receive an SMS the
> first time LE tries to log in. You could then reset the password and make
> them go through the whole process again. :-)
> On May 10, 2013 7:00 PM, "Jeffrey Walton" <noloader () gmail com> wrote:
>
> > Why break it when you can go around it....
> >
> >
> > http://news.cnet.com/8301-13578_3-57583843-38/apple-deluged-by-police-demands-to-decrypt-iphones/
> >
> > Apple receives so many police demands to decrypt seized iPhones that
> > it has created a "waiting list" to handle the deluge of requests, CNET
> > has learned.
> >
> > Court documents show that federal agents were so stymied by the
> > encrypted iPhone 4S of a Kentucky man accused of distributing crack
> > cocaine that they turned to Apple for decryption help last year.
> >
> > An agent at the ATF, the federal Bureau of Alcohol, Tobacco, Firearms
> > and Explosives, "contacted Apple to obtain assistance in unlocking the
> > device," U.S. District Judge Karen Caldwell wrote in a recent opinion.
> > But, she wrote, the ATF was "placed on a waiting list by the company."
> >
> > A search warrant affidavit prepared by ATF agent Rob Maynard says
> > that, for nearly three months last summer, he "attempted to locate a
> > local, state, or federal law enforcement agency with the forensic
> > capabilities to unlock" an iPhone 4S. But after each police agency
> > responded by saying they "did not have the forensic capability,"
> > Maynard resorted to asking Cupertino.
> >
> > Because the waiting list had grown so long, there would be at least a
> > 7-week delay, Maynard says he was told by Joann Chang, a legal
> > specialist in Apple's litigation group. It's unclear how long the
> > process took, but it appears to have been at least four months.
> >
> > [Image and excerpt from ATF affidavit, which says Apple "has the
> > capabilities to bypass the security software" for law enforcement.]
> >
> > The documents shed new light on the increasingly popular law
> > enforcement practice of performing a forensic analysis on encrypted
> > mobile devices -- a practice that can, when done without a warrant,
> > raise Fourth Amendment concerns.
> >
> > Last year, leaked training materials prepared by the Sacramento
> > sheriff's office included a form that would require Apple to "assist
> > law enforcement agents" with "bypassing the cell phone user's passcode
> > so that the agents may search the iPhone." Google takes a more
> > privacy-protective approach: it "resets the password and further
> > provides the reset password to law enforcement," the materials say,
> > which has the side effect of notifying the user that his or her cell
> > phone has been compromised.
> >
> > Ginger Colbrun, ATF's public affairs chief, told CNET that "ATF cannot
> > discuss specifics of ongoing investigations or litigation. ATF follows
> > federal law and DOJ/department-wide policy on access to all
> > communication devices."
> >
> > In a separate case in Nevada last year, federal agents acknowledged to
> > a judge that they were having trouble examining a seized iPhone and
> > iPad because of password and encryption issues. And the Drug
> > Enforcement Administration has been stymied by encryption used in
> > Apple's iMessage chat service, according to an internal document
> > obtained by CNET last month.
> > Bypassing Apple's security
> >
> > The ATF's Maynard said in an affidavit for the Kentucky case that
> > Apple "has the capabilities to bypass the security software" and
> > "download the contents of the phone to an external memory device."
> > Chang, the Apple legal specialist, told him that "once the Apple
> > analyst bypasses the passcode, the data will be downloaded onto a USB
> > external drive" and delivered to the ATF.
> >
> > It's not clear whether that means Apple has created a backdoor for
> > police -- which has been the topic of speculation in the past --
> > whether the company has custom hardware that's faster at decryption,
> > or whether it simply is more skilled at using the same procedures
> > available to the government. Apple declined to discuss its law
> > enforcement policies when contacted this week by CNET.
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.