The FBI can't figure out how to unlock the Texas church shooter's iPhone, and Apple has offered help*

[captain_to_fire]

Sources: Business Insider, CNET, Twitter (John Paczkowski)

 

Quote

Apple offered to help the FBI with an encrypted phone belonging to Texas church shooter Devin Patrick Kelley after learning the bureau was having trouble getting into the device.

The company said its overture came after it learned of the FBI's failed efforts to access the handset's data during a press conference this week. It wasn't immediately clear what model of phone was recovered from Kelley, who committed suicide after killing 26 people and injuring 20 more at a Texas church on Sunday.

"Our team immediately reached out to the FBI after learning from their press conference on Tuesday that investigators were trying to access a mobile phone," Apple said in a statement Wednesday. "We offered assistance and said we would expedite any legal process they send us."

 

Apple and the FBI have had tense relations since a bureau investigation into a terror attack in San Bernardino, California, in December 2015. In that case, the US Department of Justice sought a court order to force Apple to write software that would unlock the shooter's iPhone C without the passcode. The Justice Department dropped the case after a contractor it hired found a way to unlock the phone without Apple's help.

My first reaction was "Oh Shit!". But then I don't do any crime so I guess I'm safe but to be fair, Apple didn't say that they will not cooperate with law enforcement agencies. In their own privacy statement, Apple says the following.

Quote

What we’re commonly asked for and how we respond.

 

Apple receives various forms of legal process requesting information from or actions by Apple. Apple requires government and private entities to follow applicable laws and statutes when requesting customer information and data. We contractually require our service providers to follow the same standard we apply to government information requests for Apple data. Our legal team reviews requests to ensure that the requests have a valid legal basis. If they do, we comply by providing the narrowest possible set of data responsive to the request. If a request does not have a valid legal basis, or if we consider it to be unclear, inappropriate, or overly broad, we challenge or reject the request. We report on the requests every six months.

We’ll continue working for greater transparency and data security protections on behalf of our customers.

 

Apple has never created a backdoor or master key to any of our products or services. We have also never allowed any government direct access to Apple servers. And we never will.

Government requests

Device Requests

Device Requests make up the majority of requests that Apple receives. Most commonly they come from law enforcement agencies working on behalf of customers who have requested assistance locating lost or stolen devices. We report these as Device Requests. Additionally, Apple regularly receives multidevice requests related to fraud investigations. Device Requests generally seek information about a customer’s iPhone, iPad, or Mac.

Financial Identifier Requests

Financial Identifier Requests are requests based on financial identifiers such as credit card data. Examples include cases in which a credit card has been used fraudulently to purchase Apple products or services. These requests generally seek details of suspected fraudulent transactions.

Account Requests

Account Requests most commonly involve information related to a customer’s Apple account. We apply the highest U.S. legal standard, and we require a search warrant for all U.S. requests for content. All international requests for content stored in our data centers in the U.S. must comply with the U.S. Electronic Communications Privacy Act (ECPA). Only a small fraction of requests from law enforcement seek content such as email, photos, and other content stored on users’ iCloud accounts. Apple will give prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may also withhold notice in exceptional circumstances, such as emergencies, when notice could result in danger (for example, child exploitation investigations), or when notice would be counterproductive (for example, when the user’s account has been hacked). We will also provide delayed notice to users upon expiration of a valid and applicable nondisclosure order unless Apple, in its sole discretion, believes that providing notice could result in danger to identifiable individuals or groups or could be counterproductive.

Emergency Requests

Emergency Requests relate to circumstances involving imminent danger of death or serious physical injury to any person. Apple has a dedicated team available around the clock to respond to Emergency Requests globally. We process requests on a 24/7 emergency basis.

Account Restriction/Deletion Requests

Account Restriction/Deletion Requests from law enforcement ask Apple to restrict or delete a customer’s account. These requests usually relate to circumstances in which an account has been used unlawfully or in violation of Apple’s Terms and Conditions. Apple requires a court order or a letter from law enforcement certifying that a customer has been convicted based on evidence located in the customer’s account. The applicable account restriction/deletion order or request must demonstrate that the account to be restricted or deleted violates Apple’s Terms and Conditions.

Account Preservation Requests 

Account Preservation Requests are made pursuant to the U.S. Electronic Communications Privacy Act (ECPA), which permits law enforcement and government agencies to request that Apple preserve the contents of a customer’s Apple account. Apple complies by obtaining a one-time copy of the customer’s Apple account and saving it for 90 days (up to 180 days if Apple receives a renewal request).

U.S. National Security Orders

U.S. National Security Orders demand that Apple provide information in response to U.S. National Security legal authorities. They are not counted as Device Requests or Account Requests. In the second half of 2016, Apple received between 5,750 and 5,999 National Security Orders. Apple reports National Security Orders to the extent allowed by law. Though we would like to be more specific, by law this is the most precise information we are currently allowed to disclose.

 

In addition, if Apple receives a National Security Letter (NSL) from the U.S. government that contains an indefinite gag order, Apple will notify the government that it would like the court to review the nondisclosure provision of the NSL pursuant to USA FREEDOM. The government then has 30 days to let the court know why the nondisclosure should remain in effect or can let Apple know that the nondisclosure no longer applies. If Apple receives notice that the nondisclosure no longer applies, it will notify the affected customer(s) pursuant to Apple’s customer notice policies.

In another document, Apple does accept subpoenas, search warrants and court orders as well [here]. For requests outside the US [here].

Quote

Government and law enforcement agencies should include the following information with the legal request so that the request can be verified:

 

Government/Law Enforcement Agency Name

Government/Law Enforcement Agent Name and Badge/ID number

Government/Law Enforcement Agency official Email address

Government/Law Enforcement Agency Phone number (with extension if applicable)

Government/Law Enforcement Agency Fax number

Government/Law Enforcement Agency Verifiable physical return address

Government/Law Enforcement Agency Case Reference number or other case identifying parameter

At the moment, the FBI can't unlock the iPhone because Touch ID is disabled immediately after 48 hours of not being used. The FBI won't risk to brute force the iPhone because Apple implemented an anti-brute force method where after 10 failed passcode attempts, it will wipe out all data. Here's another statement from Apple:

Quote

Apple said it works with law enforcement every day, offering training to agents on the devices and how to quickly request information from Apple. The company won't give law enforcement officials the tools to unlock the phone, but it will provide iCloud data when compelled by a court order.

I guess this is why local backups are still better. Also, Apple didn't say that they'll create an encryption backdoor nor would they help unlock the iPhone but only the iCloud contents. Which made me think Apple is operating in the US and they have to follow the law. It's odd that Apple offered to help first rather than having the FBI harass them just like in 2014. The Texas shooting is by no doubt atrocious and good thing that the shooter is dead. Apple in 2014 received an amicus curiae from the tech industry and non-government organizations in support of them refusing to create an encryption backdoor. Since little information has been revealed, I don't know what kind of aid will Apple give to the FBI. But why didn't the FBI unlocked the iPhone within 48 hours using the corpse's finger? 

 

This post will continuously be updated as more reports and statements are posted online. To be honest I'm surprised and disappointed.

Edited November 9, 2017 by hey_yo_

[captain_to_fire]

Just now, valdyrgramr said:

Apple seems bipolar when it comes to helping federal agents with unlocking phones. 

I find it odd that the FBI didn't even asked for help and Apple is voluntarily offering one

[aisle9]

So much for taking a stand for their consumers.

 

Eat a dick, Apple.

[TheSLSAMG]

Just last year, Apple were resistant to unlocking the San Bernardino shooter's phone to the point where the feds took them to court, but now they're even reaching out to unlock the Sutherland Springs shooter's phone. What happened?

[captain_to_fire]

3 minutes ago, valdyrgramr said:

I feel like Apple is only doing this to make them look good.  Previously they didn't help because of privacy concerns, but now everyone wants to know what was going on in his head.  Gotta love corporations.

Wouldn't that make them look worse? Apple stood up for consumer privacy once in 2014 and they operate on other countries as well including the EU, Russia and China. How will the leaders feel and how will consumers from these countries react then? This will have a huge blow to Apple's street cred.

[ARikozuM]

Are they helping due to the non-political tragedy here? I don't keep up with the news, so any info is appreciated. 

[79wjd]

 

33 minutes ago, valdyrgramr said:

Apple seems bipolar when it comes to helping federal agents with unlocking phones. 

 

25 minutes ago, TheSLSAMG said:

Just last year, Apple were resistant to unlocking the San Bernardino shooter's phone to the point where the feds took them to court, but now they're even reaching out to unlock the Sutherland Springs shooter's phone. What happened?

Unless I'm mistaken, I believe that Apple was willing to grant access to the iCloud data for the San Bernadino shooter, but the FBI reset the password and prevented any recent (and relevant?.....) backups to occur.

[AtomicFrance]

My guess is that Apple is preemptively trying to save money on court.

I can't imagine that the legal "fuck you" they gave the FBI in 2014 was cheap, so they're likely trying to get ahead of this before having to spend another boatload of money on a federal court case.

[AtomicFrance]

Just now, valdyrgramr said:

Pretty sure they said no, and that was when John stopped in with the shoe bit.

Actually, You're probably right here. It's highly likely that they want to provide the iCloud data before the FBI shoots themselves in the foot again and makes it so that Apple can't give them anything. 

[79wjd]

2 minutes ago, valdyrgramr said:

Pretty sure they said no, and that was when John stopped in with the shoe bit.

Quote

After the shooter's phone had been recovered, the FBI asked San Bernardino County, the owner of the phone, to reset the password to the shooter's iCloud account in order to acquire data from the iCloud backup. However, this rendered the phone unable to back up recent data to iCloud unless its pass-code is entered.[35][36][37] This was confirmed by the U.S. Department of Justice, which then added that any backup would have been "insufficient" because they would not have been able to recover enough information from it.[38]

https://en.wikipedia.org/wiki/FBI–Apple_encryption_dispute

Quote

Apple said that in early January it provided four alternatives to access data from the iPhone besides the controversial method the FBI is now proposing.

 

But one of the most encouraging options was ruled out because within 24 hours of the shooting rampage, the phone’s owner — possibly gunman Syed Rizwan Farook’s employer, the San Bernardino County public health department — reset the password to Farook’s iCloud account to access data from the backup, according to Apple and federal officials.

http://www.latimes.com/business/la-fi-tn-apple-fbi-call-20160219-story.html

 

@hey_yo_ @TheSLSAMG

[AshleyAshes]

34 minutes ago, valdyrgramr said:

I feel like Apple is only doing this to make them look good.  Previously they didn't help because of privacy concerns, but now everyone wants to know what was going on in his head.  Gotta love corporations.

Which baffles me because basically half the town is like 'Oh that guy was a TIME BOMB just waiting to go off.' and the Air Force is all 'Oh, did we not put him on the listy thing so he can't buy guns after he committed certain crimes? And we were SUPPOSED to do that? *points* WOW! LOOK AT THAT DOG!  *runs away*' There appears to be zero mystery here

[toastfacegrillah]

33 minutes ago, valdyrgramr said:

I feel like Apple is only doing this to make them look good.  Previously they didn't help because of privacy concerns, but now everyone wants to know what was going on in his head.  Gotta love corporations.

Exactly, saving face and making them look like hero's. Imagine how many would have been saved if they were consistent with this.

[79wjd]

4 minutes ago, valdyrgramr said:

In the wiki bit it said, "On February 9, 2016, the FBI announced that it was unable to unlock one of the mobile phones they had recovered because of the phone's advanced security features." They then went to the NSA to do it yet they were unable to.  So, they asked Apple to "Create a new version of the phone's iOS operating system that could be installed and run in the phone's random access memory to disable certain security features"

https://en.wikipedia.org/wiki/2015_San_Bernardino_attack#Phone_decryption

And they refused. 

 

Apple is likely refusing now too (we don't know that for sure yet, but their privacy statement does say they won't unlock a phone but they will provide iCloud data, so it's very likely that's exactly what they were trying to do here), but the FBI fucked things up again. 

[AshleyAshes]

2 minutes ago, toastfacegrillah said:

Imagine how many would have been saved if they were consistent with this.

...Probably zero... I don't think unencrypted phones stop guns from firing...

[79wjd]

2 minutes ago, valdyrgramr said:

The point is they originally refused in that case, but in this one, they just walked up to them freely giving it to them.  I highly doubt they would have given it to them previously.  Apple just showed up out of nowhere this time saying they'd help.

No, they didn't refuse to provide iCloud access; they refused to unlock the phone (unless I missed something back in 2015, in which case source?).

 

Now, they're likely doing the exact same thing they did then -- they said they would help (there's a very good chance that 'help' is just providing iCloud data).

[ARikozuM]

4 minutes ago, AshleyAshes said:

...Probably zero... I don't think unencrypted phones stop guns from firing...

 

One day... One day...

 

It's Judge Dredd and you can't use a gun unless your DNA matches the gun's or something. 

[toastfacegrillah]

5 minutes ago, AshleyAshes said:

...Probably zero... I don't think unencrypted phones stop guns from firing...

My bad I meant solved!

[79wjd]

9 minutes ago, valdyrgramr said:

But, that was on the FBI's request.  Apple just showed up out of nowhere.  That's why it is shady.  Also, according to the article, this is about unlocking the phone.  Apple helping at all makes it even shadier. 

Apple knew the FBI would ask for help and would have a warrant for iCloud data anyway, so they should get ahead of the game and prevent the legal shit show that would occur if 48 hours passed. 

 

Although, it does beg a couple of questions.....Since the iCloud password wasn't reset, the phone should backup to iCloud, so the 48 hour Touch ID window shouldn't matter.....unless they have some way of pulling the data stored in the secure enclave out (which would be wiped after 48 hours)....In which case they're still not willing to break the iPhone's encryption and/or put in a backdoor (so it's no different than San Bernadino), but they are willing to provide the passcode within that 48 window (as long as it's still in the secure enclave).

 

But that also begs the question why the FBI wouldn't just use the shooters fingerprint to unlock the phone in the first place.

[Taf the Ghost]

52 minutes ago, TheSLSAMG said:

Just last year, Apple were resistant to unlocking the San Bernardino shooter's phone to the point where the feds took them to court, but now they're even reaching out to unlock the Sutherland Springs shooter's phone. What happened?

The phone didn't become a problem until well after the event, so there's a "it's in the headlines" issue. 

 

But I'd guess it's just saving some steps. The Feds have ways into the devices and the previous cases established that. (Those cases were really about Apple being forced to break them.)

[ARikozuM]

9 minutes ago, djdwosk97 said:

But that also begs the question why the FBI wouldn't just use the shooters fingerprint to unlock the phone in the first place.

 

I don't see how this wouldn't be lawfully doable. 

[79wjd]

15 minutes ago, valdyrgramr said:

The iCloud bit was just what the agency asks for normally.  "Apple offered to help the FBI with an encrypted phone belonging to Texas church shooter Devin Patrick Kelley after learning the bureau was having trouble getting into the device."  Unless I'm missing something it wasn't about the iCloud bit.

I think I may have edited my post as you were writing your reply and I mentioned unlocking the phone -- but the big thing with San Bernadino was that they weren't willing to break the encryption/install a back door into iOS. Within 48 hours the passcode is stored in the secure enclave -- so presumably there is a way to pull it out that doesn't require installing a backdoor. Which in and of itself sounds like a problem since then anyone could take your phone and pull the passcode out of the secure enclave.

 

It's also possible the wording was just poor and they meant they'd provide iCloud data (or help the FBI press the shooters thumb against the scanner, because apparently that's hard). 

 

I find it very hard to believe that Apple completely turned face and is now willing to install a backdoor, and I find it hard to believe that breaking encryption on the secure enclave is any easier than the phone itself. I think there are a few very important details that are missing here.

[ARikozuM]

1 minute ago, valdyrgramr said:

Probably would make them look bad dragging a dead guy's finger onto a device?

I don't think anyone would argue unlocking the phone over a hugely traumatic event. I'd rather they not be able to for everything, but the most heinous of crimes I'd be fine with.

[captain_to_fire]

4 minutes ago, djdwosk97 said:

It's also possible the wording was just poor and they meant they'd provide iCloud data (or help the FBI press the shooters thumb against the scanner, because apparently that's hard). 

Blame it all on CNET's sensationalist and straw man headlines

4 minutes ago, djdwosk97 said:

I find it very hard to believe that Apple completely turned face and is now willing to install a backdoor, and I find it hard to believe that breaking encryption on the secure enclave is any easier than the phone itself. I think there are a few very important details that are missing here.

It baffles me that the FBI wouldn't even bother to just bring the phone and have the corpse's finger touch the Touch ID sensors within 48 hours. But then thanks for clarifying that. I don't think they'll be doing an encryption backdoor but it only shows that offline local backups are still safer than online cloud storage. In other words:

 

More accessibility = less security 

 

I think Apple has a master password to reveal iCloud contents but I forgot where I read that but I don't think there's an instance that they created a new iOS version with security features disabled and I think Apple's code signing prevents that. While It's possible to revert back to an older version, it's only for a short period of time. Let's say I have an iPhone running iOS 11.1, I can no longer revert back to previous versions of iOS because of code signing.

 

2 minutes ago, ARikozuM said:

I don't think anyone would argue unlocking the phone over a hugely traumatic event. I'd rather they not be able to for everything, but the most heinous of crimes I'd be fine with.

It makes me wonder if FBI employees are afraid of dead bodies or ghosts

[captain_to_fire]

1 minute ago, valdyrgramr said:

Quick, watch Criminal Minds.

I'm more in Mindhunter on Netflix. It's good. 

[captain_to_fire]

Just now, valdyrgramr said:

I dunno what they will do as there hasn't been any word on that.  However, I still find it unusual for Apple to help without a court order.  Then again, it could just be bad reporting on CNET as mentioned.

I wouldn't call CNET fake news agency just yet unlike Bloomberg which was proven to be fake news twice in this forum. But I'd rather call out CNET  for their sensationalist and clickbaiting headlines and many news agencies (either left or right leaning) are guilty.