29 March 2016

Apple (and the FBI) for the day

Yahoo News has an Associated Press article by Tami Abdollah and Brandon Bailey about the iPhone battle:

The FBI said it successfully used a mysterious technique, without Apple's help, to hack into the iPhone used by a gunman in a mass shooting in California, effectively ending a pitched court battle between the Obama administration and one of the world's leading technology companies.
The government asked a Federal judge to vacate a disputed order forcing Apple to help the FBI break into the iPhone, saying it was no longer necessary. The court filing in the US District Court for the Central District of California provided no details about how the FBI did it or who showed it how.
The FBI is now reviewing the information on the iPhone, the Justice Department said in a statement. In response, Apple said in a statement that it will continue to increase the security of its products. While saying it will still provide some help to the government, "as we have done all along", the company reiterated its position that the government's demand was wrong. "This case should never have been brought," Apple said in its statement.
Both sides left important questions unanswered: Who showed the FBI how to break into iPhones? How did the government bypass the security features that Apple has invested millions of dollars to build into its flagship product? Are newer iPhones vulnerable to the same hacking technique? Will the FBI share its information with scores of state and local police agencies that have said they also need to break into the iPhones of criminal suspects? Will the FBI reveal to Apple how it broke its security? Did the FBI find anything useful on the iPhone?
The surprise development also punctured the temporary perception that Apple's security might have been good enough to keep consumers' personal information safe even from the government with the tremendous resources it can expend when it wants to uncover something.
The FBI used the technique to access data on an iPhone used by gunman Syed Farook (photo, right), who died with his wife in a gun battle with police after they killed fourteen people in San Bernardino, California, in December of 2015. The iPhone was found in a vehicle the day after the shooting; two personal phones were found destroyed so completely that the FBI could not recover information from them.
US Magistrate Sheri Pym of California last month ordered Apple to provide the FBI with software to help it hack into Farook's work-issued iPhone. The order touched off a debate, pitting digital privacy rights against national security concerns.
Apple was headed for a courtroom showdown with the government last week, until Federal prosecutors abruptly asked for a postponement so they could test a potential solution brought to them by a party outside of the government. Technical experts had said there might be a few ways an outsider could gain access to the phone, but the FBI insisted repeatedly until then that only Apple had the ability to override the iPhone's security. FBI Director James Comey said the bureau even went to the National Security Agency, which did not have the ability to get into the phone.
A law enforcement official said the FBI was successful in unlocking the iPhone over the weekend. The official spoke to reporters on condition of anonymity because he wasn't authorized to publicly comment. The official said Federal law enforcement would continue to aid its local and state partners with gaining evidence in cases, implying that the method would be shared with them.
First in line is likely Manhattan District Attorney Cyrus Vance, who told a House panel earlier this month that he has 205 iPhones his investigators can't access data from in criminal investigations. Apple is also opposing requests to help extract information from fourteen Apple devices in California, Illinois, Massachusetts, and New York.
The case drew international attention and highlighted a growing friction between governments and the tech industry. Apple and other tech companies have said they feel increasing need to protect their customers' data from hackers and unfriendly intruders, while police and other government authorities have warned that encryption and other data-protection measures are making it more difficult for investigators to track criminals and dangerous extremists.
Apple CEO Tim Cook had argued that helping the FBI hack the iPhone would set a dangerous precedent, making all iPhone users vulnerable, if Apple complied with the court order. Cook said Congress should take up the issue.
The withdrawal of the court process also takes away Apple's ability to legally request details on the method the FBI used in this case. Apple attorneys said last week that they hoped the government would share that information with them if it proved successful.
The encrypted phone was protected by a passcode that included security protocols: a time delay and self-destruct feature that erased the phone's data after ten tries. The two features made it impossible for the government to repeatedly and continuously test passcodes in what's known as a brute-force attack. Comey said with those features removed, the FBI could break into the phone in twenty minutes.
The official said the method used to unlock the phone appears to work on the iPhone 5C operating a version of iOS 9. In late 2014, Apple updated its operating system so the passcode is linked to the phone's overall encryption. The Cupertino, California-based company said that made it impossible for it to access data on the phone.
The Justice Department wouldn't comment on any future disclosure of the method to Apple or the public. The government's announcement was praised by Stephen Larson, a Los Angeles, California attorney who filed a brief in support of the Justice Department's case and represents seven families of those killed in the attack. "For this to have dragged out in court battles would not have served the interests of either" the victims or law enforcement, he said.
Alex Abdo, an attorney with the American Civil Liberties Union, which filed a brief supporting Apple in its case, said the case is far from settled and it was "just a delay of an inevitable fight" about whether the government can force a company like Apple to undermine the security of its products to facilitate an investigation.
Rico says they'll be back in court soon enough...

Eric Lichtblau has an article in The New York Times about that pesky iPhone:
A furious legal battle over digital privacy in the age of the iPhone ended with no clear winner, only lingering questions over what will happen the next time the government tries to force Apple to help break into one of its own phones.
The Justice Department announced that it had gotten what it wanted most immediately in the case of the San Bernardino, California terrorist attack: a way to unlock the iPhone used by one of the shooters to determine what evidence it might hold, even without Apple’s assistance.
That development forestalls a court ruling on the bigger legal questions that have been so hotly debated since the case erupted last month, when a judge in California ordered Apple to unlock the phone used by Syed Rizwan Farook. The legal debate in that state offered what many legal analysts saw as a powerful test case for the Justice Department to establish its position. But that verdict will now have to wait for another day.
“This might be a missed opportunity for the Justice Department,” said Eric Berg, a former federal prosecutor who now works on electronic surveillance cases at a private practice in Milwaukee, Wisconsin. “Having this whole debate muted by this solution is probably a little bit disappointing for them.”
Likewise, the development represented an uneven result for privacy advocates. They could claim some measure of victory, because Apple was able to hold to its position without giving in to the government, but an apparent flaw in Apple’s vaunted encryption protocols was worrisome.
“Unfortunately, this news appears to be just a delay of an inevitable fight over whether the FBI can force Apple to undermine the security of its own products,” said Alex Abdo, staff attorney for the American Civil Liberties Union.
The Justice Department did not say whether it would seek to use the method discovered for accessing the San Bernardino phone in any other cases. Law enforcement officials have said they have been locked out of dozens of other phones as a result of encryption safeguards, and the unlocking method, a tightly held secret at the FBI, could be valuable in many of those cases as well. But some law enforcement officials said it was too early to say anything about their ability to access other phones.
With the Justice Department moving to withdraw its motion forcing Apple’s cooperation in the San Bernardino case, Apple is still on the winning side in a separate but related case in federal court in Brooklyn, New York. In that case, United States Magistrate Judge James Orenstein, of the Eastern District of New York, ruled last month in a fifty-page opinion that the Justice Department was not entitled to force Apple’s cooperation in unlocking a drug dealer’s iPhone. He said that prosecutors were taking too broad a ruling of a 1789 statute known as the All Writs Act in seeking to secure Apple’s cooperation. The Justice Department is appealing his decision.
Berg, the Milwaukee lawyer, said that, although the San Bernardino fight might have ended without a court decision and a clear verdict, “this case has forced a national dialogue, and it really has brought this issue front and center. So the public won, in the sense that this issue is now being debated.”
In another article by Katie Benner and Eric Lichtblau in The New York Times:
The Justice Department said that it had found a way to unlock an iPhone without help from Apple, allowing the agency to withdraw its legal effort to compel the tech company to assist in a mass-shooting investigation. The decision to drop the case, which involved demanding Apple’s help to crack an iPhone used by Syed Rizwan Farook, a gunman in the December of 2015 shooting in San Bernardino, California that killed fourteen people, ends a legal standoff between the government and the world’s most valuable public company. The case had become increasingly contentious as Apple refused to help the authorities, inciting a debate about whether privacy or security was more important.
Yet law enforcement’s ability to now unlock an iPhone through an alternative method raises new uncertainties, including questions about the strength of security in Apple devices. The development also creates potential for new conflicts between the government and Apple about the method used to open the device and whether that technique will be disclosed. Lawyers for Apple have previously said the company would want to know the procedure used to crack open the smartphone, yet the government might classify the method. “From a legal standpoint, what happened in the San Bernardino case does not mean the fight is over,” said Esha Bhandari, a staff lawyer at the American Civil Liberties Union. She notes that the government generally goes through a process whereby it decides whether to disclose information about certain vulnerabilities so that manufacturers can patch them. “I would hope they would give that information to Apple so that it can patch any weaknesses,” she said, “but ,if the government classifies the tool, that suggests it may not.”
In a two-paragraph filing on Monday, the Justice Department said it had “now successfully accessed the data stored on Farook’s iPhone, and therefore no longer requires assistance from Apple.”
FBI investigators have begun examining the contents of the phone, but would not say what, if anything, they have identified so far. A senior Federal law enforcement official, who spoke on the condition of anonymity, said it was possible that law enforcement might not find anything useful on the phone.
The Justice Department also remained tight-lipped about how it was able to finally get into the smartphone after weeks of furious public debate.
A second law enforcement official, who spoke on the condition of anonymity to reporters in a conference call, said that a company outside the government provided the FBI with the means to get into the phone used by Farook, which is an iPhone 5C running Apple’s iOS 9 mobile operating system. The official would not name the company or discuss how it was accomplished, nor would officials say whether the process would ultimately be shared with Apple.
Melanie Newman, a spokeswoman for the Justice Department, signaled in a statement that the broader battle over access to digital data from devices was not over. “It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails,” Newman said. “We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors.” “This case should never have been brought,” Apple said in a statement, adding that it would continue to help with law enforcement investigations.
Given that the FBI may never tell Apple how it forced open the iPhone, the company also said that it would “continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated”.
The conflict between Apple and the government erupted openly last month when a federal magistrate judge in California ordered the Silicon Valley company to help unlock the smartphone used by Farook.
Apple’s chief executive, Timothy D. Cook, opposed the court order in a public letter, saying that “compromising the security of our personal information can ultimately put our personal safety at risk.” The resistance led to heated rhetoric from both sides in dueling court filings, and the issue spurred debates, even finding its way onto late night talk shows and dividing the public. Apple and the Justice Department had been due in court last week in Riverside, California, and the case was seemingly headed toward appeals and even the Supreme Court. Then last Monday, the Justice Department said it had been approached by a third party with a potential alternative method for cracking the iPhone.
The Justice Department’s cracking of the iPhone has implications for other cases that involve locked iPhones. Last month, a Federal magistrate judge in the Eastern District of New York refused to grant an order, requested by the government, that asked Apple to extract data from an iPhone used by a drug dealer in Brooklyn. The Justice Department is in the process of appealing that decision.
The Federal law enforcement official, who spoke on the condition of anonymity to reporters on Monday, said it was premature to say whether the method it used to open the phone in the San Bernardino case could be used on phones in other cases. The phone in the Brooklyn case was an iPhone 5S running iOS 7 mobile software.
“Courts should be skeptical going forward when the government claims it has no other option besides compelling a device maker’s assistance,” said Riana Pfefferkorn, a cryptography fellow at the Stanford Center for Internet and Society. “Now that the FBI has accessed this iPhone, it should disclose the method for doing so to Apple,” she added. “Apple ought to have the chance to fix that security issue, which likely affects many other iPhones
Matt Zapotosky has yet another article in The Washington Post about the FBI and Apple:
The Justice Department is abandoning its bid to force Apple to help it unlock the iPhone used by one of the shooters in the San Bernardino, California terrorist attack because investigators have found a way in without the tech giant’s assistance, prosecutors said in a court filing.
In a three-sentence filing, prosecutors wrote that they had “now successfully accessed the data” stored on Syed Rizwan Farook’s iPhone and that they consequently no longer needed Apple’s court-ordered help getting in. The stunning move averts a courtroom showdown pitting Apple against the government and privacy interests against security concerns that many in the tech community had warned might set dangerous precedents.
It is unclear how, precisely, investigators got into the phone, or what FBI agents learned about the plot from the materials they were able to review. On the eve of a hearing in the case last week, the FBI signaled it might have found a way into Farook’s iPhone, writing in a court filing that “an outside party demonstrated to the FBI a possible method”. But government officials said they wanted to test that method further before employing it in Farook’s case, and they did not offer details about who proposed it or how it would work.
The Justice Department declined to comment. In a statement, Apple said: “From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone, because we believed it was wrong and would set a dangerous precedent. As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.”
The government will now be left to decide whether it will outline the method to Apple in keeping with a little-known process in which Federal officials are supposed to consider disclosing security vulnerabilities they find.
Michael Daniel, special assistant to the President and cybersecurity coordinator, wrote in a White House blog post published in April of 2014 that “disclosing vulnerabilities usually makes sense,” given how much people rely on the Internet and connected devices. “But there are legitimate pros and cons to the decision to disclose, and the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time can have significant consequences,” Daniel wrote. “Disclosing a vulnerability can mean that we forgo an opportunity to collect crucial intelligence that could thwart a terrorist attack, stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks.”
Agents and prosecutors were focused for now on the San Bernardino case, and no decision had been made on disclosing the vulnerability, said a Federal official who spoke on the condition of anonymity because the investigation is ongoing.
Mark Bartholomew, a professor at SUNY Buffalo Law School who specializes in intellectual property and technology law, said he expected Apple would fight to learn about it so the company could fix the problem. “They’re going to pursue this in the courts, and I don’t know where this will end up,” he said.
Farook and his wife, Tashfeen Malik, were killed in a shootout with police after they launched an attack that killed fourteen people at the Inland Regional Center in San Bernardino, California in December of 2015. Prosecutors have said their neighbor, Enrique Marquez Jr., was involved in terrorist plots and had discussed with Farook possibly targeting a nearby community college and highway. He is facing charges in Federal court.
The bid to access Farook’s phone was meant to further the FBI’s investigation, though it was controversial from the start. The Justice Department obtained a court order compelling Apple’s assistance under the All Writs Act, a centuries-old law that gives courts the power to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”
David Bowdich, assistant director in charge of the FBI’s Los Angeles, California field office, said in a statement: “We promised to explore every investigative avenue in order to learn whether the San Bernardino suspects were working with others, were targeting others, or whether or not they were supported by others. While we continue to explore the contents of the iPhone and other evidence, these questions may not be fully resolved, but I am satisfied that we have access to more answers than we did before and that the investigative process is moving forward.”
If allowed to stand, the order in Apple’s case would have forced company engineers to create software to disable a phone security feature so that the FBI could try its hand at unlocking the device by cracking a numeric password. Apple quickly resisted, arguing that forcing it to create such software would violate the company’s constitutional rights and weaken privacy for users around the world.
Federal prosecutors and the FBI had sought to characterize the dispute as limited to only Farook’s phone, though FBI Director James B. Comey acknowledged that it could set a precedent if the government won. They argued that Apple, which creates its software, was the only party that was in a position to help.
Monday’s filing squarely contradicts that claim, although Federal authorities have said someone came forward with the new technique only after the FBI began its high-profile legal battle with Apple. Neither side backed down from its arguments but, with Monday’s filing, a legal resolution will remain on hold. That means it might take another case to determine to what extent the All Writs Act permits a court to order a company to provide technical assistance in unlocking encrypted devices.
Aaron Levie, co-founder and chief executive of cloud-computing company Box, which filed a legal brief supporting Apple’s case, said he didn’t see a winner in the FBI’s decision to withdraw the case. “I can’t anoint any winner,” he said in an interview. “This entire experience has brought to the fore a much bigger problem that remains unresolved.”
Bartholomew, the law professor, said Congress might even be spurred to weigh in. The technique the government found to get into the phone, though, might see immediate re-use. In a court filing last week, Apple told a fFderal judge that if the solution worked, it wanted to see if it could also be used to unlock an iPhone used by a drug dealer in a Brooklyn case, and thus eliminate the need for the company’s help there. Notably, the two phones run on different operating systems, Farook’s on iOS 9 and the drug dealer’s on the older iOS 7. Apple has previously extracted data from locked phones running older operating systems.
A Federal official said the new technique has been demonstrated to work only on iOS 9, though Apple has said in previous court filings that it would like to test that claim.
The BBC has yet another article about the case:

The FBI has managed to unlock the iPhone of the San Bernardino gunman without Apple's help, ending a court case, the Justice Department says.
Apple had been resisting a court order issued last month requiring the firm to write new software to allow officials to access Syed Rizwan Farook's phone.
But officials on Monday said that it had been accessed independently and asked for the order to be withdrawn.
Farook (photo, right) and his wife (photo, left) killed fourteen people in San Bernardino, California, in December of 2015. They were later shot dead by police.
The FBI said it needed access to the phone's data to determine if the attackers worked with others, were targeting others and were supported by others.
Officials said Farook's wife, Tashfeen Malik, had pledged allegiance to the so-called Islamic State on social media on the day of the shooting.
Last week, prosecutors said "an outside party" had demonstrated a possible way of unlocking the iPhone without the need to seek Apple's help. A court hearing with Apple was postponed at the request of the Justice Department, while it investigated new ways of accessing the phone. At the time, Apple said it did not know how to gain access, and said it hoped that the government would share with them any vulnerabilities of the iPhone that might come to light.
Apple's CEO Tim Cook said, in the BBC's usual unbloggable video: ''We have a responsibility to help you protect your data."
A statement by Eileen Decker, the top Federal prosecutor in California, said investigators had received the help of "a third party", but did not specify who that was. Investigators had "a solemn commitment to the victims of the San Bernardino shooting", she said. "It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with co-operation from relevant parties, or through the court system when co-operation fails," the statement added.
Responding to the move, Apple said: "From the beginning, we objected to the FBI's demand that Apple build a backdoor into the iPhone, because we believed it was wrong and would set a dangerous precedent. As a result of the government's dismissal, neither of these occurred. This case should never have been brought." The company said it would "continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated".

Analysis by Dave Lee, North America technology reporter for the BBC:
The court case that had the American technology industry united against the FBI has, for the time being, gone away.
Now this debate moves into more uncertain territory. The government has knowledge of a security vulnerability that, in theory, weakens Apple devices around the world. To protect its reputation, Apple will rush to find and fix that flaw. Assuming it can do that, this row is back to square one.
Therefore Apple has called for the matter to remain part of the "national conversation", while the Department of Justice says it will still try to use the courts to compel Apple and other phone makers to help with future investigations.
An Israeli newspaper last week reported that data forensics experts at cybersecurity firm Cellebrite, which has its headquarters in Israel, are involved in the case.
Cellebrite told the BBC that it works with the FBI, but would not say more.
Its website, however, states that one of its tools can extract and decode data from the iPhone 5C, the model in question, among other locked handsets.
The court order had led to a vigorous debate over privacy, with Apple receiving support from other tech giants including Google, Microsoft, and Facebook.
FBI Director James Comey said it was the "hardest question" he had tackled in his job. However, he said, law enforcement saved lives, rescued children and prevented terror attacks using search warrants that gave it access to information on mobile phones.
Rico says the joke will be when they download nothing of value from the iPhone...

No comments:

 

Casino Deposit Bonus