The fallout from the standoff between Apple and the FBI in the San Bernardino case continues. Following the introduction of one bipartisan bill in the House of Representives in February, seeking to protect encryption against any state-level legislation that might compromise it, a new bill has now been introduced in the Senate ,,,
Something that has been bugging me for some time is that my iPhone, normally unlocked with Touch ID, asks for my passcode way more often than it ought to. That mystery has now been solved by a bullet-point that Apple added to its iOS Security Guide earlier this month – though the behavior has been there a lot longer.
Previous versions of the document said that iOS devices should only ask Touch ID users for their passcode in one of five circumstances. I found I was frequently asked for my passcode when none of these applied, but a sixth, recently-added bullet-point explains it …
Even though the FBI’s battle with Apple over the San Bernardino iPhone is essentially over, FBI director James Comey today explained that the case is just the beginning of litigation over accessing smartphones and other devices. As reported by Reuters, Comey explained that there will be more litigation between the FBI and manufacturers over accessing locked devices, noting that encryption is “essential tradecraft” of terrorist groups.
Reuters is reporting that Apple CEO Tim Cook will visit China later in May to meet with government officials and address current tensions between Apple and China, seen by many as the main driver of revenue growth for the company going forward.
Apple has faced some significant setbacks in China in the last few weeks. The company has had to stop selling iBooks and iTunes Movies in the region following new governmental policy that restricts online publishing. Apple also ceded exclusive rights to the iPhone trademark after losing a court case, although it plans to appeal.
LAPD detectives have successfully hacked into a locked iPhone 5s despite the phone having a Secure Enclave, according to an LA Times report.
Los Angeles police investigators obtained a method to open the locked iPhone belonging to the slain wife of “The Shield” actor Michael Jace, according to court papers reviewed by The Times.
LAPD detectives found an alternative way to bypass the security features on the white iPhone 5S belonging to April Jace, whom the actor is accused of killing at their South L.A. home in 2014, according to a search warrant filed in Los Angeles County Superior Court.
More intriguingly still, this appears to have occurred during the time that the FBI was still demanding that Apple help it unlock the less secure iPhone 5c in the San Bernardino shooting case …
For the first time in a federal case, a suspect has been ordered to use her fingerprint to unlock her iPhone using Touch ID. The LA Times reports that a federal judge signed a warrant allowing the FBI to compel a suspect in an identity theft case to to unlock the phone just 45 minutes after her arrest.
Authorities obtained a search warrant compelling the girlfriend of an alleged Armenian gang member to press her finger against an iPhone that had been seized from a Glendale home […]
In the Glendale case, the FBI wanted the fingerprint of Paytsar Bkhchadzhyan, a 29-year-old woman from L.A. with a string of criminal convictions who pleaded no contest to a felony count of identity theft.
The warrant is consistent with a 2014 case where a Virginia District Court ruled that while passcodes are protected by the 5th Amendment right against self-incrimination, fingerprints are not. Legal experts, however, have differing views …
The FBI has decided it will not divulge the details of how it successfully hacked into the San Bernardino iPhone to Apple, having found a method at the last-minute just hours before going to court in late March. However, in an attempt to appear helpful and cooperative, the FBI gave Apple its first security tipoff under the Vulnerability Equities Process this month.
Reuters reports the FBI informed Apple of a security flaw affecting iOS and Mac software on April 14th, as part of a process that balances the needs of law enforcement to hack devices and the needs of manufacturers to patch found flaws before criminals can use them …
Speaking to a security conference in London today, FBI director James Comey suggested that the agency paid more than $1 million for the iPhone 5c exploit used to unlock the San Bernardino shooter’s device last month. NBC News reports that Comey didn’t explicitly reveal the price of the hack, but instead hinted at its price based on his salary:
Just a day after a prominent legal expert described the proposed anti-encryption Burr-Feinstein bill as unconstitutional, unenforceable and harmful, Apple has called the proposal ‘well-intentioned but ultimately unworkable.’
The description is in an open letter from the Reform Government Surveillance coalition, of which Apple is a key member, alongside companies such as Google, Dropbox, Facebook, Microsoft and Twitter. The letter, addressed to the two Senators behind the proposed bill, explains why it would be harmful to the interests of both the U.S. people and American businesses …
CNN today reports that while the FBI did not find anything new on the San Bernardino iPhone 5c that it unlocked without Apple’s help, it has “produced data the FBI didn’t have before.” Essentially, not finding anything new on the device is what the FBI needed to know in order to answer some of its remaining questions regarding the case.
It was announced last week that Apple would once again face off against the FBI in Congress this week after its previous testimony over the FBI’s request in the San Bernardino gunmen case. During the hearing today, which was entitled “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives,” Apple’s General Counsel Bruce Sewell continued to defend the need for strong user encryption. He also clarified, however, that Apple has refused requests from China for source code.
While the FBI abandoned its court case against Apple, the dispute of course still rumbles on in Congress, with hearings today and a proposed bill to force U.S. tech companies to break encrypted devices on demand. But at least one legal expert thinks the Feinstein-Burr bill is deeply flawed, arguing that it is unconstitutional, unenforceable and would harm U.S. investigative capabilities.
And not just any legal expert: you can’t really ask for better credentials in this area than those of Paul Rosenzweig.
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company [and] formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Distinguished Visiting Fellow at the Homeland Security Studies and Analysis Institute. He also serves as a Professorial Lecturer in Law at George Washington University [and] a Senior Editor of the Journal of National Security Law & Policy.
In a blog post on Lawfare, Rosenzweig sets out the three problems he sees with the Feinstein-Burr bill …
Apple had published its latest Transparency Report on Government Information Requests, covering the second half of last year. It revealed that it received over 30,000 requests last year, and complied with up to 82% of them. It is not allowed to specify the exact number of National Security Requests, but says they fell into the 1250-1499 band.
Apple breaks down the numbers by country, region and type of request. It says that most fall into what it terms device requests. Apple’s compliance here ranges from 52% in EMEA (Europe, Middle East, Africa) and India, to 80% in the USA.
The vast majority of the requests we receive from law enforcement relate to information about lost or stolen devices, and we report these as device requests. Device requests may include requests for customer contact information provided to register a device with Apple or the date(s) the device used Apple services. We count devices based on the individual serial or IMEI numbers related to an investigation. We encourage any customer who suspects their device is stolen to contact their local law enforcement agency.
Of perhaps greater interest are account requests, where the government is asking for information ranging from names and addresses to copies of iCloud backups …
In what feels like a never-ending battle, Apple and the FBI will once again testify in Congress next week regarding encryption. Reuters reports that Apple general counsel Bruce Sewell and FBI executive assistant director Amy Hess will testify on separate panels before House Energy and Commerce subcommittee next Tuesday, April 19th.
A proposed law that would force Apple and other tech companies to decrypt devices for law enforcement agencies has reached the stage of a draft bill – but one Senator has vowed to filibuster it. A filibuster is when a parliamentarian makes a lengthy, uninterrupted speech which results in running out of time to debate the bill, causing it to fail.
The Senate Intelligence Committee first proposed to introduce the bill in February, and the FBI lent its support by briefing two sponsoring senators. However, many lawmakers oppose the bill, and it has been reported that the White House will not publicly support it.
The Verge now reports that one senator has pledged to filibuster the bill if it gets as far as a Senate debate …
The FBI has so far been ambivalent about whether or not it will reveal to Apple the method used to access the San Bernardino iPhone, but a Reuters report suggests that the agency may not even know – or have the legal right to disclose it if it does.
The Washington Post reported yesterday that it was freelance hackers, and not Cellebrite, who sold the FBI the tool used to access the phone. But the group may not have revealed the vulnerability on which it was based, and the government process that decides which vulnerabilities to share with companies does not apply in this case …
Unnamed sources cited by the Washington Post contradict the widely-held belief that it was Israel-based mobile forensics company Cellebrite which helped the FBI hack into the locked San Bernardino iPhone. The report say that the agency was instead approached by a group of freelance hackers who revealed an iPhone passcode vulnerability to the FBI in return for a one-time fee.
The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter […]
The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution …
The WSJ has illustrated the stark contrast in Apple’s attitude to assisting law enforcement to access iPhones before and after the Snowden revelations about mass surveillance of private data. It was already known that Apple had helped access more than 70 pre-iOS 8 iPhones, and the paper today reports that – in the earliest known case – the company went as far as drafting the language for the court order.
Lawyers and investigators involved in the 2008 prosecution of Amanda and Christopher Jansen, a young married couple from Watertown, N.Y., remember it as one of the most horrific cases of child sex abuse they had ever seen.
History may remember it for another reason. It is believed to be the first case of a federal judge ordering Apple to assist the government in unlocking an iPhone—and the technology giant not only complied; it helped prosecutors draft the court order requiring it to do so …
It has been widely speculated that the method used by the FBI to access the San Bernardino iPhone might not work with phones that have the Secure Enclave, and this has now been effectively confirmed. FBI director James Comey told CNN that the method doesn’t work with the latest iPhones.
The FBI director also said the purchased tool worked only on a “narrow slice of phones” that does not include the newest Apple models, or the 5S.
This fact also lends support to the main theory about how the hack was performed …
The White House will not be supporting draft legislation that would allow courts to force tech companies like Apple to help law enforcement hack into encrypted devices, reports Reuters.
The Senate Intelligence Committee in February announced plans to impose criminal penalties on companies that fail to comply with court orders like the one challenged by Apple and finally withdrawn by the FBI. Remarks by President Obama last month appeared to suggest he would support the proposed legislation, but it now appears this isn’t the case …
Just over a week ago, the FBI revealed that it had successfully unlocked the iPhone 5c used by one of the San Bernardino gunmen without the help of Apple. To this day, the FBI has not publicly disclosed the method it used to gain access, and it’s unclear if it ever will. The National Journal, however, reports today that the FBI has been briefing members of the Senate on how it was able to gain access to the locked iPhone.
Many were skeptical that the work iPhone at the centre of the San Bernardino controversy would prove in any way useful to the FBI given that the shooters left it untouched while destroying their personal phones, and so far that skepticism seems justified. Despite having had access to all the data on the phone for more than a week, the FBI has apparently not yet found anything of value.
The American Civil Liberties Union has accused the FBI of gambling with cybersecurity by failing to disclose to Apple the method used to access the San Bernardino iPhone, reports the WSJ.
Chris Soghoian, principal technologist at the ACLU, said the FBI is facing “a million-dollar question, and really what it comes down to is, does the FBI prioritize its own surveillance needs, or does it prioritize cybersecurity.’’
The longer the FBI keeps the security flaw to itself, he said, “the more they are gambling that no other entity will discover this flaw.’’
A former FBI official said that the agency’s decision on whether or not to reveal the method would likely depend on how many iPhone models it is able to unlock …