Apple vs FBI: Popcorn time

This is getting funny.

Common Software Would Have Let FBI Unlock Shooter’s iPhone
The county government that owned the iPhone in a high-profile legal battle between Apple Inc. and the Justice Department paid for but never installed a feature that would have allowed the FBI to easily and immediately unlock the phone as part of the terrorism investigation into the shootings that killed 14 people in San Bernardino, California.

If the technology, known as mobile device management, had been installed, San Bernardino officials would have been able to remotely unlock the iPhone for the FBI without the theatrics of a court battle that is now pitting digital privacy rights against national security concerns.

So the county was paying for a service that would have gotten the FBI into the phone and cloud, but never bothered installing it. Instead, they screwed up and reset the cloud password, locking themselves out of what they want. Then they went to a federal judge and lied about how it happened.

And the judge ordered Apple to fix everyone else’s mistakes.

Did I miss anything?

The story changes

When last we visited the FBI iPhone fiasco, it appeared that some county IT guy changed passwords on the phone all on his own, while the evidence was in FBI custody. Today…

San Bernardino Shooter’s iCloud Password Reset With FBI Consent, Agency Says
“Since the iPhone 5C was locked when investigators seized it during the lawful search on December 3rd, a logical next step was to obtain access to iCloud backups for the phone in order to obtain evidence related to the investigation in the days following the attack,” said the FBI statement.

The FBI added it worked with county technicians to reset the iCloud password on December 6, which differed from court filings made by the Justice Department that said “the owner [San Bernardino County Department of Public Health], in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup.”

So the guy wasn’t working alone. The FBI wanted it. And they screwed up.

Apple: Investigators ruined best way to access terrorist data
According to senior Apple executives on Friday, the FBI might have been able to obtain data from an iPhone 5C belonging to Syed Farook, one of the San Bernardino terrorists, by connecting it to a familiar Wi-Fi network and having it create a new backup on Apple’s iCloud service.

The idea was foiled, the executives say, because the password to the terrorist’s iCloud account was reset shortly after the FBI took possession of the phone. That meant iCloud and the iPhone couldn’t recognize each other, the executives said.

So, as this is now being reported, we have two issues. First, the Feds lied in their brief to the court. My guess is that they thought admitting that they screwed up might cause the judge to question whether that imposed an obligation on Apple to create a whole new forensic/surveillance tool.

Second, do we really want to give that to bumblers who bungled somthing so basic?

Glad I’m not that guy

So how did the FBI/Apple kerfluffle really start?

San Bernardino Shooter’s iCloud Password Changed While iPhone was in Government Possession
The filing states, “the owner [San Bernardino County Department of Public Health], in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup.”
[…]
The auto reset was executed by a county information technology employee, according to a federal official. Federal investigators only found out about the reset after it had occurred and that the county employee acted on his own, not on the orders of federal authorities, the source said.

 

Questions, questions.

  • If he changed the password to access information, why isn’t the FBI rubber-hosing the password out of him?
  • What information did this guy suddenly need when the Feds took the phone?
    • Was he merely curious?
    • Did he not realize the Feds would notice?
    • Was he looking for incriminating information?
    • If so, why not leave it to LE?
  • If there was incriminating data he knew about, what kind? Was he an accomplice in the attacks, or merely lower level county corruption?

Seriously. At the very least, he had to realize resetting the password on evidence in a federal investigation would be felony “impeding an investigation.” At a minimum, he had to know he’d be suspected as an accomplice in a terrorist attack. What did he need to see so badly to make it worth the obviously inevitable consequences?

If he was deliberately hiding something, what could be worse than a definite felony, and being a terrorist suspect for the rest of his life? At best.

Maybe he really is just a curious dumbass with an IQ lower than whale shit. He is (was?) a government employee, after all.

Look, either the guy knew the new password, or he deliberately randomized it to keep investigators out. If the first, the Feds shouldn’t be making demands of Apple.

In related news:

DOJ would allow Apple to keep or destroy software to help FBI hack iPhone
The Obama administration told a magistrate judge Friday it would be willing to allow Apple to retain possession of and later destroy specialized software it was ordered to create to help federal authorities hack into the encrypted iPhone belong to Syed Rizwan Farook.

 

Looks like someone finally took cognizance of the point I’ve been making: Letting the Feds get that FBiOS is dangerous. I’ve said all along that the correct way to do this would have been to turn the phone over to Apple for forensic extraction. They unlock it, then return the unlocked phone without the security breaking code installed to the Feds.

The FBI absolutely should never get their dirty paws on the countdown bypassing and remote access code. They can’t be trusted.