FBI's Own Actions Likely Made Farook's iPhone Data Inaccessible
from the oops dept
On Friday, we noted that one of the reasons that the FBI was unable to get access to the data on the remaining iPhone from Syed Farook was because after the shooting and after the phone was in the hands of the government, Farook's employer, the San Bernardino Health Department, initiated a password change on his iCloud account. That apparently messed stuff up, because without that, it would have been possible to force the phone to backup data to the associated iCloud account, where it would have been available to the FBI. But, after we published that article, a rather salient point came out: the Health Department only did this because the FBI asked it to do so.From a San Bernardino County Twitter account:
The County was working cooperatively with the FBI when it reset the iCloud password at the FBI's request.
— CountyWire (@CountyWire) February 20, 2016
In short: a big reason why the FBI can't get the info it wants is because of an action taken... by the FBI.
Apple has also provided further information on this, showing how it was perfectly willing to cooperate in reasonable ways with the FBI -- but that it was the FBI that messed things up:
The Apple executive told reporters that the company’s engineers had first suggested to the government that it take the phone to the suspect’s apartment to connect it to the Wi-Fi there. But since reporters and members of the public had swarmed that crime scene shortly after the shootings occurred, it was likely that any Wi-Fi there had been disconnected. So Apple suggested the government take the phone to Farook’s former workplace and connect the phone to a Wi-Fi network there.Two interesting points in there: first, do you remember how there was all this discussion about the insane media scrum that ransacked Farook's house? And lots of people pointed out that useful evidence may have been harmed by it. At the time, the FBI insisted they were all done with the house, but it appears that may have been part of the reason why they couldn't get the backup.
The executive said that Apple walked the government through the entire process to accomplish this, but the government came back about two weeks later and told Apple that it hadn’t worked.
Apple didn’t understand why it had not worked—until the company learned that sometime after the phone had been taken into the custody of law enforcement, someone had gone online and changed the Apple ID that the phone uses to conduct backups.
The second is that Apple had not revealed this tidbit earlier. The company explained that it had felt that its conversations with the government had been confidential until the FBI revealed this detail in the totally unexpected Motion to Compel it filed Friday. It appeared that the FBI was so eager to push its PR stunt that it filed the document (which it had no reason to file), and then revealed even more of its own bungling in this particular case.
Whether intentional or not, this is only going to add support to people who say that the FBI doesn't actually care what's on the phone, but wanted to be able to go after the data in this case because they knew they could set a precedent in a case where their argument will generate the most sympathy. Remember, back in September, after the Intelligence Community lost the fight to get a law banning strong encryption, intelligence officials said out loud that they'd just wait until the next terrorist attack:
Although “the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”Two months later, you get a "terrorist attack" (or a workplace dispute that can be painted as a terrorist attack) and a sorta, kinda encrypted phone, and voila. Just what the intel community asked for. It would be crazy to suggest that any of this was done on purpose -- it's almost certainly a bit of convenience for the intel and law enforcement communities. But the fact that the FBI directed the Health Department to change the password, and that's part of the reason they're now locked out, really raises some questions about what the FBI's priorities were here. It also raises a separate question of whether or not companies should be forced to hack their own system in cases where the FBI's own bungling was responsible for the loss of information. But, really, that's a minor point, given that the DOJ wants that power even in cases where the FBI didn't mess things up itself.
There is value, he said, in “keeping our options open for such a situation.”
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, fbi, icloud, password reset, san bernardino county, syed farook
Reader Comments
Subscribe: RSS
View by: Time | Thread
Wash rinse repeat
[ link to this | view in thread ]
Front door
[ link to this | view in thread ]
1. NO, it is NOT crazy, it is -in fact- wise and prudent to consider the eee-vil gummints and their minions HAVE DONE... REPEAT, HAVE DONE, not think they might have done, might could have done, might maybe, but HAVE DONE...
look up 'false flags' and i'm betting approx 90%+ of the kampers would be horrified to realize the number of so-called 'terrorist' attacks which HAVE BEEN perpetrated by 'their own' gummints...
we REGULARLY get a steady diet of made-up terrorist conspiracies TOTALLY the handiwork of the feebs, taking -literally- retarded people and setting them up as 'terrorists' who never were...
2. the second part is almost more damning: it is expected that the purpose in life of us 99% is to provide a convenient method for the goons of the state to jack us up... its just become so messy and inconvenient to railroad us under normal circumstances...
[ link to this | view in thread ]
Re: Front door
We're seeing exceptional brilliance in digital incompetence, after all.
[ link to this | view in thread ]
[ link to this | view in thread ]
Password change was intentional then?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
I just realized that the FBI is run by the same executive board that runs the company I work for.
[ link to this | view in thread ]
Crime scene
So, noone protected the crime scene.. why exactly?
[ link to this | view in thread ]
This is very simple, actually
[ link to this | view in thread ]
How Ironic
So what they're saying is that, for a time, Apple was even respecting the government's privacy? Now that the cat's out of the bag on that one, I wonder how much it stings to have your private details encroached on...
[ link to this | view in thread ]
For an alternative conspiracy theory...
href="http://www.cringely.com/2016/02/19/the-fbi-v-apple-isnt-at-all-the-way-you-think-it-is/" http://www.cringely.com/2016/02/19/the-fbi-v-apple-isnt-at-all-the-way-you-think-it-is/
Not that I'm buying into that argument. It would be too hard to avoid a bit-trail.
[ link to this | view in thread ]
Re: For an alternative conspiracy theory...
[ link to this | view in thread ]
[ link to this | view in thread ]
I expected better from Techdirt.
[ link to this | view in thread ]
Admissible evidence
[ link to this | view in thread ]
Re: Admissible evidence
[ link to this | view in thread ]
Response to: Anonymous Coward on Feb 22nd, 2016 @ 4:56am
[ link to this | view in thread ]
Re:
White Christian guy shoots up a church = not terrorism
Muslim shoots up workplace = terrorism
I may as well state for the record that I'm a White Christian Guy. But it does seem like the T-word only gets rolled out for a certain other faith.
[ link to this | view in thread ]
Re: Response to: Anonymous Coward on Feb 22nd, 2016 @ 4:56am
I expected better from Techdirt.
I too didn't realise that Techdirt had sunk so far into the politically correct universe that they would parrot that line.
Listen - if anything the San Bernardino attack was more "a terrorist attack that was initially painted as a workplace dispute" than the other way around. The reason for that seems to be largely political correctness - perhaps driven by reluctance to admit the reality of Islamic terrorism - given the religious affiliations of some members of teh presidents extended family.
HOWEVER
This is not the area of Techdirt's expertise. The clue is in the name.
On the substantive issues relating to technical security policy Techdirt is pretty much spot on - if you want to know about Islamic Terrorism go to exmna.org.
[ link to this | view in thread ]
Re: Re:
Muslim shoots up workplace = terrorism
I may as well state for the record that I'm a White Christian Guy. But it does seem like the T-word only gets rolled out for a certain other faith.
Read the Islamic scriptures and compare to the Bible - and you will see that there might be a reason for that.
[ link to this | view in thread ]
Re: Re: Re:
So when James Eagan Holmes shot up a theater in Aurora, Colorado, killing 12 and hurting 70, but was not a Muslim, that it why it was not called a terrorist attack.
[ link to this | view in thread ]
Re:
The constant failure to understand that the 1st evil of any great concern in any nation is the Government where 'power' attracts these evil humans like a SUPER MAGNET. There is an endless debate on if this evil is necessary and how much power it needs to have.
Government has plagued and murdered their own citizens more than ALL of the WARS of Humanity Combined!
Hanlon was a fool... when viewing government through the scope of Wisdom, one MUST assume that malice is indeed present because there are mountains upon mountains of rules to follow that those humans constantly seek to avoid, subvert, or corrupt. There is an endless parade of people asking the government to save them, there is an endless parade of officials saying we must take your liberty away to protect you.
Vigilance must be Eternal and only a FOOL trusts theirs or ANY government!
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
Terrorism is by definition an attack in the furtherance of a cause.
James Egan Holmes had no cause - and promoted no political or religious agenda.
When white westerners commit attacks in the furtherance of a cause - eg the IRA - then it is rightly called terrorism.
When Jews commit attacks in furtherance of a cause eg the King David Hotel or the killing of Rabin then it IS called terrorism.
If a muslim commits a murder and doesn't make any claim that it is religiously motivated then we don't call it terrorism.
However in the recent cases of islamic terrorism the perpetrators have generally said themselves that their actions were motivated by ideology. When we call it terrorism we are simply believing what they say.
[ link to this | view in thread ]
Re: Admissible evidence
If they think there are co-conspirators, then the phones they want to be searching are the personal ones that the perpetrators destroyed. They didn't destroy this one because why?
[ link to this | view in thread ]
Re: Re:
Not true - remember the IRA, the "Red Army Faction" and many others.
If you look at this list https://en.wikipedia.org/wiki/List_of_designated_terrorist_groups
you will see a plurality of different faiths and ideologies represented - particularly if you look at the list of former terrorist organisations.
However you are right that one group seems to be over represented. IF that is the case one should not assume - as you seem to be doing - that somehow WE must be perpetrating an unfairnness towards them.
In a game of football (soccer in the US) if one team gets more red and yellow cards than the others it doesn't have to indicate that the referees are biased - it might just be that they genuinely don't play fair.
[ link to this | view in thread ]
Every time I hear more about this case...
Every time I hear more about this case, I'm more convinced that it's purely a setup to get precedent. Now we get evidence that locking out the phone was caused by the FBI themselves, raising the question of it was intentional just to get their precedent. The only way this could get MORE egregious is if we found a wire transfer from James B. Comey to Farook's family.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Front door
[ link to this | view in thread ]
Re: Wash rinse repeat
[ link to this | view in thread ]
Re: Re:
(Perhaps) unfortunately the answer to your first question is "Yes" and to the second "quite a lot actually."
Take Libya for example. Unquestionably Gaddafy was one of those evil humans attracted by the super magnet of power, and undoubtedly he plagued and murdered his citizens as intensely as any government anywhere.
However would you really prefer to live in the Libya of today to Libya under Gaddafy?
[ link to this | view in thread ]
Re: Re: Re:
The American war of independence being an excellent example.
[ link to this | view in thread ]
Re: Re:
A guy pissed off at Christians for being uppity snobs or whatever isn't shooting them for any other reason except anger. He doesn't have a grand political agenda, he just wants to harm as many of them "f---ing christians" as he can get away with before the police stop him. People won't stop going to church as a result of an idiot like this, they won't change their lives.
Terrorism isn't about that personal anger (although the targets may be personal). It's more about advancing a common goal, where your goal is to eliminate as many of the infidels as possible, knowing that the next brave jihadist will be there to take out the next wave behind you after you die. It's the reason why terrorists don't have a problem strapping a bomb to themselves or dying in the process of harming others. For them, they are doing their part in a much greater, much more longer term set of goals.
Terrorism is about making you believe that another one is just around the corner, they you shouldn't do this or go there because you might get hurt or die in the next attack.
White guys shootup up a church (or a dozen people between Uber clients) are not doing thing to terrorize you, they just plain want to kill you. They have not part of a big movement to eliminate your country. They aren't sworm to kill every infidel. They are only there for the cheap thrill of making someone else suffer for their lack of (insert missing thing here).
To dismiss this case as "workplace violence" is to miss the point entirely. I guess is just doesn't play into the narrative. Perhaps you need more cowbell, or maybe a few more mentions of David Bowie's legacy.
[ link to this | view in thread ]
Could it be, by any chance ....
[ link to this | view in thread ]
I don't hear anything in all this about the destroyed phones. Not a peep about recovery from those. It's only the one with the encryption on it that is being drummed. That tells you there is method behind the madness.
Congress is in no mood to pass the law requiring encryption be broken with a back door and Silicon Valley doesn't want to hear it either. John Mcaffee offered to break the encryption with his hacker team. Where is the FBI in taken up that offer? Nope this one has a reason.
http://www.bloomberg.com/news/articles/2016-02-19/secret-memo-details-u-s-s-broader-strategy-to-crac k-phones
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Back to what? They reset it because they didn't know it. If they knew the password they would have just typed it in.
[ link to this | view in thread ]
Re:
There actually in information out there about the destroyed phones. They were destroyed. No data is recoverable from them.
(none of this is relevant to the matter at hand, which is "should the FBI be given a precedent to force private companies to hack their products?" Which, any reasonable person should realize is a resounding "NO!")
[ link to this | view in thread ]
Re: This is very simple, actually
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
1. They were both very religious muslims and had visited Saudi Arabia several times for religious reasons including a recent visit.
2. They were found to have a large arsenal of weapons and home, including bomb making equipment (apparently they attempted unsuccessfully to detonate a bomb during the attacks.)
3. Farook's father has been reported as saying that his son had expressed sympathy for ISIS. (however this has later been denied by Islamic organisations in the US (But then Mandy Rice-Davies applies there)
Given that religious muslims regard the whole of their lives as being controlled by the religion it is difficult to see how the attacks could have been unrelated to it.
Given the degree of preparation it is difficult to see how this could have been a spur of the moment incident.
Of course it might have been both a workplace incident and a terrorist one at the same time - since the only disputes they seemed to have at the workplace were about religion.
[ link to this | view in thread ]
Re: Re: Response to: Anonymous Coward on Feb 22nd, 2016 @ 4:56am
So you're saying that the attack was terroristic because Political Correctness? And if this was a "terrorist attack", would you be so kind as to point out the "instill terror" aspect of it that was not of our own creation? You're quaking in fear, perhaps, that "someone else, anyone else" might do something similar. But that's all you, baby. Can you name the religious or political goal that the attack furthered?
See, that's the problem with "lone gunmen" (even if they come in pairs or groups)... The results are sometimes indistinquishable - in terms of lives lost, property destroy, etc - from those of groups that have an articulable agenda. Furthering their goals, though, requires a terrorist group to outlive the attack.
And that's why the FBI is so desperate for something, anything, that can make this more than just one person saying "I want to kill a bunch of people and get my name in the papers."
[ link to this | view in thread ]
Re: Re: Re: Response to: Anonymous Coward on Feb 22nd, 2016 @ 4:56am
No - I'm saying that the authorities were initially reluctant to describe the attack as terrorism because of political correctness.
But that's all you, baby. Can you name the religious or political goal that the attack furthered?
The attack looks very similar on its face to the Paris attacks and others where the perpetrators expressed their motives more clearly.
Of course it is not our opinion of whether a cause was furthered that counts. From their point of view they have read certain texts and interpret them as divine commands to commit violence. They believe that an all knowing God has told them to do something and they don't think any further than that. A logical calculation of whether it will actually further a goal plays no part in this. That kind of thinking is westernised secular infidel logic - which they despise.
Furthering their goals, though, requires a terrorist group to outlive the attack.
Not really. Or rather - not the particular small group responsible. They saw themselves as part of a larger movement - which is still very much around.
[ link to this | view in thread ]
[ link to this | view in thread ]
I've said it before
The day that the federal government started curtailing civil liberties in the name of fighting terrorism, making us jerk and twitch at the slightest mention of bad people, is the day the goal was achieved. Whether anybody died from the act is immaterial to the results.
Rest assured that if Farook had survived, the FBI would have surely used some form of liberty-depriving investigative technique to get the information it needed. To paraphrase a snippet of an old parable, it's in the snake's nature.
In the context of the situation, Apple's biggest sin here (along with anybody who owns, operates, or manufactures a cell phone) is that they're the ones still living.
[ link to this | view in thread ]
Re: Re: Re: [terrorism / not terrorism]
Since apparently no-one got what I was specifically referring to, I'll spell it out;
Charleston church shooting. Terrorism or not?
[ link to this | view in thread ]
If they change the password
Or is the issue that it needs to be manually entered into the phone once the password has been changed?
[ link to this | view in thread ]
Re: Re: Re: Re: [terrorism / not terrorism]
This guy went in to kill black people. In a church. The idea was to commit a crime so heinous that anyone likely to take his side would be truly committed. And some very nasty people in positions of trust in the community came out of the woodwork.
Did Roof have a cause to promote? Vague right-wing race hate, nothing specific.
Did he use terror to advance his cause? It wasn't advanced at all, nobody rallied to his flag, he just got a few horrible people to make sympathetic noises. Nobody is going to sing, "Dylan Roof's body is a-moulder'ing in the grave," or anything.
Okay, but was he trying to? Yes, but not in an effective way. Terrorists tend to organise; even the lone wolves will attach themselves to a faction even if they're not part of a local group, if that makes sense.
I'm subjectively splitting hairs here based on Roof's vague hatred of black people and saying he's not organised enough to be a terrorist in the way the IRA, PLO, and other groups are. Had he been acting as part of a group, even on his own, I'd have called him a terrorist.
Syed and Malik were alleged to have been acting as associates of ISIL and to have pledged allegiance to its leader. They are alleged to have used instructions provided by ISIL via its websites to carry out the attack. Okay, but that's speculation, there's no evidence to tie all that together. They may well have been acting on behalf of ISIL or they may have had a beef with their workplace. Until the "sources" are revealed, we'll have to take the words of anonymous people whom we can't cross-examine for it. They killed people, that is true. Why they did it is not known.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re:
If the phone makes backups onto iCloud the phone presumably logs into iCloud. The phone presumably enters credentials to log in. Can't Apple just configure their iCloud servers to accept whatever password the phone throws at it as being the correct pw so that it can make the backup upon the phone making the request? It's Apple's servers, the phone can verify that it's connecting to Apple's servers.
[ link to this | view in thread ]
please please please
Then again, we all know that if there is nothing of use on the phone the FBI will say the exact opposite.
[ link to this | view in thread ]
Yes, Apple should be able to revert the FBI's resetting of the Password!
"can't Apple just change it back to the way it was before?"...yes, Yes, YES! Finally someone online thought of my idea! I had thought of this too, even before reading your comment. I was actually trying to Google to see if anyone else had mentioned this & you had! (so it's your idea too)
Problem: The FBI reset the iCloud password...so, now the device won't be able to trigger an automatic backup.
Solution: Restore that account's password from backup, to BEFORE the FBI reset it!...via direct Database manipulation -- SQL commands on the server.
I'm sure Apple has multiple backups of the iCloud user database, maybe even hourly, they could dig thru those backups (a simple grep, not hard) to find every time (or the most recent time) that that account's password was changed & simply restore the old password & then hope the device will auto-backup.
As some of you may not know, Apple doesn't need to know the old iCloud password to restore it: I assume (& hope) Apple is using the industry best-practice of using bcrypt (in PHP terms, the "password_hash()" function) to store the password hash instead of the password (but actually how they store it don't matter for this procedure)...so you simply restore the previous password hash into the live iCloud Database (Apple would have direct Database access on the iCloud server, of course). No one knows the old password, but the device does & could then, theoretically perform an auto-backup.
"Can't Apple just configure their iCloud servers to accept whatever password the phone throws at it as being the correct pw"...actually, yes, they probably can. My solution (even before reading your comment) was to restore the old password from backup, but with custom code in the login function, they could configure "that account" to accept any password...they'd wanna lock it down tho, otherwise anyone who tries that account would get in, with any password, while the phone was doing the backup.
What they could do instead tho (besides just restoring the password hash from backup, as above) is, assuming the phone tries to login by sending the literal password, in plain text (over a secure connection), just start logging any passwords tried on that account, then they would know the plain text password the phone is trying to use, then they could change the password hash to match that plain text password. On the other hand, if the phone is trying to connect using some other "login token", instead of the "password" in plain text...they could just configure that "token" to be "correct".
However, if the device's auto-backup was turned off, none of this will help (unless they can turn auto-backup on remotely). Before doing anything more complicated, Apple could look into their logs to see if that phone has even been TRYING to connect to them at all. We know it hasn't done a backup in months, but has it even talked to Apple's Servers at all? -- for example: iOS Update check? App update check? Check for new msgs? They should be able to see any attempts the phone made to connect to their Servers...which includes failed login attempts. If there are any, then they would know the phone is trying & failing to connect (due to the password being changed) or they would find out it's not even trying to connect...making the fact that the FBI changed the password, not matter at all.
[ link to this | view in thread ]
Re: Front door
That reminds me of a story I read once, that I HOPE was a joke...
A customer gets a shop clerk to help them take their groceries out and put them in their car. While loading the groceries, the customer leaves their keys on the front seat, and closes the door, reflexively locking it as they close it -- then realizes the keys are inside. The customer begins to panic, and in their panic ignores the driver's side rear door that is still open, that the clerk is loading groceries into.
Customer: "Oh no, I locked my keys in the car!"
Clerk: "This door is still open."
Customer: "You don't understand, this is a disaster!"
Clerk: "But the door is open, you can just..."
Customer, irate because clerk isn't reacting, slams the rear door.
Customer: "There! Are you happy now? The door is shut. Now you can pay attention to my serious problem instead of blathering about nonsense!"
[ link to this | view in thread ]