Apple receives a lot of police requests for decrypting iPhones & iPads

[RaduTyrsina]

​

Those who enjoy watching shows like CSA know that when a police investigation kick starts, one of the first things the law enforcers check is the suspect’s phone records – the calls he/she made and what files are stored within their device.

According to some new information provided by CNET, Apple has been receiving a lot of requests on behalf of government agencies and police asking for its official assistance in unlocking iPhones and iPads. The company has received so many that it had to install a waiting list so information could be received by the requesters.

CNET stumbled upon some court documents detailing the endeavor of an agent of the Bureau of Alcohol, Tobacco, Firearms and Explosives, who​​ applied for help at the Apple headquarters. The agent was notified that his request will be complied with in 7 weeks. From the answer, we can speculate just how huge the waiting list really is.

Apple is known for building devices which feature advanced encryption software that is incredibly hard to crack. Therefore, it makes sense that the investigators would turn to the mother company for help. But does it? The CNET report sheds no light on how exactly is Apple retrieving the information. It might be possible that when building the devices, a back door was left in case of emergencies. Like police investigations and such.

Apple has been contacted for an official statement, but is yet to comment on the information provided by CNET.

Source: Cnet

 

[Bob Maxey]

I was just looking at some legal discussions regarding what law enforcement can and cannot force you to give up. Apparently, SCOTUS decided that there is a difference between a physical key and a written password Vs. an encrypted file in which the only place the password/key exists is in your head. SCOTUS decided that you can not be compelled to give up your passwords and/or keys. The police (apparently) can use whatever tools they have to "hack" strong encryption, but they cannot force you to give up your key/passwords/passphrases.

I use TrueCrypt and a very strong password for my personal data. Also, I use one of the windows files as part of the excryption scheme and chances are, nobody will crack it. At least not easily.

"The courts likely will find that compelling someone to reveal the steps necessary to decrypt a PGP-encrypted document violates the Fifth Amendment privilege against compulsory self-incrimination. Because most users protect their private keys by memorizing passwords to them and not writing them down, access to encrypted documents would almost definitely require an individual to disclose the contents of his mind. This bars the state from compelling its production. This would force law enforcement officials to grant some form of immunity to the owners of these documents to gain access to them."

Lesson for today: memorize and do not write things down.

I find the latest Apple adventures quite interesting.

OT: did you all know that Mega is now available? Remember Kim Dotcom? Now, when you upload files to his file storage service, everything is encrypted by default and nobody except the user knows what is in the files. This will likely drive the government up the wall and they try to nail KD to the wall. It is also one way KD can claim he legitimately did not know what the files were.

Interesting times ahead, to be sure.

 

[TitusD]

I was just looking at some legal discussions regarding what law enforcement can and cannot force you to give up. Apparently, SCOTUS decided that there is a difference between a physical key and a written password Vs. an encrypted file in which the only place the password/key exists is in your head. SCOTUS decided that you can not be compelled to give up your passwords and/or keys. The police (apparently) can use whatever tools they have to "hack" strong encryption, but they cannot force you to give up your key/passwords/passphrases.

I use TrueCrypt and a very strong password for my personal data. Also, I use one of the windows files as part of the excryption scheme and chances are, nobody will crack it. At least not easily.

"The courts likely will find that compelling someone to reveal the steps necessary to decrypt a PGP-encrypted document violates the Fifth Amendment privilege against compulsory self-incrimination. Because most users protect their private keys by memorizing passwords to them and not writing them down, access to encrypted documents would almost definitely require an individual to disclose the contents of his mind. This bars the state from compelling its production. This would force law enforcement officials to grant some form of immunity to the owners of these documents to gain access to them."

Lesson for today: memorize and do not write things down.

I find the latest Apple adventures quite interesting.

OT: did you all know that Mega is now available? Remember Kim Dotcom? Now, when you upload files to his file storage service, everything is encrypted by default and nobody except the user knows what is in the files. This will likely drive the government up the wall and they try to nail KD to the wall. It is also one way KD can claim he legitimately did not know what the files were.

Interesting times ahead, to be sure.

There's a company in Glasgow(don't know the name) who specialise in code breaking and who reckon they can get ANY encryption service in about 2/3 days. The hardest they've had so far took them 15hrs. ALL your information is easily available. This is in the UK anyway.

 

[Bob Maxey]

TitusD[/URL];932654]There's a company in Glasgow(don't know the name) who specialise in code breaking and who reckon they can get ANY encryption service in about 2/3 days. The hardest they've had so far took them 15hrs. ALL your information is easily available. This is in the UK anyway.

TrueCrypt was apparently hacked, but I am not so sure. One can read all sorts of stories about some encryption techniques. Some say TC was cracked and some say it was not cracked. All I know is my data is safe in most cases, from most people.

No doubt, decryption will become easier in the future. Ultra-strong encryption scares our government and there is an arms race of sorts. Perhaps RJN and those like it are the answer? As far as the cryptographic community is concerned, RJN is absolutely unbreakable.

For me, something like TC is fine. No normal person can break it; the casual user lacks the tools to crack it and that is all the protection I need these days.
When I become a Double Naught spy, perhaps I will evaluate my needs further.

 

[TitusD]

Yeah I'm with you on that. The usual security levels,combined with a bit of common sense(and having nowt to steal) work ok for me as well.

 

[Bob Maxey]

Yeah I'm with you on that. The usual security levels,combined with a bit of common sense(and having nowt to steal) work ok for me as well.

Better yet, keep the important stuff off the web. Just assume your stuff will be used, stolen, modified, purloined . . . whatever and ask yourself if you will be happy if it is used by some cretin.

The good things is you cannot be compelled to give up your encryption keys and passwords, so you evil doers on the list take heart.

Bob is not a lawyer and you might end up in a small room with a couple of three lettered government types using a rubber hose.