Apple users are spied on by built-in backdoors!

As the FBI in its lawsuit seeks to override 1995 issued restrictions on state supervisors with a law from the founding of the US 1789.

The first hearing in the FBI lawsuit against Apple is already for 22. March and she will not be the last. Apple boss Tim Cook has already announced, if necessary, to go to the Supreme Court and the FBI will hardly back down. The development around the iPhone of the assassins of San Bernardino takes ever grotesque features. The complaint from the FBI confirms that a "back door" built by Apple for prosecutors was blocked by the FBI itself, so that nobody can open it anymore.

The mistake made the lawsuit possible because FBI lawyers are not relying on the "CALEA" law of 1995, which requires telephone operators to set up investigative monitoring interfaces, but a law of 1789, the year the US was founded. The FBI is trying to undermine the restrictions on investigators in CALEA. Apple in turn is already working on an update of the iPhone system, which should make the demands of the FBI pointless. Because these run on the FBI for years required "golden key" for all devices out.

The "Assistance obligation"

Although the FBI appeals to the Californian district court in Los Angeles, this "assistance obligation" in their investigations in their title, but relies not on the decision specifically for the monitoring of modern mobile networks 1994 "Communications Assistance Law Enforcement Act" (CALEA), but on the "All Writs Act" of 1789. This amendment entered into force in the same year as the US Constitution and was designed to support the still-weak legal framework of the newly-formed United States by, in short, enabling the courts to take measures that are not yet legally enforced.

The iPhone was found in the car of the assassins Syed Farook and Tashfeen Malik. Supposedly it was on, but locked with a password.
The iPhone was found in the car of the assassins Syed Farook and Tashfeen Malik. Supposedly it was on, but locked with a password.

The "All Writs Act" is not a law of its own, but a ruling for the last resort when all other possibilities are exhausted. Courts can thus enact all possible arrangements in support of ongoing proceedings, as long as those obligations are not contrary to other laws and do not impose an extraordinary burden on the debtors.

What the statement of claim of the FBI conceals

Given the facts that may be stored on the now inaccessible SerienPhone of the serial killer Syed Farook data on contacts with his victims, the use of this last means according to FBI is now given. However, what the claim does not mention is that this situation was caused solely by a blatant investigative error by the FBI, which makes every forensic scientist's hair stand on end. Immediately after the attacks, the FBI had ordered the administration of San Bernardino - the employer Farooks and owner of his service cell phone - to reset the password for the iCloud account to get the backup copy of the mobile phone data.

The contents of the lawsuit show the line of argument of the FBI
The contents of the lawsuit show the line of argument of the FBI

One found however only old data, because the backup mechanism of the iPhone was switched off long before the attacks. By this reset of the password but the built-in Apple backdoor for prosecutors was blocked so that even Apple had no access. The theft protection of the iPhone was indeed snapped, but that is the only mechanism that is not under the control of Apple. However, Apple was and still is able to deduct all current data from an obstructed iPhone without the owner's knowledge and to deliver it to the prosecutors. According to the company, this happens more than 7.000 times a year. This fact is also confirmed in the application of the FBI.

Apple's backdoor in the cloud

Upon submission of a search warrant by law enforcement, the affected iPhones - as well as other devices - will simply be forced by Apple to sync with its iCloud account. The owner is logically neither asked nor notified, the data are then in plain text. With the reset of the password by order of the FBI but this way was blocked. The same authority, which made this fatal mistake in a thousandfold per year practiced investigative routine knows, of course, about Apple's technique very detailed decision, it also emerges from the application.

Theft protection bothers the FBI

Namely, Apple has another mechanism that works without a user password and allows the company to repair defects in the software of iPhones by updating the operating system. Based on the "All Writs Act", the FBI of Apple now demands to create a new version of its operating system, in which a second theft protection is disabled. This routine deletes all user data from the phone after ten failed password attempts, but not in the cloud. Along with the password protection, this deletion routine is an efficient theft deterrent that resides purely in the owner's domain, with no direct access by Apple.

Paragraph 1d of the conclusions of the FBI clearly argues why CALEA is inapplicable in this case, but the "All Writs Act"
Paragraph 1d of the conclusions of the FBI clearly argues why CALEA is inapplicable in this case, but the "All Writs Act"

In the complaint, the FBI now demands that Apple creates a de facto new version of its operating system in which the theft protection is disabled. This version should be installed by Apple by remote maintenance on the iPhone, Apple is under the "All Writs Act" obligation, according to the FBI. According to all the experts involved, this technically amounts to creating a duplicate key for all iPhones.

INFO: The "All Writs Act" in Wikipedia and theCALEA decision of 1994

The parallels to Europe

CALEA, in force since the beginning of 1995, is largely congruent with a decision taken by the EU Council of Ministers just a few months later, made famous by its secret passage in the Committee on Fisheries. Both laws require telephony operators to give investigators access to metadata and phone calls and to make calls on court orders inaudible.

Own encryption measures of the providers are to be lifted, expressly excluded is encrypted traffic from third parties in this network. Since the affected telecoms are also the relevant providers of Internet access for private as well as for companies that secure their networks with their own encryption, the providers are not able to decrypt this traffic in transit. And, under both laws, providers can not be forced to tailor their technology to the needs of law enforcement.

INFO: Only the implementation of the Council of Ministers decision at EU level 1998 announced the decision the result was the so-called ENFOPOL affair

Myth "dark times", escalation

In any case, the FBI can not complain about a lack of data in this case, which is almost completely cleared up, except for one possible Mittwisser. About CALEA and the mobile phone Verizon, the FBI came to the metadata - who with whom when and where calls - not only this iPhone. Also from two other devices that Farook had destroyed before the fact, the FBI has a detailed log of all phone calls, all SMS and movement data. Since CALEA has been significantly expanded - emails, WWW, VoIP - are also the data of the Internet activities Farooks before, on the other hand, Facebook and LinkedIn used. Of the much-vaunted dark, dark times for investigators "so there can be no question.

For further escalation is already taken care of. What the Apple technicians work, namely, is easy to guess. Of course one closes the gap in its own update mechanism for the operating system, which provides such a "golden key" as the FBI makes technically possible in its application. The only question that remains is how this solution will look exactly and not whether a technical solution is possible. This is presupposed by practically all observers of the event.


Created on:02/28/2016

Leave a Comment