Apple users are spied on by built-in backdoors!

As the FBI in its lawsuit seeks to override 1995 issued restrictions on state supervisors with a law from the founding of the US 1789.

The first trial in the FBI's lawsuit against Apple is scheduled for March 22nd, and it won't be the last. Apple boss Tim Cook has already announced that he will go to the Supreme Court if necessary and the FBI will hardly back down. The development around the iPhone of the assassin of San Bernardino is getting more and more grotesque. The FBI's complaint confirms that a “back door” built by Apple for law enforcement officers has been locked by the FBI itself so that no one can open it.

This mistake made the lawsuit possible in the first place, because the FBI lawyers do not rely on the "CALEA" law of 1995, which obliges telephone operators to set up surveillance interfaces for investigators, but on a law of 1789, the year the USA was founded. The FBI is trying to break the restrictions on investigators in CALEA. Apple, in turn, is already working on an update of the iPhone system, which should make the demands of the FBI meaningless. Because these amount to the “golden key” for all devices that the FBI has been demanding for years.

The "duty of assistance"

The FBI's complaint before the California District Court in Los Angeles carries this “duty to assist” with investigations in its title, but does not refer to the “Communications Assistance Law Enforcement Act” (CALEA), which was passed specifically for monitoring modern cellular networks in 1994 the “All Writs Act” of 1789. This additional law came into force in the same year as the US Constitution and was intended to support the still thin legal framework of the recently founded United States by - in short - also enables the courts to take action that are not yet legally stipulated.

The iPhone was found in the car of the assassins Syed Farook and Tashfeen Malik. Supposedly it was on, but locked with a password.
The iPhone was found in the car of the assassins Syed Farook and Tashfeen Malik. Supposedly it was on, but locked with a password.

The “All Writs Act” is not a law of its own, but a regulation for the last resort when all other options have been exhausted. Courts can thus issue all conceivable orders to support ongoing proceedings, as long as these obligations do not contradict other laws and do not impose an extraordinary burden on those obliged.

What the statement of claim of the FBI conceals

In view of the fact that the now inaccessible і phone of the serial killer Syed Farook may contain data about contacts with his victims, the use of this last resort is now given, according to the FBI. What the complaint does not mention, however, is that this situation was caused solely by a blatant investigative error by the FBI that makes every forensic scientist's hair stand on end. Immediately after the attacks, the FBI ordered the administration of San Bernardino - Farook's employer and owner of his company cell phone - to reset the password for the iCloud account in order to gain access to the backup copy of the cell phone data.

The contents of the lawsuit show the line of argument of the FBI
The contents of the lawsuit show the line of argument of the FBI

One found however only old data, because the backup mechanism of the iPhone was switched off long before the attacks. By this reset of the password but the built-in Apple backdoor for prosecutors was blocked so that even Apple had no access. The theft protection of the iPhone was indeed snapped, but that is the only mechanism that is not under the control of Apple. However, Apple was and still is able to deduct all current data from an obstructed iPhone without the owner's knowledge and to deliver it to the prosecutors. According to the company, this happens more than 7.000 times a year. This fact is also confirmed in the application of the FBI.

Apple's backdoor in the cloud

After the prosecution has presented a search warrant, the iPhones in question - but also other devices - are simply forced by Apple to synchronize with the associated iCloud account. The owner is logically neither asked nor notified, the data is then available in plain text. With the resetting of the password by order of the FBI, however, this path was blocked. The same authority that made this fatal error in an investigation routine practiced a thousand times a year, of course, knows in great detail about Apple's technology, which is also evident from the complaint.

Theft protection bothers the FBI

Apple has another mechanism that works without a user password and enables the company to repair defects in the software of iPhones by updating the operating system. On the basis of the “All Writs Act”, the FBI is now asking Apple to create a new version of its operating system in which a second anti-theft device is deactivated. This routine deletes all user data from the mobile phone after ten unsuccessful attempts to enter the password, but not in the cloud. Together with the password protection, this deletion routine is an efficient anti-theft protection, which is located purely in the domain of the owner, there is no direct access by Apple.

Paragraph 1d of the FBI's conclusions clearly argues why CALEA is not applicable in this case, but the "All Writs Act" is.
Paragraph 1d of the FBI's conclusions clearly argues why CALEA is not applicable in this case, but the "All Writs Act" is.

In the complaint, the FBI now demands that Apple de facto create a new version of its operating system in which the theft protection is deactivated. This version should be installed by Apple via remote maintenance on the iPhone, Apple is obliged to do so under the “All Writs Act”, according to the FBI. In the opinion of all the experts involved, this technically amounts to creating a duplicate key for all iPhones.

INFO: The “All Writs Act” on Wikipedia and theCALEA decision of 1994

The parallels to Europe

CALEA, in force since the beginning of 1995, is largely congruent with a decision taken by the EU Council of Ministers just a few months later, made famous by its secret passage in the Committee on Fisheries. Both laws require telephony operators to give investigators access to metadata and phone calls and to make calls on court orders inaudible.

Own encryption measures of the providers are to be lifted, expressly excluded is encrypted traffic from third parties in this network. Since the affected telecoms are also the relevant providers of Internet access for private as well as for companies that secure their networks with their own encryption, the providers are not able to decrypt this traffic in transit. And, under both laws, providers can not be forced to tailor their technology to the needs of law enforcement.

INFO: Only the implementation of the Council of Ministers decision at EU level in 1998 made the decision known the result was the so-called ENFOPOL affair

Myth "dark times", escalation

In any case, the FBI cannot complain about a lack of data in this almost completely cleared up case, with the exception of a possible advisor. Via CALEA and the mobile operator Verizon, the FBI got the metadata - who is on the phone with whom, when and where - not just this iPhone. The FBI also has a detailed log of all phone calls, SMS and movement data from two other devices that Farook had destroyed before the crime. Since CALEA has been considerably expanded - e-mails, WWW, VoIP - the data of Farook's internet activities are also available, who also used Facebook and LinkedIn. There can be no question of the much-invoked dark, dark times for investigators ”.

Further escalation has already been taken care of. It is not difficult to guess what the Apple technicians are working on. Of course, the loophole in the own update mechanism for the operating system is closed, which makes such a “golden key”, as the FBI technically possible in its complaint. The only question currently is how this solution will look and not whether a technical solution is possible. Practically all observers of the event assume this.

Created on:02/28/2016

Leave a Comment

Provide affiliate links