End to end encryption under threat

"obviously I'm not in the tech world" Really? :D

I would be more interested to hear opinions from those within the "tech world". Someone who understood the implications of doing it vs not doing it.
 
My Android device doesn't share this same security feature as the iOS devices in question, neither does my PC. All my phone calls, texts and emails are already being monitored by security services.

I'm not sure what activities 'normal' Apple users are up to that need this level of device encryption?
 
My Android device doesn't share this same security feature as the iOS devices in question, neither does my PC. All my phone calls, texts and emails are already being monitored by security services.

I'm not sure what activities 'normal' Apple users are up to that need this level of device encryption?

I believe from Marshmellow onwards encryption is now on by default similar to Apple.
 
I believe from Marshmellow onwards encryption is now on by default similar to Apple.

Full "disk" encryption came in 5 lollipop as an option but it's now mandatory as of marshmellow afaik.

However I think it's software based I don't know if there's a hardware key like apple.
 
Just read the vacation statement.

1, The iPhone in question is owned by a government department.
2. That department didn't require or install the Apple device management software - thus a policy issue within the department operation!

also
3. that the credentials for unlock are entangled with the unique device identity locked into the phone and not available to the OS.. hence the only way to unlock is from the phone outwards.
4. That the CALEA(II) wasn't passed by congress.. hence not being part representative of the citizens of the USA.. more a spooky dark body that has no legal claim to do it..

There is a statement "Apple does not create operating systems built to third-party specifications provided uniquely to Apple"

Now logically if there is a legal requirement for all other phones to provide the same - then this clause becomes false and hence Apple's statement would be defeated.

They are basically saying - if you require us todo it, then you must require the same from everyone else - including Google and any applications that may existing on Android that may harbour encrypted data. So if your app was developed in EU or somewhere else.. that's very unlikely!
 
Last edited:
The encryption isn't relevant, it's the "10 strikes and the device is erased" feature.

Which is a perfectly reasonable precaution considering what is on phones now. It stops thiefs stealing from everything from email accounts to banking data and in this case quite possibly sensitive business information (it is/was a company phone).

With cloud backups phones are now basically "dumb" terminals so wiping a device when lost or when someone tries to get into it unauthorized is a reasonable thing to do. I'd argue that the devices you claim don't have this feature need to develop them, rather than force backwards steps for those that do.

One of the problems in this case is that it appears the FBI asked the employer to try and reset the password on their apple account, thus disabling the ability to read the backup of the phone.
 
Last edited:
Well if you continue putting wrong passcodes in then the time between pass codes gets longer... until it switched to infinite - effectively locking out the phone (regardless of the 10 attempts and wipe feature).
 
Which is a perfectly reasonable precaution considering what is on phones now. It stops thiefs stealing from everything from email accounts to banking data and in this case quite possibly sensitive business information (it is/was a company phone).

With cloud backups phones are now basically "dumb" terminals so wiping a device when lost or when someone tries to get into it unauthorized is a reasonable thing to do. I'd argue that the devices you claim don't have this feature need to develop them, rather than force backwards steps for those that do.

One of the problems in this case is that it appears the FBI asked the employer to try and reset the password on their apple account, thus disabling the ability to read the backup of the phone.

Agreed - instantly, over night.. people would have to remove their sensitive apps like the banking apps etc.

It sounds like the cloud data is actually still encrypted (at least in part) with the device UID.

As for third party apps - not sure if that the case, even when using apples' own cloud key chain.
 
Agreed - instantly, over night.. people would have to remove their sensitive apps like the banking apps etc.

It sounds like the cloud data is actually still encrypted (at least in part) with the device UID.

As for third party apps - not sure if that the case, even when using apples' own cloud key chain.

Also Apple are working hard with Credit card companies to get iOs certified as secure so you can use your phone as a credit/debit card (not just for apple pay)

Also the authorities have had access to the data on the phone for over 6 months iirc as the phone was completely backed up on iCloud (which has no wipe function) it's just some numpty at the san Bernadino police department changed the password so the phone will not back up as it's asking for the new password behind the lock screen.
 
Back
Top Bottom