Apple is considered an impregnable fortress, the main functions provided by the iOS operating
system and related data are inaccessible to ill-intentioned but also to
the law enforcement in case of investigations.
Several times we discussed on the privacy issues related the use of mobile devices,
Smartphone and tables manage a huge quantity of the user’s information,
have the history of his movements and of his contact.
Let’s
consider also that the rapid diffusion of mobile app has increased the
type and the quantity of information collected, today many applications manage any kind of data from social network contacts and communication to user’s health data.
One
of principal problem during investigation made by law enforcement is to
access data managed by Apple’s IOS, but the problem is not limited to
Apple, in the past US police and intelligence agencies requested to principal companies such as Google to support investigation allowing the access to defendant’s mobile.
The request was to design a backdoor for governments to use in case of investigation, the argument is subject to a great debate …. security or privacy? This is the question.
Officially
the company contacted by law enforced always denied to give the access
to their device security features, also for investigation by law
enforcement, but something is changing. To respond to numerous requests
police demands to decrypt seized iPhones Apple created a waiting list to
handle the deluge of requests and this represent an historical change,
because the waiting list had grown so long there would be at least a
7-week delay to have a response from Apple.
In
a documented case reported by court documents, an agent at the ATF, the
federal Bureau of Alcohol, Tobacco, Firearms and Explosives “contacted
Apple to obtain assistance in unlocking the device," U.S. District
Judge Karen Caldwell wrote in a recent opinion. She also wrote, that the
ATF was "placed on a waiting list by the company."
ATF
agent Rob Maynard declared that, for nearly three months last summer,
he "attempted to locate a local, state, or federal law enforcement
agency with the forensic capabilities to unlock" an iPhone 4S, the
mobile is a property of a man in Kentucky who was charged for
supplying crack cocaine.
The
problem is that according the agent each police agency responded by
saying they "did not have the forensic capability,", that's why the
agent decided to contact directly Apple requesting support.
Apple
is the unique entity able to bypass the security lock to extract data
from iPhone despite there are a few software packages that claim to be
able to extract some or all information stored on encrypted iOS devices
such as like Elcomsoft's iOS Forensic Toolkit and Oxygen Forensics
Suite 2013.
Another
case has been reported, in Nevada agents weren’t able to bypass the
encryption mechanisms of the iPhone and iPad for investigation, also The
Drug enforcement Administration has also faced a similar problem to
decrypt message sent with iMessage chat service as per an internal
document.
In
all these cases Apple seems to have provided a meaningful contribute
despite it isn’t clear if the company used a specific built in backdoor or has access to encrypted data using custom tools.
Apple specifically states in its privacy policy that it may disclose personal information "by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence".
A CNET post revealed law enforcement can count on the support provided by companies such as Google and Apple, following a part of the interesting article:
“Last year, leaked training materials prepared by the Sacramento sheriff's office included a form that would require Apple to "assist law enforcement agents" with "bypassing the cell phone user's passcode so that the agents may search the iPhone." Google takes a more privacy-protective approach: it "resets the password and further provides the reset password to law enforcement," the materials say, which has the side effect of notifying the user that his or her cell phone has been compromised.”
The
reality is that companies such as Google and Apple, but also other
manufacturer are able to access to user’s data on mobile device even if
they are on an encrypted device, at least in some circumstances.
Christopher Soghoian, principal technologist with the ACLU's Speech, Privacy and Technology Project declared:
"That is something that I don't think most people realize," "Even if you turn on disk encryption with a password, these firms can and will provide the government with a way to get your data."
Privacy probably is the biggest utopia of our time.
Pierluigi Paganini
No comments:
Post a Comment