I like Google's approach, resetting the password and then supplying that the LE. You definitely get notified. I am wondering what happens when you have two factor author enabled? I imagine you would receive an SMS the first time LE tries to log in. You could then reset the password and make them go through the whole process again. :-) On May 10, 2013 7:00 PM, "Jeffrey Walton" <noloa...@gmail.com> wrote:
> Why break it when you can go around it.... > > > http://news.cnet.com/8301-13578_3-57583843-38/apple-deluged-by-police-demands-to-decrypt-iphones/ > > Apple receives so many police demands to decrypt seized iPhones that > it has created a "waiting list" to handle the deluge of requests, CNET > has learned. > > Court documents show that federal agents were so stymied by the > encrypted iPhone 4S of a Kentucky man accused of distributing crack > cocaine that they turned to Apple for decryption help last year. > > An agent at the ATF, the federal Bureau of Alcohol, Tobacco, Firearms > and Explosives, "contacted Apple to obtain assistance in unlocking the > device," U.S. District Judge Karen Caldwell wrote in a recent opinion. > But, she wrote, the ATF was "placed on a waiting list by the company." > > A search warrant affidavit prepared by ATF agent Rob Maynard says > that, for nearly three months last summer, he "attempted to locate a > local, state, or federal law enforcement agency with the forensic > capabilities to unlock" an iPhone 4S. But after each police agency > responded by saying they "did not have the forensic capability," > Maynard resorted to asking Cupertino. > > Because the waiting list had grown so long, there would be at least a > 7-week delay, Maynard says he was told by Joann Chang, a legal > specialist in Apple's litigation group. It's unclear how long the > process took, but it appears to have been at least four months. > > [Image and excerpt from ATF affidavit, which says Apple "has the > capabilities to bypass the security software" for law enforcement.] > > The documents shed new light on the increasingly popular law > enforcement practice of performing a forensic analysis on encrypted > mobile devices -- a practice that can, when done without a warrant, > raise Fourth Amendment concerns. > > Last year, leaked training materials prepared by the Sacramento > sheriff's office included a form that would require Apple to "assist > law enforcement agents" with "bypassing the cell phone user's passcode > so that the agents may search the iPhone." Google takes a more > privacy-protective approach: it "resets the password and further > provides the reset password to law enforcement," the materials say, > which has the side effect of notifying the user that his or her cell > phone has been compromised. > > Ginger Colbrun, ATF's public affairs chief, told CNET that "ATF cannot > discuss specifics of ongoing investigations or litigation. ATF follows > federal law and DOJ/department-wide policy on access to all > communication devices." > > In a separate case in Nevada last year, federal agents acknowledged to > a judge that they were having trouble examining a seized iPhone and > iPad because of password and encryption issues. And the Drug > Enforcement Administration has been stymied by encryption used in > Apple's iMessage chat service, according to an internal document > obtained by CNET last month. > Bypassing Apple's security > > The ATF's Maynard said in an affidavit for the Kentucky case that > Apple "has the capabilities to bypass the security software" and > "download the contents of the phone to an external memory device." > Chang, the Apple legal specialist, told him that "once the Apple > analyst bypasses the passcode, the data will be downloaded onto a USB > external drive" and delivered to the ATF. > > It's not clear whether that means Apple has created a backdoor for > police -- which has been the topic of speculation in the past -- > whether the company has custom hardware that's faster at decryption, > or whether it simply is more skilled at using the same procedures > available to the government. Apple declined to discuss its law > enforcement policies when contacted this week by CNET. > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. >
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
