
Apple security rules leave inherited iPad useless - ghswa
http://www.bbc.co.uk/news/technology-26448158
======
poolpool
Apple literally cannot win in the media and the current security narrative. If
they could/would remotely unlock or reset passwords people would freak out
about lax security you could get around by purely faking a written and signed
letter.

This sucks but is all this heartbreak and fighting with a company worth a 500
dollar toy? This whole thing is ridiculous.

~~~
Silhouette
_This sucks but is all this heartbreak and fighting with a company worth a 500
dollar toy?_

You do understand that some people have to work full time for several months
to save enough to buy that kind of "toy", right? Maybe you're lucky enough to
be more wealthy than that, but many aren't. Not that the amount of money
involved is even slightly the point here anyway.

------
Hansi
When my friend who is only 29 now developed a blood clot two years ago
(thankfully surgery went fine but the chances weren't good according to the
doctor going in); I set up a password protected encrypted disc image with all
my login details (1Password), monitary asset information (iBank), contact
details (Address book + txt file), instructions for dealing with employer,
insurance stuff (life, home, accident), etc that's on a USB stick in my flat
and synced to my parents computer via SFTP every month or so.

That way they can get any information they need easily if something were to
happen to me by unlocking the disk image with the password they have.

Obviously out of the scope for most people (including article's subject) to
set up but a good idea for those of us who are technologically inclined IMO
(others may disagree, if so I'd love to hear why).

------
jws
It sounds reasonable to me. They have provided evidence that the woman has
died, and that she left an iPad. Apple is asking for a legal declaration that
it is this iPad and this iTunes account.

 _" We've provided the death certificate, will and solicitor's letter but it
wasn't enough. They've now asked for a court order to prove that mum was the
owner of the iPad and the iTunes account._

The survivors are balking at the £200/hr for the solicitor to make that
happen.

So it appears there is a path for an executor to gain control of an iTunes
account and iOS devices, but it requires a legal verification from the courts.
Anything less would be open to abuse.

Note to self: make a mechanism for my survivors to unlock my keychain, because
that is really going to suck for them in my case.

------
vinceguidry
It's hard for me to want to blame Apple for this. The fact of the matter is,
they should not have lost those security tokens.

I'm getting pretty sick of the externalities of people's unwillingness to
manage their information. You lose your password, you lose your device, unless
you know how to hack it or can pay someone to do it. If it costs you more to
recover your device than it's worth, tough shit. That password is designed to
keep people who don't know it out. Don't lose track of it.

~~~
josteink
What a great attitude towards user friendliness!

Let's apply it to email, online banking and forum accounts while we're at it,
shall we?

~~~
vinceguidry
With these things, there is someone you can talk to that controls the service.
If you lose access to your online bank account, then you can call up your bank
and have them manually reset it. Since they have alternate trust channels for
alternate ways of doing things, (you can check your balance and make transfers
by phone in most cases) you can just reuse them to regain access. (God help
you if you lose your Gmail account, though)

Apple's devices are fully in your control after you buy them. If you lose
access to a perfectly working device then it's your own damn fault. It's your
own damn fault in the other cases too, it's just that the nature of the
services provided mean you can go also go through a person.

But if you buy a safe, lock it, and subsequently lose all normal access to it,
don't bitch to me when you have to ruin it to get back in. It's just doing its
job, and you failed to do yours. Suck it up, buy a new safe, and be more
careful next time.

~~~
marcomonteiro
You obviously didn't read the article. This isn't an issue of someone losing
their password and subsequently being locked out of their account ---
something that Apple would help with. It was mom's iPad. She died. They don't
have the pass code and/or iCloud password and Apple won't help them open that
up. Sounds fair or unfair depending on your personal beliefs.

Having said that the article is a non-sensible emotional plea for sympathy at
the expense of painting Apple as a cold-hearted villain. If they just want to
be able to make use of the iPad it's simple to restore it using iTunes.

------
Silhouette
This would be disgraceful at the best of times, and it's just adding insult to
injury in this case.

It seems not only software but even perfectly usable hardware can now be
crippled by some high and might organisation's "security" measures. Roll on
changes in the law to compel unlocking mechanisms.

~~~
bananas
Actually this is exactly what I want to happen to any devices that I own.
Depending on the executor of the will of course, there is a lot to gain from
possession of a device/account.

People need to make separate arrangements like password handover etc and sort
their affairs out properly. This should be promoted here, not the fact that
Apple haven't handed the details over yet.

If I were Apple, I'd deny the request to be honest.

If I were the people in question, Id shrug the iPad off and get on with
rebuilding my life.

And before I get accused of sounding insensitive, exactly this happened to me
with my father a couple of years back. I had a 1Tb encrypted NAS and no
passwords. Had to write the data off.

Edit: that NAS array contained 38,000 photographs for reference that I'll
never see.

~~~
Silhouette
_People need to make separate arrangements like password handover etc and sort
their affairs out properly._

And how will that help if someone dies suddenly?

I'm guessing you've never dealt with, or watched a friend or family member
deal with, probate in that situation. It typically means months of stressful
and often heart-wrenching work that has to be done on top of everything else
in your life. There are rules and procedures for dealing with all kinds of
unknowns, many of which no-one saw coming and that's why they're unknown. One
of the few things you can usually rely on is that if there are explicit wishes
properly documented in a will, the law will tend to side with whatever that
says. How come Apple can't rely on the same thing?

 _This should be promoted here, not the fact that Apple haven 't handed the
details over yet._

So everyone now has to maintain a legally registered compendium of every
password change they ever make, in case a bus hits them tomorrow? Or someone
who knows they have only a little time left, for whom every moment is
precious, should waste that time filing formal notifications of their
electronic accounts with companies who apparently have too much control over
modern devices?

Apple have been shown copies of the death certificate, will, and solicitor's
letter. _That is sufficient to transfer millions of pounds in estate assets in
the eyes of the law._ How come it's not sufficient for the mighty Apple to
show a bit common sense?

Apple deserve every bit of horrible PR that's coming to them over this.

~~~
bananas
_> And how will that help if someone dies suddenly?_

I've sorted my affairs out. I have a keypassX database and master passwords
listed my will.

I take it you read the rest of my last post -- I have dealt with this.

Most people amble through life and never ask the question "what if?". If they
do ask it, they light another cigarette rather than put mitigation in place.
That is naivety and people need to snap out of it, pretty damn quick. The
world is a big and complicated place and if you don't want to leave a pile of
pain and suffering for people if you do decide to walk in front of a train or
something then you need to sort it out.

No excuses.

Sorry.

As for Apple, they have no obligation to do anything. The device is an asset
(tangible) and the will probably states about transferring them and the
contract and terms are with the person who signed it. In this circumstance,
they will cause themselves problems if they act and say yes here you go or no
chance. I'm sure the Apple Account which is the issue wasn't even mentioned in
the will or signatory's asset declaration.

Doomed either way.

Apple chose the right answer: mu (i.e. no answer).

~~~
Silhouette
_As for Apple, they have no obligation to do anything._

I don't know whether that's true legally here, but if it is, I don't think it
should be.

If they provided devices with a factory reset that let someone unlock them,
even if it meant locking out any older data, then maybe.

If they sold them with prominent warnings about how they could be rendered
permanently useless in this sort of situation, maybe.

But they don't do those things. They deliberately lock the device to an
authentication mechanism over which they have exclusive control under these
conditions. If you're going to do that, and you're not going to warn people
about it so they can make an informed decision about whether they want to buy
a product with that limitation in the first place, then I think you do bear
some responsibility for ensuring that the recovery mechanism operates
reasonably.

------
richardking
Why wouldn't they just completely wipe/reset it?

~~~
joevandyk
Can't do that without the password.

~~~
thisishugo
You can, it just requires putting the device in recovery mode.

------
josteink
Madness. Who owns this device really? The physical owner or Apple?

Cases like this shows why tablets, like any other computers, should be
formatable and reinstallable.

Android at least has a factory reset option in the recovery menus for cases
like this.

~~~
pseudometa
Not really madness... Theft prevention has been a mandate. I would love to see
your foolproof proposal for preventing unauthorized users access while
allowing authorized people access.

------
thisishugo
There's absolutely nothing stopping them from using the iPad with a fresh OS
installation, so I don't think useless is actually an accurate description.
(Indeed, the BBC title is less linkbaity than this one and acknowledges the
subjectivity of that description.)

Without a provision in the will to permit Apple to unlock the device, I can
see why it would be hesitant to do so. Certainly, if I bequeathed my phone,
computer, or tablet to relatives I would most assuredly _not_ want them to
also have access to the content on it.

~~~
probablyfiction
This is less about the device and more about the content. Yes, they could wipe
the device and start over without issue, but they would lose access to the
mother's purchased content in iTunes. Some people have the income to spend
hundreds or thousands of dollars on content for their Apple device. In that
case it would be a substantial loss to lose access.

~~~
lordCarbonFiber
So the true issue is less to do with the restrictions on the account and more
on the absolutely absurd DRM placed on the content. I can leave my collection
of CDs to whomever I would like (along with the digital library I keep on my
hard drive). Apple has done a huge disservice in convincing people that vendor
specific draconian DRM was an acceptable thing.

~~~
ben1040
The issue is the new iOS 7 Activation Lock, not any content on the account.
Unless "Find my <iPhone/iPad>" is turned off before wiping, the device's
serial number is tied to the Apple ID that was previously signed into the
device. Even after a complete wipe and reinstall of the OS image, you still
cannot use the device without that account's password. The setup process will
ask you for that login info and will go no further unless you have it.

[http://support.apple.com/kb/ht5818](http://support.apple.com/kb/ht5818)

The intent with this is that if you lost your device or had it stolen from
you, even if you remotely wiped it, it would be worthless to anyone who may
have found it.

------
mherdeg
You know, I remember perusing Richard Stallman's "The Right to Read" in the
early 2000s and thinking "this is all extremely unlikely and way too
pessimistic, this stuff will never happen like this" —
[http://www.gnu.org/philosophy/right-to-
read.html](http://www.gnu.org/philosophy/right-to-read.html) — and here we
are, one step at a time, inching towards trapping our knowledge on devices
that only one person can ever use.

------
ioanpopovici
OMG just do a DFU Restore and be done with it. How is it crippled if you can
just restore it? I think the only thing crippled is their heads... You can
have whatever "activation lock" you want active if you do a DFU restore it
does not matter. The device will be restored and you'll have full access to
it. WTF why the drama?

------
jamdavswim
In the past, kings were buried with their swords and food for the afterlife,
perhaps now we'll be treated the same.

------
e28eta
Maybe too snarky, but they could have simply called Apple support and gotten
them to reset the password. If a hacker can impersonate a person, hopefully
this guy would know enough about his mom to do so too.

I'm hoping they already tried the security question route and were
unsuccessful.

------
mbrutsch
_sigh_ If you buy an iPad for your dying mum, ask her for her password. Before
she dies.

Problem solved.

I know all of my wife's passwords, and if my folks were alive, I'm sure I'd
know all of them, as well.

------
al2o3cr
Some people just can't win - if they _had_ granted access, half of HN would be
shrieking about "OMG APPLEZ INSECURE".

~~~
jug6ernaut
Possibly true, but at the same time, if apple had, this would probably have
never been a news article at all.

------
happyscrappy
This is one of those rare times when Android's inherently insecure system is
an advantage.

~~~
nb1981
lol you can't be serious

