
Under iOS 11, authorities won’t be able to image your device without a passcode - gopalakrishnans
https://arstechnica.com/tech-policy/2017/09/its-about-to-get-tougher-for-cops-border-agents-to-get-at-your-iphones-data/
======
matt_wulfeck
I have never seen a company both so technically capable and supportive of user
privacy as Apple. It stands completely apart from all of the tech giants of
today.

~~~
StavrosK
That is very true, but I find it very sad that, as much as Apple is pro-
privacy, it's very anti-freedom. I'd love to switch to a device as private as
an iPhone, but at this point you're just renting the device from them.

~~~
dkonofalski
It's not anti-freedom. It's just pro-ease-of-use and it's easier to guarantee
a quality experience when there are less unknowns and less variables to
account for. When everyone is using the same device with the same software,
it's much easier to guarantee a great experience.

~~~
steve19
Allowing side loading of apps would not impact usability in anyway.

Edit: It would massively increase the usability, allowing any apps to be
installed, not just Apple approved apps, making the phone more usable to many
people. Back in the day I had to buy a dev account just to load an emulator I
wanted to use (it was open source) without rooting.

~~~
dkonofalski
That is objectively untrue. Every system that has allowed sideloading of apps
has been compromised by that very feature.

~~~
StavrosK
"Every society that has been allowed to drive cars has had car accidents."

I know the risks, I want to do it anyway. I don't want a nanny over my head.

~~~
braythwayt
That may be a better analogy than you intend. The problem with cars is that
everyone suffers the consequences of your driving. In fact, you may have the
least exposure to the carbon monoxide, pollution, or even accident risk.
Pedestrians, cyclists, property owners, and other drivers are all at risk of
your driving.

For that reason, societies tightly regulate car ownership and driving. More so
than phones: I don’t need a license to use a phone, nor do I have to register
my ownership or have it regularly inspected.

But technology these days has this same characteristic: Others bear the costs
of your decision. Every device connected to the internet is a DDOS vector.

I don’t want you deciding whether to keep your device up to date with the
latest security patches, because if you (and a few million others) don’t,
GitHub is down for me.

~~~
StavrosK
So, are you doing the responsible thing and not using a laptop, or any device
that's vulnerable, like a router?

------
arkadiyt
For anyone concerned that authorities force you to give up your password to
them (thus allowing them to image your device), you can pair your iPhone to a
computer with a MDM (managed device profile), which will prevent any other
device from connecting to it. iOS security researcher (now Apple employee)
Jonathan Zdziarski has 2 blog posts on this:

Counter-Forensics: Pair-Lock Your Device with Apple’s Configurator:

[https://www.zdziarski.com/blog/?p=2589](https://www.zdziarski.com/blog/?p=2589)

Protecting Your Data at a Border Crossing:

[https://www.zdziarski.com/blog/?p=6918](https://www.zdziarski.com/blog/?p=6918)

~~~
amckenna
That's a great idea! Does anyone know if this technique works with iOS 10? The
linked blogpost is for iOS 7 and 8

~~~
dannyw
Yes, the underlying technique has not changed and works for iOS 11 (beta).

By the way, the writer of this post now works for Apple on their Security
Architecture team.

I would not be surprised if this change came from him.

------
ianferrel
_In the February 2017 case of a California artist who was questioned at San
Francisco International Airport upon re-entry, after he finally agreed to
unlock his iPhone, it was taken out of his sight for several minutes and could
have been imaged without his knowledge. Under iOS 11, unless the artist, Aaron
Gach, decided to actually give up the passcode (rather than type it in
himself), he could at least have been reasonably confident that the phone
could not be imaged without his knowledge._

So, doesn't this just mean that border agents will force you to write down
your password, key it in themselves to verify that it works, then walk away
with the phone to image it?

~~~
thephyber
As mentioned elsewhere, Apple can't prevent "rubber hose decryption" (where
someone compels/coerces/tortures you to get access to an unlocked phone). I
suspect this feature wasn't designed to prevent that threat.

My guess is this somehow foils or mitigates the workaround that the Israeli
company sold to the FBI after the San Bernadino phone issue.

~~~
clamprecht
They could add a "duress passcode", with an alternate reality of data. I don't
expect them to, but it's possible. Bitcoin hardware wallets have this kind of
feature to help avoid wrench attacks.

~~~
eridius
Lying to a federal agent is a crime.

Edit: No seriously. See
[https://en.wikipedia.org/wiki/Making_false_statements](https://en.wikipedia.org/wiki/Making_false_statements).
Refusing to unlock your device is one thing. Claiming that you did unlock it
but in fact just used a "duress passcode" is a lie and can land you in jail.

~~~
grecy
So don't lie about it.

"I just entered my duress pass code, the device is now wiped".

Can they charge you with destruction of evidence when they have no idea
if/what evidence was on the phone?

~~~
nly
If you're willing to destroy the data to prevent it being read, why not just
wipe the phone before you leave and restore it from an encrypted online backup
when you arrive?

~~~
Mithaldu
Arriving with "empty phone" has also caused refusal of permission to enter in
the past.

------
mtgx
> These changes are coming in conjunction with another privacy-minded feature
> that will disable Touch ID by pressing the power button five times.

Wow, that's really nice. I wish Google was so forward thinking about things
like this. I see no reason why a fingerprint authentication should be forced
upon someone anymore than a password unlock would be. The only reason this is
how it works today is because it's much "easier" for the government for force
your finger onto the phone, or take blood from you, or hair, and so on - and
they can't really do that with passwords. But we can fight back with
technology and ingenuity and ensure that a fingerprint auth is "just as good"
as as password, at least from this point of view (government forcing you to
give it away).

~~~
adekok
> I see no reason why a fingerprint authentication should be forced upon
> someone anymore than a password unlock would be.

In Canada, there is a difference. A fingerprint is something you have. A
password is something you know. Police can compel you to use your fingerprint
to unlock the phone. They can't compel you to disclose the password.

~~~
KGIII
Canada forces people to unlock their phones, when crossing the border, quite
frequently - and have for years. They will make you unlock it, or disallow
entry and/or detain you.

There's a whole series that shows this. It's Canadian Border Guard, or
similar. I see it when I cross the border, which I do with some frequency. I
just unlock my phone for them.

~~~
adekok
As does the States.

What I meant was that _inside of Canada_ , there are situations where the
police don't need a search warrant for your phone. You can unlock it with your
fingerprint, so it's legally "open" and searchable.

If you have a passphrase, then they need to _know your mind_ in order to
unlock it, and they can't force you to disclose something you know.

~~~
KGIII
Ah, okay. Yes, inside the US it is pretty much the same. Borders are the
exception and, I think, you need to actually be crossing in order for them to
demand it. Citizens are immune, for the most part.

Curiously, citizens aren't immune in Canada. I have dual citizenship and they
still sometimes want to flip through my phone. No, I'm not sure why. They have
had me power on and unlock my laptop a couple of times, as well.

------
throw2016
When you need Apple or any technology to fight for your privacy against your
own government you know you are in serious trouble.

The government has no right to interfere with your personal effects, this is
fundamental to freedom and democracy, and the idea of the private individual.

Yet it seems this too is 'normalized' and citizens are more interested in
technology workarounds to deal with this abuse from the state.

------
mLuby
Here's hoping for multiple password options that unlock secret partitions.
Best way through authority is plausible deniability.

------
punnerud
What if Apple also added a feature for showing an innocent/clean phone if a
specific password is pressed? How would the law enforcement know the
difference? You only need to show the cellular call log, because they already
have it and could use it to prove that you used the "mode".

------
csomar
Anyone could shed a light on how difficult would be the implementation of the
following:

\- All data encrypted by default

\- The "dump" of the phone memory or macbook hard-drive makes it looks like
the whole drive is full. It means that the free space is populated with random
data that is, itself, encrypted.

\- User can switch from his user profile to a fake user-profile and import
some data (like contacts/messages/photos)

~~~
cstrat
This would be awesome.

~~~
csomar
No it is not. It signifies a divide between the tech sector which strives for
privacy and government (which is/was supposed to protect the people)

~~~
cstrat
Oh? I might have misunderstood your post.

I thought you were suggesting a way that meant phone backups all appear the
same size as the disk 100% of the time. (meaning the true volume of content is
hidden)

Then the second point is the user could potentially have two (or more)
profiles on the device, and it is possible to unlock it into one or the other.
Meaning a user under duress can unlock a device and not reveal the true
content while the person trying to get into the device has no way of knowing
if that is the true profile or not.

I figured that would be a pretty sweet feature. It would also tie neatly into
allowing users to have multiple profiles on their device which is currently
impossible on iOS...

~~~
csomar
It is a good feature, but my comment was on "awesome". It is not an awesome
situation, far from it.

~~~
cstrat
ahhh, haha ok I see!

yeah it isn't awesome that we feel we _need_ these security features. However
I think even without the fear of government (etc...) this is still a great
feature I would love to have.

------
HugoDaniel
Here is a slide from the PRISM leaks:

[http://www.washingtonpost.com/wp-
srv/special/politics/prism-...](http://www.washingtonpost.com/wp-
srv/special/politics/prism-collection-documents/images/prism-slide-4.jpg)

#neverforget

~~~
archvile
The mention that is varies by provider is notable. Apple encrypts End-to-end
all iMessage chats, as well as FaceTime (VoIP) calls. None of the other
providers on that list do that, so at least there's that.

Also, people here act like Apple jumped willingly onboard the PRISM program.
You can bet your ass their arm was twisted by the government or they were
taken into the program unknowingly (datacenter ISP taps, etc).

~~~
HugoDaniel
"Apple encrypts End-to-end all iMessage chats, as well as FaceTime (VoIP)
calls."

End-to-end encryption does not guarantee that Apple keeps your data encrypted,
or that they don't process it for 3rd parties (NSA would fit as a 3rd party,
where Apple would be for them a content provider, as the slide shows).

"You can bet your ass their arm was twisted by the government or they were
taken into the program unknowingly (datacenter ISP taps, etc)."

Can you back that up ? How can you be so sure ?

~~~
zimpenfish
> End-to-end encryption does not guarantee that Apple keeps your data
> encrypted

I'm probably misunderstanding something here but doesn't "end-to-end
encryption" mean that A encrypts it with B's key and [whoever is in the middle
passing it along] can't decrypt it because they don't have B's key?

~~~
HugoDaniel
Yup, so Apple knows about your data.

And according to that slide they are a "provider" for NSA.

End-to-end encryption at least maybe guarantees that it is not your ISP that
is selling you out to NSA (making it harder for Apple to explain why they are
on that list).

~~~
zimpenfish
How does Apple know about your data unless they have B's key?

~~~
HugoDaniel
Who generates the keys for B ?

------
knodi
This is why I love Apple.

------
q3k
Until forensic companies get hold of new exploits. Which is how high-value
targets have been getting dumped for a while now.

------
Havoc
Technological solutions to a non-tech problem. The US have demonstrated
they'll quite happily just lock people up forever if they can't get to the
encrypted data.

Good on Apple, but not a solution.

~~~
sqeaky
Do it to one man and its an oddity, do it to a thousand and lots of people
will be demanding change. This makes it more likely it will happen to lots of
people.

------
dataangel
With it being such a closed platform, what are the odds this is actually true?
There's no way to verify that they don't have a skeleton key.

~~~
tajen
At least I'm confident the French, Turkish and NK governments don't have the
keys. The FBI wouldn't share the secret with simple policemen, unless for
extremely rare reasons, in which case iPhone security isn't your main problem.

------
bobsil1
Face ID is going to screw this all up. Cops won't even need your cooperation
to unlock.

~~~
valine
Apple is adding a kill switch to iOS 11 that lets you discreetly disable Touch
ID (and presumably Face ID) by hitting the power button 5 times. And of course
if you're concerned you can opt out of Touch or Face ID entirely and simply
use a pass-code.

[https://www.theverge.com/2017/8/17/16161758/ios-11-touch-
id-...](https://www.theverge.com/2017/8/17/16161758/ios-11-touch-id-disable-
emergency-services-lock)

~~~
X86BSD
I think I would prefer the passcode which can be set to a length much larger
than 4 digits when travelling or getting anywhere near fed-gov.

~~~
bobsil1
Default PIN has been 6 digits since iOS 10, and you can make it a long
passphrase instead.

~~~
X86BSD
I am aware. I don't know why I phrased it the way I did. I meant I would
rather use that feature of the longer passcode instead of facial recognition.
Bad grammar for the win.

------
cgb223
With facial unlock couldn't they just hold my phone up to my face to image it?

~~~
sim0n
The article says they will no longer allow Touch ID to trust a computer, I
imagine they also won't allow Face ID.

