<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Fri, Feb 19, 2016 at 5:24 PM, Tamzen Cannoy <span dir="ltr"><<a href="mailto:tamzen@cannoy.org" target="_blank">tamzen@cannoy.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
So it’s being claimed that someone, (FBI says San Bernardino Health Dept) changed the password on the iPhone, 24 hours after the phone was in FBI custody, thereby breaking chain of custody and making it impossible to get into the phone without Apple’s help.<br>
<br>
So it well may be that the MDM being used on the phone by the Health Dept, has already locked/wiped/whatever that phone.<br>
<br>
<a href="http://www.macrumors.com/2016/02/19/apple-government-changed-apple-id-password/" rel="noreferrer" target="_blank">http://www.macrumors.com/2016/02/19/apple-government-changed-apple-id-password/</a></blockquote><div><br></div><div>If the chain of custody is broken then the evidentiary value of </div><div>the device is near zero. That may change the context of the issue </div><div>and call into question those asking for the service. </div><div>It may nullify the order, there would be issues with evidence</div><div>of the poison tree and following known to be obtained illegally</div><div>may be a rabbit hole.<br><br>It the warrant does say "trust" us after you modify the boot/login code. </div><div><br></div><div>The previous service provided by Apple dumped the image of the device into a file</div><div>that can be signed and identified with multiple checksums, bit and</div><div>byte counts etc. i.e. Apple tech under supervision of the requesting agency can </div><div>swear that the image is the same exist image dumped. That step is </div><div>missing here. </div><div> <br>Apple does have experience in this business and may have a bitter taste from </div><div>the first hand interactions with the reality of the business, hidden secrets, arm twisting,</div><div>and consequences of such a business. Since this device is different a different</div><div>process must be in place and I suspect the court should review it and not</div><div>be an unwitting party to troubles.</div><div><br>This simply allows the opening of a volatile device inside a locked FBI office. <br>In general the FBI is good with physical evidence but digital evidence</div><div>is different. It is hard to cut a sample in half to be inspected by </div><div>another for a cross check in this case.</div><div><br></div><div>The next tool request may be for a device binary dump. Once it can </div><div>be shown that Apple can be compelled to do something else novel that it</div><div>does not want to do.<br></div></div><div class="gmail_extra"><br>How does one place an Etch-a-Sketch into evidence?</div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>