[Cryptography] FBI may have royally screwed up chain of custody of Terrorist's iPhone

Tom Mitchell mitch at niftyegg.com
Sun Feb 21 01:53:47 EST 2016 

On Fri, Feb 19, 2016 at 5:24 PM, Tamzen Cannoy <tamzen at cannoy.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> So it’s being claimed that someone, (FBI says San Bernardino Health Dept)
> changed the password on the iPhone, 24 hours after the phone was in FBI
> custody, thereby breaking chain of custody and making it impossible to get
> into the phone without Apple’s help.
>
> So it well may be that the MDM being used on the phone by the Health Dept,
> has already locked/wiped/whatever that phone.
>
>
> http://www.macrumors.com/2016/02/19/apple-government-changed-apple-id-password/


If the chain of custody is broken then the evidentiary value of
the device is near zero.   That may change the context of the issue
and call into question those asking for the service.
It may nullify the order, there would be issues with evidence
of the poison tree and following known to be obtained illegally
may be a rabbit hole.

It the warrant does say "trust" us after you modify the boot/login code.

The previous service provided by Apple dumped the image of the device into
a file
that can be signed and identified with multiple checksums, bit and
byte counts etc.   i.e. Apple tech under supervision of the requesting
agency can
swear that the image is the same exist image dumped.  That step is
missing here.

Apple does have experience in this business and may have a bitter taste
from
the first hand interactions with the reality of the business, hidden
secrets, arm twisting,
and consequences of such a business.   Since this device is different a
different
process must be in place and I suspect the court should review it and not
be an unwitting party to troubles.

This simply allows the opening of a volatile device inside a locked FBI
office.
In general the FBI is good with physical evidence but digital evidence
is different.  It is hard to cut a sample in half to be inspected by
another for a cross check in this case.

The next tool request may be for a device binary dump.  Once it can
be shown that Apple can be compelled to do something else novel that it
does not want to do.

How does one place an Etch-a-Sketch into evidence?

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160220/07d24c0e/attachment.html>

More information about the cryptography mailing list