The Apple vs FBI Cases - WordPress.comStatus 10/8/2015 Southern District of New York iPhone 4S....

© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.

By: Paul Rubell, Esq. Meltzer, Lippe, Goldstein & Breitstone, LLP

New York, New York

[email protected]

www.meltzerlippe.com

The Apple vs FBI Cases

1

mailto:[email protected]




THE SAN BERNADINO MASSACRE

When terrorism strikes home

2


THE EVIDENCE MAY BE STORED INSIDE

3


10 Failed Attempts….

4


THE HARDEST DECISONS

5


The Public Interest Debate

Personal Privacy Homeland Security Freedom of Speech Freedom of Press Due Process of Law Search and seizure – search warrants Supremacy of federal government States’ rights Judicial Activism Congressional Legislation Executive Branch 6


The Public Interest Debate

Technological Progress Going Dark Physical Security Cyber-security Internet of Things Health Care Financial Records Educational Records Personal Sex Life

7


8

• FBI • Federal Trade Commission • Health & Human Services • SEC • FCC • Dept of Defense • Dept of Treasury • Dept of Homeland Security • Dept of Education • State laws


What is Encryption?

Is this iPhone really encrypted? How is your data protected on the phone? Is that encryption, or just a locked door?

9


Alfred Charles Hobbs – The 1851 lock pick

10


Encryption Myths

Lock on door Scrambling data Security by obscurity Hiding the information Slowing down the intruder Cryptographic key Brute force attacks

11


Data

Data at rest Information stored in the cloud

Social media posts Device data (iPhone, laptops) Data in transit WhatsApp Google Hangouts Interactive social media (SnapChat) iMessage Skype

12


Apple & FBI can’t decrypt?

So many ways hardware methods to break into iPhone, widely published: • Cloning the NAND controller • Decapping (physically shaving off the CPU)

13


The California order compelling Apple to Assist FBI in search

14


Marc Zwillinger Letter – 2/17/2016

15


OTHER APPLE CASES – THIS ISN’T THE ONLY ONE!

Date Received

Jurisdiction Device Type iOS Version Status

10/8/2015 Southern District of New York

iPhone 4S 7.0.4 Apple objected (12/9/2015)

10/30/2015 Southern District of New York

iPhone 5S 7.1 Apple objected (12/9/2015)

11/16/2015 Eastern District of New York

iPhone 6 Plus 8.1.2 Apple objected (12/9/2015) iPhone 6 8.1.2

11/18/2015 Northern District of Illinois iPhone 5S 7.1.1 Apple objected (12/9/2015)

12/4/2015 Northern District of California

iPhone 6 8.0 (or higher) Apple objected (12/9/2015) iPhone 3 4.2.1 iPhone 3 6.1.6

12/9/2015 Northern District of Illinois iPhone 5S 7.0.5 Apple requested copy of underlying Motion but has not received it yet (2/1/2016)

1/13/2016 Southern District of California

N/A (device ID not yet provided)

N/A (device ID not yet provided, but the requesting agent advised device is pre- iOS 8)

Apple was advised by the requesting agent that she is seeking a new warrant. Apple has not yet received this warrant.

2/2/2016 Northern District of Illinois iPad 2 Wifi 7.0.6 Apple objected (2/5/2016)

2/9/2016 District of Massachusetts iPhone 6 Plus 9.1 Apple objected (2/11/2016)

16


BROOKLYN COURT ORDER

17


BOSTON COURT ORDER

18

https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwixo6Pgqo7MAhWLcz4KHTlbDT4QjRwIBw&url=https://commons.wikimedia.org/wiki/File:Apple_Logo.svg&bvm=bv.119408272,d.cWw&psig=AFQjCNHgIVqM9thq9OprPgyPlwVOWzLa3A&ust=1460730351947169


The All Writs Act (1789)

19

The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law. 28 U.S. Code § 1651


3 Factor Test under All Writs Act

20

1. So far removed test

2. Unreasonable burden test

3. Necessary assistance test

US v NY Telephone, 434 U.S. 159 (1977)


Apple’s Brief

21


Electronic Frontier Foundation Amicus Brief

22


Tech Industry – Amici Briefs

23


1st Amendment

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

24


1st Amendment UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA DANIEL J. BERNSTEIN, | No. C-95-0582 MHP | Plaintiff, | OPINION | vs. | | UNITED STATES DEPARTMENT OF STATE | et al., | Defendants. | ____________________________________|

"This court can find no meaningful difference between computer language, particularly high-level languages as defined above, and German or French....Like music and mathematical equations, computer language is just that, language, and it communicates information either to a computer or to those who can read it....

25


4th Amendment

Unreasonable search and seizure

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

26


A Man’s Home is his Castle

27


5th Amendment

Due Process:

No person shall be deprived of life, liberty, or property, without due process of law.

28


Stored Communications Act

A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system • If stored < 180 days, only pursuant to a warrant;

• If stored > 180 days, no warrant required.

18 U.S.C.§2703 29


Electronic Communications Privacy Act

The Attorney General may apply to a Federal judge and such judge may grant an order authorizing or approving the interception of wire or oral communications by the Federal Bureau of Investigation, when such interception may provide or has provided evidence of a major felony. 18 U.S.C. §2516

30


Verizon and AT&T

31


Is Apple a Telecomm Carrier?

32


Unimportant Data

33

• No data is unimportant • Every piece of data is important • Hackers, thieves • Foreign governments • Disgruntled employees


Mission-Critical Data

34

• Invisible information (metadata) • Geolocation • IP address • Operating system • Apps installed • Hosting and server information • External drives • Open source code


Legal Best Practices

35

WRITTEN POLICY MANUALS



36

• Social media policy • Internet use policy • Mobile use policy • E-mail use and retention policy • Data collection & retention policy


Corporate Electronic Policies

37

Transparent easy to understand Non-discriminatory apply uniformly Accountability behavior is regulated Monitor & edit content no surprises



38

Cyber-liability insurance • Protection • Need customized insurance policy for your

business • One size does not fit all • Not all policies are created equal



39

Cyber-liability insurance • Audit your insurance policies (not by

broker) • What are the policy’s exclusions? • Exclusions can make a policy useless for

your unique situation • Are defense costs inside or outside policy

limits?


Best Practices

40

• Design • Deploy

Conclusion

• Be aware of the risks • Mitigate • Develop best practices • Deploy them


42

Paul Rubell, Esq. (212) 201-1720 [email protected] Blog: paulrubellblog.wordpress.com

Contact Information


The Apple vs FBI Cases - WordPress.comStatus 10/8/2015 Southern District of New York iPhone 4S....

Documents

Transcript of The Apple vs FBI Cases - WordPress.comStatus 10/8/2015 Southern District of New York iPhone 4S....