Close
Enter your
text here

Security

Former IT Administrator Found Guilty for Deleting Files, Faces Possible Jail Time: eDiscovery Trends

Last month, we covered the case of a former IT administrator who was charged with hacking into the computer system of his former employer and deleting files.  Here’s a case where another former IT administrator was found guilty by a Texas jury for deleting files – while still employed by the company – and faces possible jail time!

As covered by Wired (A Texas Jury’s Guilty Verdict Should Worry IT Admins, written by Andy Greenberg), last week, a jury in the trial of 37-year-old Michael Thomas found him guilty of violating the Computer Fraud and Abuse Act, a verdict with a maximum sentence of 10 years in prison and up to $250,000 in restitution payments.  However, in this case, he’s accused of deleting a collection of his employer’s files before leaving his job as a systems administrator at the auto dealership software firm ClickMotive in 2011.

As Thomas’ lawyer Tor Ekeland has pointed out, Thomas wasn’t charged with the usual CFAA violation of “unauthorized access” or “exceeding authorized access,” but rather “unauthorized damages”.  Thomas’s guilty verdict, argues Ekeland, is “dangerous for anyone working in the IT industry. If you get in a dispute with your employer, and you delete something even in the routine course of your work, you can be charged with a felony.”

Prosecutors, on the other hand, called the case a victory. “The jury’s verdict in this case sends an important message to IT professionals everywhere: an employee in the defendant’s position holds the proverbial keys to the kingdom and with that power comes great responsibility,” wrote U.S. Attorney Bales in a press statement. “Intentionally causing damage to a computer system without authorization is a criminal act that can and will be prosecuted.”

During the trial, the prosecution presented evidence that Thomas intentionally harmed ClickMotive by combing through executives’ email, tampering with the network’s error-alert system, and changing authentication settings that disabled the company’s VPN for remote employees. He also deleted 615 backup files and some pages of an internal wiki.  ClickMotive claimed that those changes caused $140,000 in damages as they struggled to determine the extent of Thomas’s tampering.

The defense detailed at trial how Thomas went into the company’s offices the weekend before he quit—just days after layoffs—to help defend the company against a denial-of-service attack on its website and to repair a cascading power outage problem. And the 615 backup files he deleted were all replicated elsewhere on the network.  Ekeland also points out that the prosecution never entered Thomas’s employment agreement as evidence, and yet used that agreement to define the “unauthorized damages” that constitute his crime. “There was not a single communication produced at trial, a single written document that showed he wasn’t authorized to do what he did,” says Ekeland. “After the fact, your boss says ‘that wasn’t authorized,’ you violated an unwritten policy, and bang, you’re hit with a felony.”

Thomas’s defense team says they plan to ask the judge in the trial to overrule the jury under a Rule 29 motion, and if that fails, to seek an appeal.

So, what do you think?  Should IT administrators be held criminally liable for deleting employer files?  Or should their liability be limited to civil damages?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Rule Change Could Facilitate the Government’s Ability to Access ESI in Criminal Investigations: eDiscovery Trends

A rule modification adopted by the United States Supreme Court that significantly changes the way in which the government can obtain search warrants to access computer systems and electronically stored information (ESI) of suspected hackers could go into effect on December 1.

On April 28, the Supreme Court submitted the amendments to the Federal Rules of Criminal Procedure that were adopted by the Supreme Court of the United States pursuant to Section 2072 of Title 28, United States Code.  One of those proposed rule changes, to Federal Rule of Criminal Procedure 41, would enable “a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if:”

  • “the district where the media or information is located has been concealed through technological means; or”
  • “in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.”

Currently, the government can only obtain a warrant to access ESI from a magistrate in the district where the computer with the stored information is physically located.

As reported in JD Supra Business Advisor (Come Back With a Warrant: Proposed Rule Change Expands the Government’s Ability to Access Electronically Stored Information in Criminal Investigations, written by Thomas Kurland and Peter Nelson), proponents of the rule change say it is necessary to allow the government to respond quickly to cyber-attacks of unknown origin – particularly malicious “botnets” – which are becoming increasingly common as hackers become ever more sophisticated.

However, others say the rule change will significantly expand the government’s power to search computers without their owners’ consent – regardless of whether those computers belong to criminals or even to the victims of a crime.  One US senator, Ron Wyden of Oregon, has called for Congress to reject the rules changes, indicating that they “will massively expand the government’s hacking and surveillance powers” and “will have significant consequences for Americans’ privacy”.  He has indicated a “plan to introduce legislation to reverse these amendments shortly, and to request details on the opaque process for the authorization and use of hacking techniques by the government”.

So, what do you think?  Will Congress reverse these amendments?  Should they?  Please share any comments you might have or if you’d like to know more about a particular topic.

Just a reminder that I will be moderating a panel at The Masters Conference Windy City Cybersecurity, Social Media and eDiscovery event tomorrow (we covered it here) as part of a full day of educational sessions covering a wide range of topics.  CloudNine will be sponsoring that session, titled Faster, Cheaper, Better: How Automation is Revolutionizing eDiscovery at 4:15.  Click here to register for the conference.  If you’re a non-vendor, the cost is only $100 to attend for the full day!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Former IT Administrator with “Keys to the Kingdom” Charged with Hacking into Former Employer: eDiscovery Trends

A former IT administrator pled not guilty earlier this month to federal charges of hacking into the computer system of Blue Stone Strategy Group – an Irvine-based company and the man’s former employer – and deleting files.

As announced by the U.S. Attorney’s Office in California, Nikishna Polequaptewa, 34, surrendered to federal employees after being indicted by a federal grand jury in March on one count of unauthorized impairment of a protected computer. At his arraignment, he entered a not guilty plea, was ordered released on a $25,000 bond and was ordered to stand trial on June 28.

“IT administrators often hold the ‘keys to the kingdom’ for companies,” said United States Attorney Eileen M. Decker. “Disgruntled IT administrators can therefore pose a grave threat to businesses, which must take measures to protect themselves when letting such an employee go.”

According to the indictment, Blue Stone provided consulting services to Native American tribal governments throughout the United States. Polequaptewa was responsible for information technology at Blue Stone until November 2014, when he was relieved of his duties, which led to his resignation. The indictment states that Polequaptewa repeatedly accessed the Blue Stone internal server, a desktop computer, and remote accounts held by Blue Stone immediately following his resignation, and allegedly deleted various files belonging to the company.  The computer hacking charge in the indictment carries a statutory maximum penalty of 20 years in federal prison.

Of course, as the announcement notes, “[e]very defendant is presumed to be innocent until and unless proven guilty in court”.  Nonetheless, as US Attorney Decker points out, organizations need to have a plan in place for protecting themselves that at least includes closing accounts and changing credentials when key IT personnel leave the company.

So, what do you think?  Does your organization have a plan in place to lock down access when IT personnel leave?  Please share any comments you might have or if you’d like to know more about a particular topic.

Thanks to Peter S. Vogel’s Internet, Information Technology & e-Discovery Blog for the tip!

Just a reminder that I will be moderating a panel at The Masters Conference Windy City Cybersecurity, Social Media and eDiscovery event next Tuesday, May 24 (we covered it here) as part of a full day of educational sessions covering a wide range of topics.  CloudNine will be sponsoring that session, titled Faster, Cheaper, Better: How Automation is Revolutionizing eDiscovery at 4:15.  Click here to register for the conference.  If you’re a non-vendor, the cost is only $100 to attend for the full day!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Next Batch of “Dirty Laundry” within the “Panama Papers” Will Be Searchable: eDiscovery Trends

“Kick ’em when they’re up, Kick ’em when they’re down, Kick ’em when they’re up, Kick ’em all around” – this seems to be my week for covering Don Henley songs.  Based on reports, the next batch of “Dirty Laundry” from the “Panama Papers” will not only provide more details about hundreds of thousands of secret offshore entities, it will also be searchable.

According to CNET (Panama Papers Part 2: The world’s dirty laundry becomes searchable, written by Claire Reilly), the International Consortium of Investigative Journalists (ICIJ) will release on Monday, May 9 a searchable database with information on more than 200,000 offshore entities that are part of the “Panama Papers” investigation.

As the ICIJ stated in its announcement, “The database will likely be the largest ever release of secret offshore companies and the people behind them… When the data is released, users will be able to search through the data and visualize the networks around thousands of offshore entities, including, when available, Mossack Fonseca’s internal records of the company’s true owners. The interactive database will also include information about more than 100,000 additional companies that were part of the 2013 ICIJ Offshore Leaks investigation.”

The ICIJ also stated that the information “will not be a ‘data dump’ of the original documents – it will be a careful release of basic corporate information.”

Since its release due to a data breach of 11.5 million documents (2.6 total TB of data) at Panamanian law firm Mossack Fonseca, the “Panama Papers” investigation has led to high profile resignations, including the prime minister of Iceland.  It also has triggered official inquiries in multiple countries; and put pressure on world leaders and other politicians to explain their connections to offshore companies. It sparked a new sense of urgency among lawmakers and regulators to close loopholes and make information about the owners of shell companies public.

Last month, founding partner Ramon Fonseca claimed that, despite the huge amount of data exposed, the data breach was not an inside job.  “We rule out an inside job. This is not a leak. This is a hack,” he told Reuters at the company’s headquarters in Panama City’s business district.

So, what do you think?  What lessons, if any, can be learned from the Panama Papers fiasco?  Please share any comments you might have or if you’d like to know more about a particular topic.

Thanks to Sharon Nelson’s Ride the Lightning blog for the tip on the story!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Nearly Two Thirds of Confirmed Data Breaches Were Related to Password Issues: eDiscovery Trends

You’ve got to love a report that starts with the Yogi Berra quote “It’s like déjà vu, all over again.”  Sadly, when it comes to data breaches, it seems like that statement – however redundant – is more true than ever.

Verizon’s 2016 Data Breach Investigations Report doesn’t waste any time providing useful statistics regarding the state of data breaches – they state right on the cover of the report that “89% of breaches had a financial or espionage motive.”  Honestly, I’m surprised it’s not higher.

Another notable stat is that “63% of confirmed data breaches involved weak, default or stolen passwords.”  As we noted when covering last year’s report, almost thirty percent of data security incidents were due to human error, so it’s not surprising that password breaches are a major cause of data breaches.  Though a lot of the instances of stolen credentials were due to the Dridex botnet (which is banking malware that leverages macros in Microsoft Office to infect systems and steals banking credentials).  In addition to stolen credentials, other malware, phishing, and keyloggers are other top threats.

Other notable statistics:

  • This year’s dataset is made up of over 100,000 incidents, of which 3,141 were confirmed data breaches. Of these, 64,199 incidents and 2,260 breaches comprise the finalized dataset that was used in the analysis and figures throughout the report.
  • The report features incidents affecting organizations in 82 countries and across a myriad of industries
  • As for the industries that were most hit, financial firms were not surprisingly hit with (by far) the most data breaches last year (795), followed by the accommodation/hotel sector (282), information sector (194), public sector (193), retail (137), and healthcare (115).
  • Almost 93 percent of breach compromise incidents occurred within minutes, with 11 percent of those occurring within seconds. But, less than 25% of those breaches are discovered within days.  So, the bad guys get a big head start.

Like the number of data breaches, the report has grown from 70 pages last year to 85 pages(!) this year.  Nonetheless, it’s chock full of graphics and statistics which makes it easier to read than the size of the report indicates.  It covers every type of classification of security incidents you can imagine, from web app attacks to point-of-sale intrusions to crimeware and denial-of-service attacks (which is the only reason we’ve ever missed a scheduled blog post).

You can download a copy of the report here.  Once again, you can register and download the report or just choose to download the report (which I did).  If you want to check out a comprehensive and interesting report on data breaches over the past year, this is it.

So, what do you think?  Have you ever experienced any data breaches, either personally or professionally?  Please share any comments you might have or if you’d like to know more about a particular topic.

Special thanks to Melissa Rogozinski, President of ESIRT, for hosting the roundtable in Birmingham yesterday and to all who attended, in person or via the web.  Also, thanks for Jerome Tapley and Kristian Rasmussen from Cory Watson and Paul Zimmerman from Christian & Small for their excellent insight and experience sharing.  It was an enjoyable and educational event!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Well, That Didn’t Take Long! Apple v. the US Government Gears Up for Round Two: eDiscovery Trends

When the FBI was able to access the iPhone used by one of the gunmen in the San Bernardino terrorist shooting, effectively ending the six week dispute between Apple and the FBI over privacy and security, we said the battle was over – for now.  Apparently, “for now” was the same as “not for long”.

According to re/code (Apple-FBI Encryption Battle Shifts to New York, written by Dawn Chmielewski), the U.S. Attorney’s office notified a federal judge in Brooklyn on Friday that the government plans to press forward with its request to have Apple assist in unlocking a phone seized in a Brooklyn drug case, moving the low-profile case to center stage in the ongoing debate over encryption.

“The government’s application is not moot and the government continues to require Apple’s assistance in accessing the data that it is authorized to search by warrant,” U.S. Attorney Robert Capers wrote to the court.

Apple had requested a delay in the case until it could be determined whether the FBI’s new technique for hacking an iPhone 5c used by one of the San Bernardino shooters could also unlock the device in the Brooklyn case.

Back in February, a federal judge ordered Apple to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters, a court order that Apple has fought, accusing the federal government of an “overreach” that could potentially breach the privacy of millions of customers.  That same day, Apple CEO Tim Cook published an open letter, pledging to fight the judge’s ruling that it should give FBI investigators access to encrypted data on the device.  And, the two sides battled over the issue in court until the FBI was successfully able to access the iPhone on its own toward the end of March.

As many predicted, it was only a matter of time before another dispute with a government agency over Apple security made its way to the courtroom.  When that government agency is not able to find a way to access the Apple device and requests assistance from the court, I would expect to see a long drawn-out court battle over the issue – one that privacy and security advocates will undoubtedly continue to debate.

So, what do you think?  Is this the case where the true battle between Apple and the US government will be waged?  Please share any comments you might have with us or let us know if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

“Panama Papers” Hack Wasn’t an Inside Job, Says Founding Partner: eDiscovery Trends

It seems that everybody is talking about the huge data leak of 11.5 million documents (2.6 total TB of data – that’s right, terabytes) at Panama-based law firm Mossak Fonseca that appears to have exposed illicit offshore holdings of global political leaders and celebrities (among others), dubbed the “Panama Papers”.  Now, a founding partner at the firm has indicated that the leak was not an inside job.

“We rule out an inside job. This is not a leak. This is a hack,” founding partner Ramon Fonseca told Reuters at the company’s headquarters in Panama City’s business district.  “We have a theory and we are following it,” he continued, without elaborating.

“We have already made the relevant complaints to the Attorney General’s office, and there is a government institution studying the issue,” he added, flanked by two press advisers.

Claiming that “[t]he (emails) were taken out of context”, Fonseca said that “The only crime that has been proven is the hack.  No one is talking about that. That is the story.”

As the Reuters article notes, governments across the world have begun investigating possible financial wrongdoing by the rich and powerful after the International Consortium of Investigative Journalists (ICIJ) published a report on Monday based upon a yearlong study of some 2.6 TB of leaked data, mostly emails from the law firm that span four decades.

The papers have revealed financial arrangements of prominent figures, including friends of Russian President Vladimir Putin, relatives of the prime ministers of Britain and Pakistan and Chinese President Xi Jinping, and the president of Ukraine.  On Tuesday, Iceland’s prime minister, Sigmundur David Gunnlaugsson, resigned, becoming the first casualty of the leak.

The idea that the data was hacked externally as opposed to someone inside the firm stealing or copying a hard drive or tape seems difficult to believe.  It takes a long time to transmit 2.6 terabytes of data – we’re talking weeks, not days, of continuous transmission.  Either the firm was utterly clueless as their sensitive data was being pulled right out from under their noses for a long period of time or there is more to the story.

One story that was somewhat humorous this week was that George Mason University was forced to tweak the renaming of its law school to honor the late Supreme Court Justice Antonin Scalia because of an unfortunate acronym.  The school had to change the proposed name from the Antonin Scalia School Of Law (see the problem here?) to the Antonin Scalia Law School.

The acronym for Mossak Fonseca is an unfortunate acronym too.  I’ll bet when the members of that firm realized that their data had escaped out into the public, they uttered a few unfortunate acronyms of their own (possibly in both Spanish and English).

So, what do you think?  Do you believe that the data was hacked from the outside?  Or do you think something else happened?   Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Breaking News: The BIG Battle between Apple and the FBI is Over – For Now: eDiscovery Trends

Last week, we reported that the FBI said that it might no longer need Apple’s assistance in opening an iPhone used by a gunman in the San Bernardino, Calif., rampage last year.  Looks like that was the case.

According to CNN Money (FBI says it has cracked terrorist’s iPhone without Apple’s help, written by Jackie Wattles and Laurie Segall), the Department of Justice says the FBI has accessed the iPhone used by one of the gunmen in the San Bernardino terrorist shooting, with the help of an unnamed third party.  Saying that it has successfully retrieved the data from the phone, the Justice Department is asking the court to vacate its order from last month for Apple’s assistance.

“The FBI has now successfully retrieved the data stored on the San Bernardino terrorist’s iPhone and therefore no longer requires the assistance from Apple required by this Court Order,” DOJ spokeswoman Melanie Newman said in a statement.

Government officials did not go into detail about what was found on the phone.

The two sides were due in court last week, but the judge granted a last minute request from the DOJ to postpone the hearing, saying an unidentified “outside party” came to the FBI with an alternative method for hacking into the phone.  On Monday, the DOJ said the method only works on this particular phone, which is an iPhone 5C running a version of iOS 9 software.

A law enforcement official, speaking to reporters on condition of anonymity, would not reveal how it pulled off this hack. He would not name the “third party” that helped the FBI. And he refused to say whether the FBI will disclose this hacking method to Apple so the company can protect future phones from being hacked this way.  “We can’t comment on the possibility of future disclosures at this point,” the law enforcement official said.

Last month, a federal judge ordered Apple to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters, a court order that Apple has fought, accusing the federal government of an “overreach” that could potentially breach the privacy of millions of customers.  That same day, Apple CEO Tim Cook published an open letter, pledging to fight the judge’s ruling that it should give FBI investigators access to encrypted data on the device.  And, the two sides have battled over the issue in court over the past month.

So, who is this “outside party”?  Was Steve Jobs resurrected over the weekend?  It was Easter, after all.  :o)  Regardless, it appears that the dispute is over – at least until the next time that the DOJ and the FBI need to hack into an Apple device.

So, what do you think?  Do you think we will see more disputes like this in the future?  Please share any comments you might have with us or let us know if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

FBI May Be Able to Unlock Terrorist’s iPhone without Apple’s Help: eDiscovery Trends

In court on Monday, the FBI said that it might no longer need Apple’s assistance in opening an iPhone used by a gunman in the San Bernardino, Calif., rampage last year.

According to The New York Times (U.S. Says It May Not Need Apple’s Help to Unlock iPhone, written by Katie Benner and Matt Apuzzo), in its court filing, the government said an outside party had demonstrated a way for the FBI to possibly unlock the phone used by the gunman, Syed Rizwan Farook. The hearing in the contentious case — Apple has loudly opposed opening the iPhone, citing privacy concerns and igniting a heated debate — was originally set for Tuesday.

In its filing, the Justice Department, while noting that the method must be tested, stated that if it works “it should eliminate the need for the assistance from Apple”. The Justice Department added that it would file a status report by April 5 on its progress.  Judge Sheri N. Pym, the federal magistrate judge in the United States District Court for the Central District of California who was set to hold the hearing, agreed to grant the Justice Department’s motion to postpone the hearing.

As the article notes, “The emergence of a potential third-party method to open the iPhone was a surprise, as the government said more than a dozen times in court filings that it could open the phone only with Apple’s help. The FBI director, James B. Comey Jr., also reiterated that point several times during a hearing before Congress on March 1.”

Last month, a federal judge ordered Apple to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters, a court order that Apple has fought, accusing the federal government of an “overreach” that could potentially breach the privacy of millions of customers.  That same day, Apple CEO Tim Cook published an open letter, pledging to fight the judge’s ruling that it should give FBI investigators access to encrypted data on the device.  And, the two sides have battled over the issue in court over the past month.

In the meantime, everyone from Google Chief Executive Sundar Pichai to Donald Trump has weighed in on whether Apple should help unlock the iPhone for the investigation.  In addition, Apple claimed that had the passcode to Syed Farook’s iPhone not been reset hours after the shooting (at the consent of the FBI), the company would have been able to initiate a backup of the phone’s data to its associated iCloud account in order to retrieve its contents.  And, PCWorld reported that if San Bernardino County had been using a Mobile Device Management (MDM) service on its employees’ devices, they “would have been able to clear the device’s passcode in a matter of seconds” and the whole issue would have been moot (at least this time).

So, what do you think?  Who is this outside party and will they be able to eliminate the dispute between Apple and the FBI or only delay it?  Please share any comments you might have with us or let us know if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

DOJ and FBI Respond to Apple’s Letter Regarding Breaking Encryption of San Bernardino Shooter’s iPhone: eDiscovery Trends

It probably comes as no surprise that the government didn’t take Apple’s opposition to the Federal order to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters lying down.

According to the ABA Journal, on Friday, federal prosecutors filed a motion to compel Apple to unlock the killer’s iPhone.  In its motion, the Department of Justice said that Apple is “not above the law”.  “Apple’s current refusal to comply with the court order’s order, despite the technical feasibility of doing so, instead appears to be based on its concern for its business model and public brand marketing strategy,” the DOJ wrote in its filing, stating that Apple shouldn’t be allowed to “design and market its products to allow technology, rather than the law, to control access to data”.

Then, on Sunday, the FBI also responded to Apple’s opposition.  According to NBC News, FBI Director James Comey said forcing Apple to help unlock the iPhone of one of the San Bernardino shooters is no big deal.  “We don’t want to break anyone’s encryption or set a master key loose on the land,” Comey said in a statement Sunday night, insisting that vital decisions involving safety from terrorists shouldn’t be left in the hands of “corporations that sell stuff for a living.”

In the meantime, everyone from Google Chief Executive Sundar Pichai to Donald Trump is weighing in on whether Apple should help unlock the iPhone for the investigation.  And, Apple is claiming that had the passcode to Syed Farook’s iPhone not been reset hours after the shooting (at the consent of the FBI), the company would have been able to initiate a backup of the phone’s data to its associated iCloud account in order to retrieve its contents.  And, PCWorld is reporting that if San Bernardino County had been using a Mobile Device Management (MDM) service on its employees’ devices, they “would have been able to clear the device’s passcode in a matter of seconds” and the whole issue would have been moot.

So, what do you think?  Do any of the recent developments and statements change your opinion about whether Apple should or should not help the FBI break into the iPhone?  Please share any comments you might have with us or let us know if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.