On Friday, ENCA journalist Karyn Maughan tweeted details from Pistorius’ defence lawyers, who say that they have supplied the investigators with his iCloud login details. Then, this past Sunday, yet another media outlet reported that the details police were given for Pistorius’ iCloud account were incorrect.
Naturally, all three stories were repeated, ad infinitum. Most of all on the echo chamber that is the internet, where experts on Twitter and online forums shared their views. Yet, none of this really even matters. Here’s why.
Firstly, one of the same media outlets that’s making the cell phone its case, also reports that the state is confident of a conviction . Well, if that’s true, then why the hell are they wasting time with a phone, allegedly booking tickets to the USA, and asking the FBI for special cooperation?
Secondly – and bear with me here – this is a complete media shitstorm, where facts are being confused and technical jargon is completely confounding those who are reporting on the case.
Pistorius’ phone was taken into evidence from his home after he shot and killed his girlfriend, Reeva Steenkamp, in February last year. Presumably, investigators hope it has evidence, like photos and instant messages. Other data, such as text messages and call records could simply have been retrieved from cellular networks, so that’s likely not why the phone is still being investigated.
Unfortunately for the investigators, Pistorius, like most smart iPhone users, had the phone secured with a passcode. It’s unclear whether it was a simple four-digit code, which is the default on an iPhone, or a more complex passphrase that can be optionally enabled. The only reason this could possibly matter is because it calls into question Pistorius’ short term memory – unlocking phones with a short passcode is muscle memory for most people.
Regardless of the finer details, there are a number of incorrect facts floating around in all these reports. These details aren’t just for readers and those following the case, but to help highlight the misreporting of seemingly minor tech facts. It’s doubtful whether it’ll affect the outcome of the case, but when was less confusion ever a bad thing? And, sadly, it’s too late to stop the media frenzy surrounding these things.
The first problem is that these new reports say Pistorius forgot his Apple ID. And this is not what was reported last year, when headlines exclaimed Pistorius had merely forgotten his phone’s password. These might seem like two interchangeable terms, but they are far from the same thing. A phone passcode locks the device and encrypts its contents. An Apple ID is an account that users can create to use certain Apple services, including email, online backups, and messaging (through Apple’s iMessage service). The last one is important, and I’ll get to it later.
Simply having access to an Apple ID won’t magically unlock Pistorius’ phone. The facts here are that the state prosecutor’s investigators have his phone, and that it is locked. Last year we independently verified that the phone was indeed in South Africa, and that local forensics experts were having a go at gaining access to the phone’s data. It was also revealed, after Apple released its transparency report in November, that there had been no request for data from any South African government agency in the last year.
More importantly, Apple’s report details the terms of the company’s cooperation with governments and law enforcement agencies. From Apple’s statement:
Like many companies, Apple receives requests from law enforcement agencies to provide customer information. As we have explained, any government agency demanding customer content from Apple must get a court order. When we receive such a demand, our legal team carefully reviews the order. If there is any question about the legitimacy or scope of the court order, we challenge it.
It’s as simple as that. Apple has a division that receives requests from agencies and governments. Which means that the local investigators in the Pistorius case could have gone straight to Apple – as it was reported they had. It should not have been difficult, at all, for the investigators to also get a court order to back up their request. And, with a case as high-profile as this, there’s very, very little reason for Apple to oppose any request for data.
There is no need to blame the FBI or recruit the expertise of those at Interpol. As far as we know, Apple doesn’t require the SAPS to go through a third-party – which would not have any say in the case – to submit a request for which a process that already exists. What we do know is that there were reports last year that Apple had not even been contacted by anybody involved in the case.
Besides all of this, the resources for this very kind of scenario exist right here in South Africa. There are digital forensics experts that have the equipment and know-how to delve deep into your encrypted secrets, and they already work closely with local law enforcement agencies. Unlike most people tend to believe, the local police and experts aren’t completely hapless.
Getting into a locked phone, though, has to be done in a clean way. For the average consumers there are ways of defeating the lock code, but those will alter the existing data on the device and make it unusable in a court. However, there are special forensics software suites that take care of this. And it’s a simple matter of a local company using this to gain access to the device.
And even if this were a case of him forgetting his Apple ID, and not his phone’s passcode, there’s still no need to call in the big guns. An Apple ID is just an email address used to log into iCloud, and those (email addresses) are hardly a challenge to get a hold of. If not from some of Pistorius’ many friends, then his business associates, or social media profiles. Most people use the same email address and passwords to set up services, so it’ll probably have been the first stop for those in charge of getting access to Pistorius’ digital records. Again, I’m illustrating the ease with which this can be done, to point out how ridiculous it is that the police allegedly resorted to recruiting help from abroad.
The question is what content is associated with that Apple ID. Assuming the phone was set up to back up over iCloud, there’s an entire backup of the phone’s contents there, including messages sent through iMessage, as well as backup data for messaging apps like WhatsApp. This could have all the information the investigators want – and they could restore it all to a separate iPhone, to read the contents – and that’s all moot, since he’s already supplied the details. They’d also not need those, if the phone was ever synced with one of Pistorius’ laptops. In that case, it’s as simple as using iTunes to restore a backup to a new phone, et voila.
One thing’s for sure, though: investigators will be only too happy with the new iPhones and their fingerprint sensors. And in the three weeks before the trial starts, some more confusing stories are bound to bubble to the surface.