Malcolm Owen
A Minnesota man is suing Apple for failing to do enough after having his iPhone stolen, demanding access to 2 terabytes of data and at least $5 million in damages.
The loss of a smartphone can be devastating to a person, especially when it's the center of their digital existence. However, while there are ways to recover data, such as that stored on iCloud, sometimes the remedies that are available are not enough.
In a filing at the U.S. District Court for the Northern District of California in January, surfaced by the Washington Post in April, Michael Mathews of Minnesota is suing Apple for access to his data and compensation.
After his iPhone was stolen by pickpockets in Scottsdale, Arizona, Mathews claims he lost access to his photos, music, tax returns, and work-related research. As a consequence, his tech consulting firm apparently had to shut down.
In the suit, Mathews wants access to approximately 2 terabytes of data that forms his "entire digital life, including that of his family," and at least $5 million in damages.
Unrecoverable Recovery Key
Mathews' problems all focus around the Recovery Key, a feature of Advanced Data Protection which is used to reset the password and recover the account. It is a 28-digit key that Apple recommends users store safely for future use.
However, in this case, it's apparently being used by the thief. If the thief can gain access to the iPhone, such as by discovering the passcode to unlock it, they can then change the password to the Apple ID to make it harder to recover.
In some cases, a thief could also enable ADP and create the Recovery Key. It's also possible for a thief to change an already existing Recovery Key, if they know the passcode and can use it.
The upshot for Mathews is that the account is no longer recoverable in such cases.
Without ADP, it is possible to recover accounts, in part because of the way Apple deals with encrypted data stored on its servers. Apple itself has a copy of encryption keys between the user's device and iCloud, and they can be recovered easily, just not under ADP.
While under ADP the Recovery Key is needed, the suit insists that Apple is still capable of doing something about the situation. Mathews' lawyer K. Jon Breyer says it is "indefensible" for Apple to hold onto the data "they don't own."
That suit has now entered a discovery phase, which can take between six and eight moths to complete.
Apple didn't comment about the case specifically, but told the report it sympathizes with victims of crime. The statement adds "We take all attacks on our users very seriously, no matter who rare."
-m.jpg)
-m.jpg)
Marko Zivkovic
Christine McKee
Andrew Orr
William Gallagher
Amber Neely
-m.jpg)
20 Comments
So this guy had ADP enabled but probably also used a PIN instead of a complex passcode for his device?
We'd hate to do that so we'll go ahead and delete that encrypted file off our servers by deleting your iCloud account. Happy?Personally, I waited a long time before enabling ADP because of the very clear warnings Apple gives before enabling it.
Ok but according to the article he ran a ‘Tech Consulting Firm’.
I totally agree with the previous comments. This is a very costly lesson for this guy. He can try to convince himself into believing that Apple has a "master key" to everyone's encrypted data, but that is simply not the case with ADP. The only thing Apple can do here is give him his encrypted files and let him take a crack at decrypting them. Good luck with that. Perhaps when quantum computing reaches its full potential in a decade or two he may have a shot at getting his data back.
This guy's best hope is that the thief was tech savvy enough to get the decrypted files and will offer a ransom to get them back. But in all likelihood the phone's been wiped and sold or broken up for parts.
This should be a lesson to anyone who uses their phone for everything. DON'T DO IT.
Some light-fingered larry could nick it and take you and your life away. Money? Gone. Business? Gone.
I don't do email or banking on my phone. That degree of separation is to my mind essential.