Apple is looking to change public perception on how it handles your privacy and information, and with iOS 8, the company has introduced a new form of encryption that makes it impossible for the company to unlock your phone and access information, even when it receives government information requests for your data.
On its dedicated privacy website, Apple explains that it views government information requests as “a consequence of doing business in the digital age.” Even though the company says it also believes “in being as transparent as the law allows about what information is requested,” Apple has opted to make the data on iPhones and iPads running iOS 8 impossible for it to access. Encryption will make it impossible for the company to comply with government content requests and search warrants from law enforcement agencies — the warrants became necessary when the Supreme Court ruled that law enforcement cannot access the data on your phone without them.
In a section on government information requests, Apple explains that it will not be possible for the company to access your data because it can’t bypass the passcode that you implement to protect your device:
“On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
The move seems aimed at outmaneuvering law enforcement in a public debate that pits government information requests against consumer privacy. While Apple’s decision is lauded as courageously pro-privacy and a win for consumers — and iOS 8’s encryption does place a technological hurdle in the way of law enforcement officers seeking to access information on your phone in the case of an investigation — law enforcement agencies can still access your data in other ways.
Even though Apple or Google — which has added the same default encryption to its Android mobile operating system — won’t be able to unlock your phone and access the information on it, there are technical and legal measures that agencies can still use to access your data. Let’s start with the technical side. As iOS forensics expert Jonathan Zdziarski explained in a recent post on his blog, Apple has made some definite security improvements with iOS 8, even if we don’t yet have official word on exactly how the new encryption works:
“What has likely happened in iOS 8 is that photos, messages, and other sensitive data, which was previously only encrypted with hardware-based keys, is now being encrypted with keys derived from a PIN or passcode. No doubt this does improve security for everyone, by marrying encryption to the PIN (something they ought to have been doing all along). While it’s technically possible to brute force a PIN code, that doesn’t mean it’s technically feasible, and thus lets Apple off the hook in terms of legal obligation.”
With iOS 8, Apple successfully blocked many of the vulnerabilities that commercial forensics tools were able to take advantage of in previous versions of the operating system. But these same forensics tools can still acquire your photos, videos, and recordings; your Podcasts, Books, and iTunes media; and all third-party app data thanks to the ability to obtain a handle to app sandboxes via a USB connection, even if the device is locked. That’s the same mechanism that Apple uses to let you access your photos and other data from your desktop while your iPhone is locked. As Zdziarski explained in another recent blog post:
“Commercial forensics tools can (and presently do) take advantage of this mechanism to dump the third party application data from a seized device, if they have access to (or can generate) a valid pairing record with the device. For example, if you are detained at an airport or arrested and both your laptop and your phone is seized, or if your phone is seized unlocked (without a laptop present), a number of forensics tools including those from Oxygen, Cellebrite, AccessData, Elcomsoft and others are capable of dumping third party application data across USB.”
Shutting down your iPhone will prevent the pairing records from being able to unlock the phone. Similarly, using robust encryption on your desktop or laptop computer, along with shutting it down when it’s not in use, will help prevent forensics tools from accessing its memory. Zdziarski notes that Apple could improve security by requiring you to enter your backup password for iTunes to communicate with your iPhone while it’s locked, or by offering an option to prevent a locked iPhone from being accessible at all.
Zdziarski counters philosophical arguments against Apple’s decision to effectively absolve itself of cooperation with law enforcement requests with a question: Should device manufacturers have to lessen the strength of their encryption and security in order to enable forensics? Wouldn’t that be the equivalent of creating a much-maligned “back door” into the manufacturer’s products?
The Washington Post’s Orin Kerr takes the opposite angle, calling Apple’s decision a “dangerous game” that “doesn’t stop hackers, trespassers, or rogue agents. It only stops lawful investigations with lawful warrants.” The policy is one that, at its worst, could thwart a number of valid investigations, and at its best will balance the risk of lost cases with the risk of security vulnerabilities.
The legal side of the issue is about as complex as the technical side. As Wired’s Andy Greenberg reports, the U.S. judicial system doesn’t consider an encrypted phone an “insurmountable privacy protection” for someone accused of a crime. Instead, refusing to unlock an encrypted phone can be regarded as an obstruction of the evidence-gathering process, and a defendant or witness can be held in contempt of court and jailed for choosing not to unlock a phone and providing evidence.
In select cases, the Fifth Amendment’s protection against self-incrimination could block court requests for a defendant to unlock a phone, but Greenberg points out that the short history of cases in which suspects have plead the Fifth to avoid unlocking a computer, legally equivalent to a smartphone, have resulted in a variety of contradictory outcomes.
James Grimmelmann, a professor at the University of Maryland Law School, told Wired that whether a defendant should be compelled to unlock an encrypted phone “is not a settled question” and likely won’t be until more appeals courts or the Supreme Court consider the issue. Grimmelmann did offer one guideline to gauge whether a Fifth Amendment argument could keep law enforcement out of a locked phone (and its owner out of jail): “If the police don’t know what they’re going to find inside, they can’t make you unlock it.”
As defense attorney Marcia Hofmann wrote for Wired last year, using Apple’s TouchID represents another opportunity for law enforcement to compel a suspect to unlock his or her phone. A fingerprint isn’t “testimony,” so it doesn’t allow for a Fifth Amendment defense. “We can’t invoke the privilege against self-incrimination to prevent the government from collecting biometrics like fingerprints, DNA samples, or voice exemplars. The courts have decided that this evidence doesn’t reveal anything you know.”
And on Apple’s part, just because the company can’t hand over data from your iPhone doesn’t mean that the information you share with its other services are protected the same way. Apple can (and will) hand over data from your iTunes or iCloud account when requested by law enforcement. While Apple says that less than 0.00385 percent of customers had their data disclosed due to government information requests — of which Apple says it received between zero and 250 in the first six months of 2014 — 7 percent of law enforcement requests sought customer account information.
Apple notes: “Responding to an Account Request most often involves providing information about a customer’s iTunes or iCloud account. Only a small fraction of requests from law enforcement seek content such as email, photos, and other content stored on customers’ iCloud or iTunes accounts.”
It’s worth bearing in mind that Apple’s new encryption is as much a marketing opportunity as it is a stance on consumer privacy. With security and privacy at the forefront of many consumers’ minds as they choose the hardware and software that they’ll trust with their conversations and personal information, Apple’s new privacy policies and website are undoubtedly aimed at demonstrating how Apple can enable consumers safeguard their privacy.
Whether that protection holds up in court is another issue completely, but in cases where the Fifth Amendment could come into play, it’s clear that Apple is leaving it up to you whether you want to turn over your passcode and your data, or face the consequences of refusing.