Apple’s latest mobile operating system — iOS 8 — is now available, and with it, a new technical hurdle for law enforcement. The company says it will be technologically impossible to access data on phones and iPads running iOS 8, because it won’t allow user pass codes to be bypassed.
Our phones, of course, contain troves of information — contacts, messages, recordings — which can be helpful for investigative or prosecutorial purposes. The Supreme Court earlier this year ruled law enforcement cannot access that kind of data without a warrant. Prosecutors had already feared the warrant hurdle would be too much — Rockland County, N.Y., District Attorney Thomas Zugibe told The Wall Street Journal in June that technology “is making it easier and easier for criminals to do their trade,” while the court “is making it harder for law enforcement to do theirs.”
Now, even with a warrant, data from Apple devices running iOS 8 will be tough — and, Apple says, impossible — for law enforcement to get its hands on.
As The Washington Post reports, the move “amounts to an engineering solution to a legal quandary: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company — or anyone but the device’s owner — from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.”
Not so fast, writes an iOS forensics expert, Jonathan Zdziarski. Just because Apple will no longer help police doesn’t mean police can’t find ways to use existing commercial forensics tools to extract the data themselves. Wired magazine describes how Zdziarski proved his own point:
“Zdziarski confirmed with his own forensics software that he was still able to pull from a device running iOS 8 practically all of its third-party application data — that means sensitive content from Twitter, Facebook, Instagram, web browsers, and more — as well as photos and video. The attack he used impersonates a trusted computer to which a user has previously connected the phone; it takes advantage of the same mechanisms that allow users to siphon data off a device with programs like iTunes and iPhoto without entering the gadget’s passcode.
” ‘I can do it. I’m sure the guys in suits in the governments can do it,’ says Zdziarski.”
And Apple will still be able to turn over user data stored outside its phones, for example, on its iCloud service, The Washington Post notes. Users often back up photos, videos, emails and more to iCloud, as the recent nude photo theft reminded us.
Apple, in creating plausible deniability for itself, is also using its strongly worded new privacy stance as a marketing opportunity. It’s reinforcing what it says is a commitment to privacy and transparency when it comes to government data requests. Apple says so far this year, it has received fewer than 250 government requests for data, including requests to unlock encrypted iPhones.