In a briefing filed on Monday in a New York court, Apple said it would be “impossible” to access the data stored on the majority of locked iPhones.
Responding to Judge James Orenstein – who wanted help in deciding whether to fulfil a US Justice Department request that would see the company forced to aid the authorities in accessing the data on an iPhone seized as part of an investigation – Apple said it only had the “technical ability” to unlock older phones.
Reiterating comments made by CEO Tim Cook when the company launched its privacy website last year, Apple said it would be impossible to comply with the request on any device running iOS 8 or higher:
For devices running iOS 8 or higher, Apple would not have the technical ability to do what the government requests — take possession of a password protected device from the government and extract unencrypted user data from that device for the government.
Among the security features in iOS 8 is a feature that prevents anyone without the device's passcode from accessing the device's encrypted data. This includes Apple.
The company said around 90% of its user base is currently running that version of its mobile operating system, or the newer iOS 9 which is equally impossible to unlock.
With the release of iOS 8, Apple stopped storing encryption keys for devices, making it impossible for the company to unlock them, even in response to a warrant.
Without an encryption key, Apple simply cannot bypass a lock code. That, in conjunction with the fact that, in the US at least, police cannot force a suspect to unlock a device with a passcode, effectively puts the kibosh on law enforcement’s ability to access data on modern Apple hardware.
Even though the iPhone in this case is running iOS 7, meaning it could be unlocked by the company, Apple told the judge that forcing it do so could lead to an unfair burden being placed upon it in the future should the number of such government requests increase.
It also said such a request could tarnish its brand at a time when “public sensitivity to issues regarding digital privacy and security is at an unprecedented level,” highlighting the role it had taken in protecting its customers data from improper access:
Forcing Apple to extract data in this case, absent clear legal authority to do so, could threaten the trust between Apple and its customers and substantially tarnish the Apple brand.
Apple’s stance toward encryption may have won it new customers but the decision has not been popular among senior figures within law enforcement.
Shortly after Apple affirmed its commitment to safeguarding its user data last year, FBI Director James Comey delivered a speech in which he said tech companies were going too far, saying the “worrisome” approach to encryption taken by Google and Apple meant the good guys were “struggling to keep up” with criminals who use the technology to “place themselves above the law.”
Unperturbed by such comments, Tim Cook has this week re-emphasised Apple’s stance, stating that the company will not install encryption backdoors into any of its products.
Speaking at the WSJDLive conference on Monday, he said:
We said no backdoor is a must. Do we want our nation to be secure? Of course. No one should have to decide between privacy or security. We should be smart enough to do both. Both of these things are essentially part of the Constitution.
Cook went on to say that a backdoor wouldn’t be such an issue if it were to be used only for catching “bad people” but he doubted that was the case, concluding it was therefore in everyone’s best interests to deny such access to the legal authorities.
Speaking at the same event, NSA Director Mike Rogers said he too was in favour of strong encryption though, quite unsurprisingly, he appeared to be far less a fan of impenetrable encryption.
Image of Apple courtesy of GongTo / Shutterstock.com.
John
Sure, unlock the device running IOS7, bet you will sell more phones capable of running newer operating system.
Kyle Saia
THIS is why i love my Iphone. I have nothing to hide from the law, but i do enjoy my privacy. This encryption debate isn’t about catching the bad guys, its about our rite to have private information. If we give up our privacy on our phone’s we should give our local police spare keys to our house.
Paul Ducklin
If you have nothing to hide…
…then there is no point in anyone looking for it, eh :-)
Geir
Wrong!! As you self has pointed out countless of times, what do you thinkl happens with stolen and lost phones? In this case you want to hide everything you can.
If you think it’s perfectly okay that the police can come to you anytime and empty your pockets, then I understand your statement. Nobody wants the noses from the police into their phones, even if they have nothing to hide.
Paul Ducklin
Either I was obtuse or you didn’t read what I said carefully enough :-)
You often hear people say, “If you have nothing to hide (as the OP did), then you have nothing to fear if The Man looks through it.”
To which the obvious counter-argument is, “If you have nothing to hide, then there is no point in bothering to look through it, so the argument about ‘you have nothing to fear’ is irrelevant.”
I was being mildly satirical and offering an anti-surveillance view.
Betan Testravosky
This is why Apple loves iPhone users – gullibility. The iPhone SE runs iOS 9 … and the firm in Israel that broke the Terrorist’s phone acknowledged that the iPhone SE can be access in the same manner.
Andrew Ludgate
A few additions here:
1) Unlike a passcode, Touch ID (thumbprint) can be compelled by the court. Of course, Touch ID requires a (protected) passcode after reboot or 48 hours since last use.
2) Apple also has to deal with the potential of the court compelling it to inject backdoor code into a targeted software update that would unlock a phone. They also covered why this would be a really bad idea, as did Tim Cook’s interview.
3) Mike Rogers said he too was in favour of strong encryption — but then went on to indicate that he has redefined “strong encryption” and refused to explain his alternate definition. It didn’t exclude back doors.
Don Miller
If the only evidence that law enforcement has that a crime occurred is on an encrypted cell phone, then law enforcement does not have a very good case to begin with and needs to rethink their approach to a suspect.
Hank
Suspect A picks up a co-ed at a bar after way too much to drink takes her away in a car. He then tries to force himself on her.. she’s scared and tries to reason with him, says that her family is wealthy and if you leave me alone I will have daddy pay… Suspect beats her, rapes her and deposits her in a basement someplace chained to a heater and mouth taped. Sends daddy a message for $$$$ from his brilliant I phone. the usual money for your daughter routine…
Law enforcement grabs the bag man trying to pick up the money that is Suspect B…and he has the actual IPhone on him that was used to send the ransom msg….says he was told to just pick up a package. Says he just found the phone today on the street in front of the bar where Suspect A said he dropped the victim off after their consensual encounter.
Fingerprints from both A and B are on the phone. law enforcement gets a “subpoena” for the phone company and finds suspect A at his home. Suspect A say’s my phone was lost or stolen just today conveniently in front of the bar where he met the victim.
A “court order” allows the search of suspect A’s person….DNA obtained from him including blood and semen on clothing, fingernails scrapings also has DNA along with hair believed to be the victim. Suspect A’s lawyer says it was “rough” albeit consensual sex and he dropped her back off at the bar where they met.
If I were a copper I think that the I Phone could tell me where both A and B might have been the last 24 hours or so… but because they have stopped talking on the advise of their attorneys they won’t tell the police. And I think that the search of the phone that was used to send the ransom message found on suspect B might have the information on where this victim may have been taken. The copper goes to a judge gets the warrant for the phone……….. but Apple won’t tell them either because they can’t? So where is the victim?
Could a “reasonable” approach to the privacy concern that we all share been better? Nope…why? Because
“Forcing Apple to extract data in this case, absent clear legal authority to do so, could threaten the trust between Apple and its customers and substantially tarnish the Apple brand.”
(their words..not mine)
Kyle Saia
what, what? in your crazy run threw here there is about 6 different ways to get the information they would need. non of which requiring everyone using a IPhone to give up there encryption.
Long story short here if you let fear make this decision, a bad decision will be made.
I’m guessing that your not an Iphone user due to this hole story you made up. what Apple can do is access “find Iphone” feature. This will not only tell you where the iphone is now, but where it has been.
I have said it before, and i’ll say it again. building in a back door for law enforcement is equivalent to making a space house key and giving it to your local police department. no one does that, no one should do that, and it would just be plain wrong for them to ask for it. what is the difference here?
Anon
…in other news the NSA is currently brute forcing Apple encryption.
Hank
Why is there a “privacy concern” by Apple for a terror organization or a murderer or perhaps someone that is both murderer and drug dealer like “El Chapo”??? Why would Apple’s mantra be that its best to prevent ANY legal means to prevent a murder, or rape or terror plot????
“absent clear legal authority to do so, could threaten the trust between Apple and its customers”
I guess the test here is just what does Apple feel is the “trust” with the rest of the world that are peaceful, law abiding people that although they care about privacy, they want their children and themselves to be safe from harm.
It appears that Apple’s PEOPLE care only for “their customers” which means $$$$ which means BIG $$$$. If it weren’t why then the “marketing” by means of a statement like ” such a request could tarnish its brand” in ANY legal discourse with a federal judge? They are actually marketing their product at a hearing????
To support a product that openly appears to be actually proud of what they have done for “their customers” at the cost of millions who are not, is a responsible response to privacy concerns?….if they truly cared about “their tarnished brand” then why not take the high road and admit that companies all over the globe can make products that could harm millions of people every day, cars , planes , guns, medications, medical devices, on, and on…and albeit “legal” there is a moral accommodation that has to be maintained.
Let your (the reader’s) child die due to Apple’s efforts and let’s see how “CEO Tim Cook” and the portion of the billions of “profits” from his “customers” pay public relations people start to do their dance? They can all rest easy in their beds justifying their fantastic efforts eh?….. too bad this one died or that one died as long as its not your child Timmy boy!!! you guys made a ton of money and people died?/ so where is the balance I ask Tim? Even if there was a rogue effort to get personal data from law enforcement or the intelligence community, that can be dealt with and please tell me Timmy…who died from it? I guess NO ONE AT APPLE is capable of going rogue? APPLE is just PERFECT indeed…JUST TRUST US or you can even ask “our customers”
SubSurge
It’s been said before…this isn’t a moral issue, it’s a legal issue of the rights of citizens to privacy, regardless of their intentions. The American liberals too often want to strip everyone of their rights by imposing legislation, all because of the actions of a select stupid few that get media attention.
I agree with what Don Miller said above, if the ONLY lead authorities have is what MIGHT be on a suspect’s phone, that is poor police work and there needs to be more evidence. No competent judge would issue a search warrant based on a hunch and the idea that evidence could possibly be found on the premise; the same concept applies to digital property.
Paul Ducklin
OTOH, if there is more than just a “hunch” that X is involved in criminal activity Y – enough for a search warrant to look for evidence on physical premises – I’d suggest that it is almost vanishingly unlikely that X’s phone would not also contain actionable evidence.
Whether that means the warrant for a search should be allowed or not (or whether, in the presence of encryption, a search could even be carried out) is a different issue. But if the police already have enough evidence to connect X with Y, I think you can as good as assume that X’s phone is a reasonable place to look for more evidence :-)
Watchman Dave (@Aleph_C_B_W_Tav)
so presently, waterboarding would be a government option to get access so as to force self incrimination, Oh the Duress! Or, the Governments of the world decide to make iOS8 & greater illegal…Oh the Potentials! Apple just may have made owning IOS8 + a future criminal act…Stay tuned to your next UN docket… see where this can go? yikes
J G
But whatever facilities Apple or the police use to gain access to this phone will be available to other unauthorized folks to access other phones. (Because keeping that kind of information secret is impossible.) Therefore, if the facilities to access this phone exist at all, all similar iPhones are unsecure and vulnerable.
Paul Ducklin
Although the court documents explicitly (IIRC) ask for the kludge to be done via RAM and removed after use, which *could* be said to negate the “but the passcode limit suppression module will inevitably leak out”.
Still, Apple says, “No,” and it’s hard to see how that’s the wrong answer :-)
Hank
How do you separate a “moral” issue from a legal issue? “Legal issues ” (Laws) have been the derived from “moral” issues since time began. Our own legal basis in this country is founded in moral issues. Would women or black people have the right to vote now if the “morality” of it wasn’t questioned? or a whole lot of other newly formed laws like privacy, child labor, or labor laws in general. you can’t separate morality from law based on convenience. it’s the genesis of law to begin with. So is privacy which I agree with you in that regard.
The right to privacy is MOSTLY a legal issue in the 4th amendment . We got that by virtue of it being “morally repulsive” to the founding fathers that the Army of England could search anything anytime without a warrant.
I agree wholeheartedly that anyone’s privacy is virtuous and should be only denied on the basis of factual probable cause that would tend to make a “reasonable” person feel justified in the issuance of a warrant or court order to stay that person’s right and to allow a “reasonable search.”
In the issue with Apple, they prevent ANY under ANY circumstance even the most reasonable search for ANY criminal activity by virtue of their intentional production of the phone. They further market it by selling it to people under the guise of “privacy” concerns for their customers???? I ask anyone that reads this are you more concerned about your data being stolen by hackers or scams via “illegal” searches or the government? Why then does one have a “strong pin” when signing on to anything??? yet you roll over to the corporation like Apple as if it’s Valhalla ? do you really think Apple cares about you personally if they don’t make any money from you? or the potential to make money from you?
JP
if there is a discrepancy between what morality and law dictates then you would need to amend the laws. A corporation as they have no empathy or emotions as they are a legal construct only act in their monetary interests at all times. the only way to get them to go against that is to have legal requirements with such strong punishments that refusing to comply would be against their interests in itself
Kyle Saia
Hank, what are you even talking about? people don’t die due to apple allowing people to use encryption. trying to make that argument will fall on deaf ears.
There are bad people in this word that will do bad things will any technology they can get there hands on. that dosn’t make the technology bad.
what your asking for is apply to become the police? to work with the NSA? to spy on there customers? i truly don’t understand what your looking for here.
I use encryption to keep my private life private, i use encryption to keep my clients protected. does this make me a bad person? are people dieing due to this? or is it possible that if a backdoor is put into my phone that someone could get the data on it and possibly put peoples lifes at risk?
I guess what i’m trying to say is that there are multiple sides to this, and painting Apple as heartless without thinking about all the kinds of people that use there products does no good.
who deserves to privilege of privacy? You? me? the President of America? a senator? everyone? who decides? these are easy questions to answer. EVERYONE deserves the right to privacy.
Hank
Hi Kyle, I didn’t say people die because of Apple “allowing” people to use encryption. I agree 100% with your desire to keep your private life private or anyone’s for that matter. I would agree that you also encrypt your phone with whatever ‘app” is out there. I didn’t ask Apple to become the police either. I am sure that Apple has provided law enforcement plenty of information in the past and will continue to based upon a subpoena or court order They already do that with a whole host of information THEY keep on people.
What I’m asking Apple to do is just take the moral high ground on their own products. They don’t “encrypt” the phone like you do or I, or the general public. They build a devise and intentionally “for their customers” as they put it, build in (or in this case don’t build in) the mechanism in order to search the phone NO MATTER WHAT so in that sense it very well could lead to a needless death of an innocent person. They simply want it both ways. They want to make BIG $$$ and not be a reasonable and responsible corporate partner. I can think of several off the top of my head.
What I have trouble with is how people seem to automatically trust Apple or any other corporation like they are some distant higher authority that is beyond reproach no matter what? Enron, Wall Street of late, now BMW are you going to trust them to do the right thing on fuel emissions? Did any car manufacturer anywhere build in ANY security at all to their on board computers? (until they got caught?) I could go on and on about corporations. If tomorrow you and me and millions of other people started a big uproar over this issue with Apple it would be gone in a flash. Why? $$$$$$$
But they are so confident about seizing the moment for their own greed its a brilliant marketing move in that a whole host of people don’t trust the government prying.. So what do they do? Bang ! market it as totally search proof because we built it that way for concern of our poor customers.
Lastly, they don’t have the hundreds and hundreds of subpoenas demanding the production of information because they can’t get it or don’t have the means to get it.. Smart move if you want to save big bucks on not having the personnel and attorneys on staff to do that stuff nor are you going to get sued on the other end by supplying it to law enforcement. It’s all about the bottom line Kyle.
I don’t trust our government on a whole slew of things Kyle, neither did the founding fathers of this country, but I don’t trust Apple with your information either Kyle especially when the singular issue for them is money.
SubSurge
It would be nice to at least know Google’s stance on this issue as it pertains to Android devices. This leaves the question hanging “is encrypting my Droid good enough?”
Paul Ducklin
To the best of my knowledge, enabling device encryption on Android puts you in a technically similar position to where you are by default on iOS devices. It’s “passcode or nothing.”
From Android 6 on, device encryption is on by default for all Android users, errrr, except when it isn’t:
https://nakedsecurity.sophos.com/2015/10/21/new-android-marshmallow-devices-must-have-default-encryption-google-says/
Watchman Dave (@Aleph_C_B_W_Tav)
paul…with all of the geo location going on…I’m wondering what those corporate and non corporate device maps nobody is showing the world look like…(one of those thoughts I woke up to this am)…ph numbers and IP addresses just may become enough in a washed out justice system to convict…hoping never!
Hank
Why don’t we try to put the shoe on the other foot? The “government” issues
I phones to their employees…so how now does the “public” gain access to what the government employee is storing or for that matter the government?
I’m not talking about spying on anyone’s life or lifestyle…Google, Apple and a whole host of others like yahoo and just about every phone “app” available to the public already do that. They maintain information that is only a subpoena away from the government acquiring same. So in a very real sense they act as the “proxy” for the government obtaining the information anyway and storing it.
It’s the motive behind it. Does not all of the above ask one’s permission to “track” all sorts of information when you have to “agree” to a privacy policy? the question is why? Its simply money!!! advertising is the life blood of the industry…the more they know the more that they can make…No? So why is the public NOT up in arms about Google or yahoo or any other “for profit” company who’s only singular mission in its corporate life is to make money for shareholders??? Look at how Microsoft and Google has fought the EU on “Privacy rights” some companies even take the stand that you cannot have your information back once given even if you want to totally Opt out…People will line up overnight on the street for a new Apple phone and like lemmings to slaughter give away virtually ALLL of their privacy to use a search engine, or App.. which is as stated just a subpoena away from the government???
Just take responsibility is all I ask…( albeit not a very good marketing strategy) and speak OUT ” We don’t care if someone dies as a result of this” It’s not an important enough issue life vs death . Profit and market share and the responsibility to our customers is a much more important issue for us.
I just don’t want to be the one with virtually ALLL the probable cause one needs (NOT JUST A HUNCH) to search a suspects phone to find out information where his kidnap victim is buried and is still alive but can’t get it because I can’t search the phone…If that’s responsibility to “customers” then just get up there on stage and just SAY SO??? Tell the world WE DON’T CARE! who could die. stop trying to hide behind corporate greed with PR weasels making refined well thought out in advance statements.
Todd Skins
It’s better for a criminal to go free, than it is for an innocent person to be jailed. That has been the US Constitution and court of law position from its foundation. Presumption of innocence until proven otherwise.
That is why we have the Bill of Rights and to hold the Police, Federal or State or any others, on a leash as to what they can do. We know that the “authorities” need to be looked after and restrained by the people (not their own agency), or else tyranny happens immediately.
Hank
Couldn’t have said it better myself Todd…I agree 100%…so who “looks after” Apple? Seems the “leash” is off with them on this issue? So what about the “innocent”? I agree with you that no innocent person should go to jail, as did the writer’s of our constitution. But the “balance” here is lost.
what if the IPhone holds the information that “prevents” that innocent person from being charged and tried and put in jail? What happens when the evidence on the phone that can completely exonerate the incarcerated “innocent” person is in the hands of the “Federal, State” police or “others” that’s puts them there?
Is Apple building these in the states employing all those Americans? Is it really true that these phones cannot be “searched” by Apple? I noticed that I have yet to read that Apple claims that these I Phones are also “hack proof”? They are made in Asia if I am not mistaken? So my question I guess is.. who watches Apple?
Has there not been an issue already about phones being made intentionally to be hacked by foreign governments? (at least not trusted to do that) so If someone “hacks” your brand new I phone and causes a ton of harm to you and others you care for that have done nothing but trusted Apple and their product…how does the Federal, State or others search your phone to get any evidence at all? I certainly don’t want that either Todd, for you and yours or anyone else…again its the “balance” that is missing here and the motive with Apple is ALWAYS $$$$ like any other “company”
Sammie
Switch back to the good old non smartphone without any GPS tracker or smart apps. All you get is my contact list and last 30 txt messages. Encrypted/ unencrypted, who cares?
Crypto
If you think your privacy is secured by using I-Phone, well then think again. The apps you use gathers a lot of data about a customer/user. And, with apple not co-operating with the judges/law enforcement to help them solve criminal cases isn’t doing any good either. What if a pedophile or a terrorist use I-Phone IOS9 to commit crimes? Will apple bluntly reject the requests from law enforcement authorities? Looks like Apple’s saying to the criminals that — hey use our I-Phones to commit crimes and the FBI, NSA, local police etc; won’t be able to anything about it.
Well, what kind of customers and reputation is apple trying to protect/save here???
Betan Testravosky
Not buying Apple’s song and dance … sounds like damage control to quell the throngs of iPhone users freaking out that the government can see their secret naughty selfies.
And BTW – the latest SE phone Apple just unveiled is one of the phones that the Israeli’s *can* get into even if it’s encrypted. So not buying the iOS 8+ devices can’t be blocked.