Apple Locks Itself Out Of Your iPhone

Apple has announced a new feature in iOS 8 that prevents the company from complying with search warrants:

In an open letter posted on Apple’s website last night, CEO Tim Cook said that the company’s redesigned its mobile operating system to make it impossible for Apple to unlock a user’s iPhone data. Starting with iOS8, only the user who locked their phone can unlock it. This is huge. What it means is that even if a foreign government or a US police officer with a warrant tries to legally compel Apple to snoop on someone, they won’t. Because they can’t. It’s a digital Ulysses pact.

Law enforcement has a variety of legal tools it can use to compel a tech company to turn over data on its users. In some cases the tech company is even legally prohibited from talking about those requests publicly. If Apple’s correct and it truly has built an encryption system that they themselves can’t break, then they’ve found a pretty ingenious workaround to the problem tech companies face constantly — of being stuck having to choose between their users and the law.

The Bloomberg View editors argue that this is a bad idea on multiple counts:

Apple has now removed itself from this legal drama. If authorities come asking for information stored locally on a customer’s phone, Apple can say it doesn’t have it and has no way to get it. If police want anything on the phone, the user is going to have to let them in — and it’s an open legal question whether the government could force users to give up their passwords, because doing so could violate the Fourth or Fifth Amendments. In other words, Apple’s new privacy policy will make it harder for police to do their jobs.

It could also create new hassles for Apple’s customers. For one thing, the company now can’t help them access what’s on their phones if they’ve forgotten the password. And for all that, this feature would almost certainly do nothing to help them stop the kind of surveillance the NSA conducts. Apple may hope to burnish its reputation with this policy. But it was already something of a corporate exemplar with regard to security and privacy. If it turns out that this new feature is making life more difficult for law enforcement and more confusing for customers — well, it may not be quite the P.R. triumph Apple was hoping for.

Oren Kerr also finds the new design “very troubling”:

If I understand how it works, the only time the new design matters is when the government has a search warrant, signed by a judge, based on a finding of probable cause. Under the old operating system, Apple could execute a lawful warrant and give law enforcement the data on the phone. Under the new operating system, that warrant is a nullity. It’s just a nice piece of paper with a judge’s signature. Because Apple demands a warrant to decrypt a phone when it is capable of doing so, the only time Apple’s inability to do that makes a difference is when the government has a valid warrant. The policy switch doesn’t stop hackers, trespassers, or rogue agents. It only stops lawful investigations with lawful warrants.

But Andy Greenberg points out the cops can still get your data:

[A]s the media and privacy activists congratulated Apple on that new resistance to government snooping, iOS forensics expert Jonathan Zdziarski offered a word of caution for the millions of users clamoring to pre-order the iPhone 6 and upgrade to iOS 8. In many cases, he points out, the cops can still grab and offload sensitive data from your locked iPhone without Apple’s help, even in iOS 8. All they need, he says, is your powered-on phone and access to a computer you’ve previously used to move data onto and off of it.

“I am quite impressed, Mr. Cook! That took courage,” Zdziarski wrote in a blog post. “But it does not mean that your data is beyond law enforcement’s reach.”