Apple Strikes A Blow For Privacy
A recent change by Apple is good news for advocates of privacy and civil liberties in the Internet Age.
Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information.
“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” Apple said on its Web site. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
As the new operating system becomes widely deployed over the next several weeks, the number of iPhones and iPads that Apple is capable of breaking into for police will steadily dwindle to the point where only devices several years old — and incapable of running iOS 8 — can be unlocked by Apple.
As the article goes on to note, this move does not affect Apple’s legal duty to turn over user data that is stored on third party services that it has control over such as iCloud, but that is merely a recognition of long-standing Fourth Amendment law that says that material that an individual does not have a Fourth Amendment expectation of privacy in information and material stored with a third party. While there have been some indications that the Federal Courts may be revising that ruling as it applies to technology, such as a December ruling on the N.S.A’s metadata collection program and the Supreme Court ruling on police searches of smartphones, that principle has been a part of Fourth Amendment law for decades. This means that anything storied in “the cloud” is capable of being acquired by law enforcement without the knowledge of the person who “owns” the data, and in some cases even without a search warrant. Nothing that Apple announced Wednesday changes their legal responsibility in this situation, so anything you store in the cloud is capable of being obtained by the state and there’s really not much that you can do about.
Although the company’s security took a publicity hit with the leak of intimate photos of celebrities from their Apple accounts in recent weeks, the move to block police access to the latest iPhones and iPads will thrill privacy activists and frustrate law enforcement officials, who have come to rely on the extensive evidence often found on personal electronic devices.
“This is a great move,” said Christopher Soghoian, principal technologist for the American Civil Liberties Union. “Particularly after the Snowden disclosures, Apple seems to understand that consumers want companies to put their privacy first. However, I suspect there are going to be a lot of unhappy law enforcement officials.”
Ronald T. Hosko, the former head of the FBI’s criminal investigative division, called the move by Apple “problematic,” saying it will contribute to the steady decrease of law enforcement’s ability to collect key evidence — to solve crimes and prevent them. The agency long has publicly worried about the “going dark” problem, in which the rising use of encryption across a range of services has undermined government’s ability to conduct surveillance, even when it is legally authorized.
“Our ability to act on data that does exist . . . is critical to our success,” Hosko said. He suggested that it would take a major event, such as a terrorist attack, to cause the pendulum to swing back toward giving authorities access to a broad range of digital information.
This doesn’t mean that a locked phone is beyond law enforcement’s reach, of course. Wired’s Andy Greenberg notes that it would still be possible for law enforcement to attempt to unlock the phone itself by cracking the passcode, and that would not violate Fourth Amendment as long as they obtained custody of the phone legally. Additionally, police and prosecutors faced with this dilemma will no doubt attempt to obtain court orders forcing users to unlock their phones. As I’ve noted in the past, however, that is an area of law that is still quite undeveloped. Some courts have ruled that requesting a passcode to an electronic device is akin to being required to unlock a locked storage box, which is something that Courts have held that can be required under the Fourth Amendment provided that there is a proper warrant for the contents of the box, and therefore that a Defendant must comply with such a request. Others have held that it is similar to being asked to provide the combination to a safe, which Courts have held would be covered by the Fifth Amendment right against self-incrimination, and thus that a suspect cannot be compelled to unlock an electronic device secured by a passcode. To date, that issue has not made it to the Supreme Court, so this is an area of the law that remains uncertain. With this move by Apple, which is likely to be followed by other smartphone manufacturers if, as suspected, it proves to be a marketing success, those types of cases are likely to become more prevalent.
Law enforcement will complain that this move by Apple makes it more difficult to do their job, but it strikes me that this argument has little merit. In some sense, all of the civil liberties protections that the Fourth And Fifth Amendments protect make it more difficult for law enforcement to do their job. After all, it would be a lot easier to investigate crimes if you could search people’s homes without warrants, confiscate their property without probable cause, coerce confessions out of them without the presence of counsel, and force them to testify against themselves in Court. That, however, is the entire point of these protections. On some level, we have made the decision that it is worth hamstringing law enforcement to some degree in order to protect the liberties of the people, even if that means that, sometimes, a “guilty” person go free. In the end, that is a small price to pay for the freedoms that are protected. In this case, while Apple’s actions aren’t a Constitutional Law matter per se they are likely to go a long way toward resetting the balance between privacy and surveillance in the age of technology, and that’s a good thing.
Good job, Apple. Now, the ball is in your court, Google.
According to,the nation’s foremost Constitutional Law professor, Those are only privileges we get for our required responsibility to our Country.
Google will most likely not take this route. Google and Apple are totally different companies in how they make their money. As Tim Cook was saying about Apple, they sell hardware products (iPhones, iPads, Macs, etc). Google makes their money off of having users’ data through all of the services they offer (Gmail, Android phones, Google searches, etc).
I doubt Google would stop collecting data on users unless they change their entire business model.
Good job Apple. I knew there was a reason why I was an Apple customer [let the flame wars begin;-)]. Hopefully, all the other tech companies will follow Apple’s, er, innovation. ( Heh, that will set off more flames).
In real life, the customers-the half who bother the lock their phones at all- use a four digit code (I do.) Dunno if that will keep the FBI out for long.
Now touch ID poses an interesting legal question. I would argue forcing a person to use his finger to unlock a phone violates his privilege against self-incrimination. And can a person refuse to get fingerprinted as part of the booking process on those grounds?
I see some interesting criminal and constutional law issues coming up in the area of smartphones . Good job, Doug. Looking forward to more posts on this issue.
Behold the birth of the newest breed of malware, iOS8 keyloggers.
Cloud storage doesn’t inspire a lot of confidence for mission critical use. The concept works great however for moving game saves across a Steam account
Here’s hoping Google and Microsoft will follow suit. If they don’t I may switch with my next phone purchase to support this move.
What’s staggering to appreciate about Apple is that all of their Media and App related revenue pails in comparison to what they make on Hardware.
There’s no way that Google could make the same move without risking their current business model.
Newest Androids will join iPhones in offering default encryption, blocking police:
Apple is, through iAd, showing targeted ads based on at least the following:
Movie, TV and audiobook genre interests
Device (iPhone, iPad, iPod touch)
Network (WiFi, 3G)
Now you can opt out of that. But then you can opt out of interest based ads in Android too.
About that list, if Apple had owned the most used search engine, does anyone actually believe that Apple wouldn’t have used information based on searches for targeted ads?
@Matt Bernius: Well that’s what happens when you sell hardware that is seriously overpriced. Cheap components with a pretty box slapped around it.
I don’t like apple because I’ve worked on far too much of the hardware to have any respect for what they build. Even the pro stuff has cheap components…
Could you clarify this?
Because it sounds like you’re saying I don’t have an expectation of privacy in the contents of my safe deposit box at the bank. I’m pretty certain the bank is going to ask to see the warrant, and not just allow the government to sift through the contents of their vaults.
BTW I feel the same way about what dell did to alienware and other companies like that..
@Paul L.: You’re an ass and a liar, but mostly an ass. That proclamation never uses the word “privilege” or “required responsibility”. It’s mostly just boilerplate blah blah blah. Why don’t you go back to your troll hole?
@Yolo Contendere: The key to your question is the word “warrant.” The question of whether the government can crack your safe (a private party storage point) is completely different from opening your safe deposit box (a third party storage). Even with a warrant, the courts have, from what I understand, ruled that the police can charge you with contempt, but not open your safe themselve. But I may be wrong; IANAL.
@Just ‘nutha ig’rant cracker: Yeah, he’s either got a couple extra words in that sentence, or a couple missing, and I’m not sure what he’s asserting. I know the law occasionally has stupid stuff, like they can make you open a locked box you possess, but not open a safe in the same room (what is a safe, if not a locked box?), but I don’t understand the assertion just because it’s entrusted to a third party, it’s no longer private. Seriously, I’m trying to imagine cops walking into a bank and saying “We just want to go through some stuff” without a warrant. And didn’t that used to be an old TV trope, where the detective fed bad info to a suspect, so the suspect would go get the incriminating evidence out of their safe deposit box, then they’d grab him? Swear I’ve seen that before.
@rudderpedals: One small advantage of the “walled garden” is that malware isn’t as huge an issue. If someone’s non-jailbroken iPhone has malware, then they probably downloaded it from the App Store, and Apple-approved Trojan horses would rightly be front-page news.
A bigger problem, as stonetools mentioned, is that the data will typically by encrypted with only a four-digit passcode. If anyone gets that encrypted data, they have a maximum of 10,000 tries before guarenteed success, which is under three hours at one guess per second. (Hardware limitations on the number of guesses are irrelevant if they have the data itself.) Of course that assumes they use the phone’s password — they probably encrypt it with the Apple user password, which has limits to prevent quick guessability like that.
I strongly reccomend using password managers like LastPass or KeePass, and in the case of passwords you have to manually enter frequently, just generating and memorizing something reasonably complex, since muscle memory will cover it after a while. (Using five random words, concatenated, can often be easier to memorize than letters and numbers, but your muscles will hate you for working so much instead of letting them memorize a short random string).
Law enforcement has all the tools they need to unlock your data, so this is a good PR move by Apple but does little for actual privacy. It boils down to CISPA (Cyber security Information Protection Act). New encryption hashing does not equal the inability for govt agencies to unlock.
I am going with a Windows Phone because it is positioned for the coming “Internet of Things”, but I am very careful about the dangers of the lack of privacy laws, and apples choice to change security settings does not do anything to solve the root problem(CISPA).
To add to Yolo Contendere’s point about safe deposit boxes above, we also routinely store sensitive personal information with third parties — letters with the Post Office, notes about our therapy sessions at the psychologist’s office, medical history at a doctor’s office, case files at our law firm, etc. — that we still maintain an expectation of privacy in.
Looks like you are the ass and a liar
Unless you are going to claim / pretend that the word it refers to something else like roads and bridges.
1. Google already allows you to do this in your security settings, it is just off by default.
2. With Android L, this will be on by default. That news came out yesterday and you clearly missed it. That’s easy, since Apple owns mainstream tech media and most people don’t know or care until Apple moves.