“On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
iOS 8 introduced default encryption and data protection. “By setting up a device passcode, the user automatically enables Data Protection. . . . The passcode is entangled with the device’s UID, so brute-force attempts must be performed on the device under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 5½ years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.” iOS Security Guide September 2014, at 11.
Google announced that its next mobile operating system, Android L, will join iOS 8 in offering default encryption.
Government officials generally disapproved the default encryption feature on new Apple and Google devices. According to Washington Post, FBI Director James B. Comey criticized Apple and Google for blocking law enforcement officials with valid search warrants, predicting that “[t]here will come a day when it will matter a great deal to the lives of people” that FBI gain access to the mobile devices. Ars Technica reports that Attorney General Eric Holder expressed his worry about the default encryption on consumer electronics during a speech before the Global Alliance Against Child Sexual Abuse Online conference, pointing out that “[w]hen a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children. It is worrisome to see companies thwarting our ability to do so.” On the other hand, Just Security points out that the U.S. government’s position might disadvantage Google and Apple on the global market.
The Washington Post calls for a compromise between tech companies and the law enforcement officials, saying that it might be possible to find “a kind of secure golden key [Apple and Google] would retain and use only when a court has approved a search warrant.”
Yixuan Long is a 2L at Harvard Law School.