Submit to Digest

Apple Provides Default Encryption that Protects Data Stored on Device

Privacy Telecommunications

By Yixuan Long – Edited by Travis West

Apple announced that it could no longer access information stored on devices with the iOS 8 system. This means that if law enforcement came to Apple with a seized device and a valid warrant, Apple would be technically incapable of accessing the data. According to a statement in Apple’s privacy policy:

“On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."

iOS 8 introduced default encryption and data protection. “By setting up a device passcode, the user automatically enables Data Protection. . . . The passcode is entangled with the device’s UID, so brute-force attempts must be performed on the device under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 5½ years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.” iOS Security Guide September 2014, at 11.

Google announced that its next mobile operating system, Android L, will join iOS 8 in offering default encryption.

Ars Technica provides an overview of Apple’s iOS 8 privacy policy and summarizes the favorable views from privacy advocates. According to the report, Nicole Ozer, an attorney with the American Civil Liberties Union of Northern California, called the privacy upgrade “long overdue.” Catherine Crump, a law professor at the University of California, Berkeley, said that it was "heartening to see a major American company conclude that it's a business advantage to protect its users' privacy and security." The Cato Institute also applauds Apple’s new policy, explaining that many concerns over closing the backdoor to law enforcement are unwarranted. For example, encryption has stymied law enforcement investigations less often than people might think.

Government officials generally disapproved the default encryption feature on new Apple and Google devices. According to Washington Post, FBI Director James B. Comey criticized Apple and Google for blocking law enforcement officials with valid search warrants, predicting that “[t]here will come a day when it will matter a great deal to the lives of people” that FBI gain access to the mobile devices. Ars Technica reports that Attorney General Eric Holder expressed his worry about the default encryption on consumer electronics during a speech before the Global Alliance Against Child Sexual Abuse Online conference, pointing out that “[w]hen a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children. It is worrisome to see companies thwarting our ability to do so.” On the other hand, Just Security points out that the U.S. government’s position might disadvantage Google and Apple on the global market.

The Washington Post calls for a compromise between tech companies and the law enforcement officials, saying that it might be possible to find “a kind of secure golden key [Apple and Google] would retain and use only when a court has approved a search warrant.”

Yixuan Long is a 2L at Harvard Law School.