Apple is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user data.
The move, announced with the publication of a new privacy policy tied to the release of Apple’s latest mobile operating system, iOS 8, amounts to an engineering solution to a legal quandary: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that makes it almost impossible for the company — or anyone but the device’s owner — to gain access to the vast troves of user data typically stored on smartphones or tablet computers.
The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, emails and recordings. Apple once kept possession of encryption keys that unlocked devices for legally binding police requests, but will no longer do so for iOS 8, it said in a new guide for law enforcement.
“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” Apple said on its website. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
As the new operating system becomes widely deployed over the next several weeks, the number of iPhones and iPads that Apple is capable of breaking into for police will steadily dwindle to the point when only devices several years old — and incapable of running iOS 8 — can be cracked by Apple.
Apple will still have the ability — and the legal responsibility — to turn over user data stored elsewhere, such as in its iCloud service, which typically includes backups of photos, videos, email communications, music collections and more. Users who want to prevent all forms of police access to their information will have to adjust settings in a way that blocks data from flowing to iCloud.
Apple’s action comes less than five months after the Supreme Court ruled that police in most circumstances need a search warrant to collect to information stored on phones. Apple’s action makes that distinction largely moot by depriving itself of the power to comply with search warrants for the contents of many of the phones it sells.
The move is the latest in a series in which Apple has sought to distinguish itself from competitors through more rigorous security, especially in the aftermath of revelations about government spying made by former National Security Agency contractor Edward Snowden last year.
Though the company’s security took a publicity hit with the leak of intimate photos of celebrities from their Apple accounts in recent weeks, the move to block police access to the latest iPhones and iPads will thrill privacy activists and frustrate law enforcement officials, who have come to rely on the extensive evidence often found on personal electronic devices.
“This is a great move,” said Christopher Soghoian, principal technologist for the American Civil Liberties Union. “This seems to be the result of pressure because of the Snowden revelations. Apple seems to be putting user privacy ahead of many other things …There are going to be a lot of unhappy law enforcement officials.”
Ronald Hosko, the former head of the FBI’s criminal investigations division, called the move by Apple “problematic,” saying it will contribute to the steady decrease of law enforcement’s ability to collect key evidence, to solve crimes and prevent them. The agency long has publicly worried about the “going dark” problem, in which the rising use of encryption across a range of services has undermined government’s ability to conduct surveillance, even when it is legally authorised.
“Our ability to act on data that does exist … is critical to our success,” Hosko said. He suggested that it would take a major event, such as a terrorist attack, to cause the pendulum to swing back toward giving authorities access to a broad range of digital information.
Many security experts have blamed security weaknesses in iCloud — some of which have since been fixed — for the recent leak of celebrity photos. Several companies also make systems designed to crack the encryption of devices, including the iPhone and iPad. Security experts generally consider Apple’s devices to be better protected against such attacks than some rivals’, though people with short passcodes — of four digits, for example — are in greater danger of what are called “brute force attacks” that relentlessly try all possible combinations.
Adding more security can make it harder for users to operate a mobile device. People who forgets their passcodes with iOS 8 will not be able to recover them by contacting Apple. However, most users will have the bulk of their data automatically backed up on iCloud and would be able to restore their phones, though not before wiping them of all user data.