Tech giant Apple is reportedly planning to stop anyone who wants to gain access to a encrypted iOS device via techniques such as Cellebrite’s GrayKey phone-hacking box by introducing an option to lock USB data access an hour after the device is locked, essentially turning iPhones, iPads and iPods into sealed black boxes.
Officials in the law enforcement community, which has been scaremongering about Apple’s encryption technology for years over the objections of actual tech experts, aren’t happy about it.
New York Police Department officers monitor a protest near the Apple Store on Manhattan’s Fifth Avenue on 23 February 2016. Photo: Julie Jacobson (AP)
In fact, per an article in The New York Times rehashing the plan, police seem pretty steamed about the matter, such as this Indiana state investigator who works on internet child abuse:
“If we go back to the situation where we again don’t have access, now we know directly all the evidence we’ve lost and all the kids we can’t put into a position of safety,” said Chuck Cohen, who leads an Indiana State Police task force on internet crimes against children. The Indiana State Police said it unlocked 96 iPhones for various cases this year, each time with a warrant, using a $15,000 [$AU19,810] device it bought in March from a company called Grayshift.
Other law enforcement officials weighed in as well, saying the plan was tantamount to providing cover for criminals:
Hillar Moore, the district attorney in Baton Rouge, La., said his office had paid Cellebrite thousands of dollars to unlock iPhones in five cases since 2017, including an investigation into the hazing-related death of a fraternity pledge at Louisiana State University. He said the phones had yielded crucial information, and he was upset that Apple planned to close such a useful investigative avenue.
“They are blatantly protecting criminal activity, and only under the guise of privacy for their clients,” he said.
Michael Sachs, an assistant district attorney in Manhattan, said his office uses workarounds – he declined to specify which – to access locked iPhones several times a week. That has helped solve a series of cases in recent months, including by getting into an iPhone to find videos of a suspect sexually assaulting a child. The man was convicted this year.
The Manhattan district attorney’s office sought warrants to search 702 locked phones in the first 10 months of 2017, the Times added, “two-thirds of which were iPhones”.
However, the paper did note that Apple says it has responded to 55,000-plus US government requests for iCloud data linked to over 208,000 devices since 2013, which isn’t exactly evidence of noncooperation with police investigations.
It’s also unclear whether the reported USB-locking feature will actually lock out cops with access to the GrayKey devices or one made by Cellebrite’s competitors – presumably turning off the data port will make the devices stop working, but it’s possible someone could suss out a workaround. Police could also simply move on a suspect within the one-hour window Apple intends to implement.
“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” Apple told Reuters in a statement. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”
In any case, law enforcement and intelligence community concerns about encryption have long been full of holes.
In January, FBI Director Christopher Wray (former chief James Comey’s replacement) called encryption an “urgent public safety issue”, and stated that the agency faces an “enormous and increasing number of cases that rely heavily, if not exclusively, on electronic evidence”. But it recently emerged that the FBI was flubbing numbers on how many encrypted phones have actually turned up in criminal cases.
Experts agree that leaving any kind of backdoor at all essentially amounts to a huge security flaw, and research has shown police and spies have plenty of ways to snoop on targets of criminal investigations whether or not some devices are locked.
The US National Security Agency, for example, seems relatively unconcerned about the barrier posed by encryption because they can collect information through methods such as metadata or compromising devices. The NSA is also investing heavily in cryptanalytic tools to simply break through the encryption itself.