September 18, 2014
Gizmodo staff writer Robert Sorokanich, writing about new security features in Apple’s just released IOS 8, says we can feel secure from searches and seizures by U.S. law enforcement of data on our Apple devices running IOS 8. See his article here.
However, reading through Apple’s Legal Process Guidelines to U.S. Law Enforcement at section “I” and Apple’s statement to consumers, I don’t think we should feel any more secure than we did before downloading the new operating system.
Apple’s policy is carefully written, and it is neither emphatic nor unequivocal. The wording of the statement to consumers and of its Legal Process Guidelines avoids use of words like “cannot” or “not possible”, and instead says “not feasible” and that Apple will not possess the encryption key.
From the Legal Process Guidelines to US Law Enforcement Agencies
“For all devices running iOS 8.0 and later versions, Apple will no longer be performing iOS data extractions as the data sought will be encrypted and Apple will not possess the encryption key. ”
Sorokanich cites Apple’s statement to consumers, and here is an excerpt that is problematic:
“So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
I don’t equate “not feasible” with “not possible”.
I have reasonable faith that an encryption key, just one more piece of data, can be hacked or otherwise obtained by a motivated law enforcement agency – or someone else, for that matter. And, I think what Apple is saying is that it is unwilling to do the hack, which may be consistent with Apple’s privacy and other policies, but if a law enforcement agency finds another way to obtain an encryption key, I don’t think Apple can resist a valid warrant.