Apple Will No Longer Unlock Most iPhones, iPads For Police

SternisheFan writes with this selection from a story at the Washington Post: Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user data. The move, announced with the publication of a new privacy policy tied to the release of Apple's latest mobile operating system, iOS 8, amounts to an engineering solution to a legal dilemma: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that makes it almost impossible for the company – or anyone else but the device's owner – to gain access to the vast troves of user data typically stored on smartphones or tablet computers. The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails, recordings or other documents. Apple once kept possession of encryption keys that unlocked devices for legally binding police requests, but will no longer do so for iOS8, it said in a new guide for law enforcement. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," Apple said on its Web site. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."

So everything is protected by a 4 digit passcode?

[Elad+Alon]

So everything is protected by a 4 digit passcode?
Wow... Impregnable.

Sanity...

[Panaflex]

This is how things are supposed to be. The legal system was designed for individuals "to be secure in their persons, houses, papers, and effects."

Re:So everything is protected by a 4 digit passcod

[Spy+Handler]

My luggage only has a 3 digit passcode, iphone is 10 times stronger encrypted!

So then they get another warrant ...

[BarbaraHudson]

Then they're served with another warrant ... one that obliges them to put a back door into either the individual device, or their whole infrastructure. Without informing users that such a warrant has been served.

Then what?

It's like a game of chess where the values of the piece can be unilaterally changed by one side.

Re:So then they get another warrant ...

[xdor]

They don't need a back-door.

Sure they'll encrypt your files with a key they don't know just like they said. But to comply with law enforcement all they would have to do is intercept your password when you enter it. And that's done easily : keyboard driver update patch for target users: collects and forwards the password to the feds.

That way they're still encrypted as advertised. And its possible that if you lose your phone or its confiscated that this would still be a plus. But I think this password intercept is how the feds would get access if they're monitoring you specifically.

Re: So everything is protected by a 4 digit passco

No because encryption is derived from passcode and device key which is in the cryptochip sillicon. You have to brute force those things 'online' due to this as anyone who has done iOS forensic will tell you. Now if you want to break that full key out of the blue offline then... hm. yeah.. see you in a million years.

Re:So everything is protected by a 4 digit passcod

[Savage-Rabbit]

Standard data forensics procedure is to write-protect any storage device which contains evidence, copy it bit-for-bit, and do all the decrypting and data analysis from the copy. The 10-try limit may protect your data from a random thief who lifts your phone, but the only way it's going to protect you from the government or any other technically-capable hacker is if Apple baked the limit into the flash memory-reading hardware.

And there's always this.

You can put a complex password on your iPhone:

1) Settings->Passcode, enter your 4 digit passcode.
2) Flip the "Simple Passcode" switch.
3) Set your new arbitrary length complex password.
4) Enable the "Erase Data" setting which wipes the device after 10 incorrect password inputs.
5) Enjoy entering your complex password every time you want to access the phone.

The encryption on these iDevices and the Macs is non trivial to crack. Combine this encryption with a properly strong password and that wipe feature and even the Police would be shit out of luck. I know of a case where a guy resolutely refused to provide police with the password and crypto-key for his MacBook. The cops shipped the laptop to Cupertino who sent it back after a few weeks having failed to crack the drive encryption. The cracking would take longer than the expected lifespan of the universe. Your only hope of getting into a properly password protected and encrypted device be it an iDevice, an Android device or a Windows phone is if there happens to be some software vulnerability that enables you to bypass the login screen.

We'll see

[Barlo_Mung_42]

Blackberry used to be secure until they wanted to sell phones in India and the Indian government demanded a backdoor in order for them to sell phones there.
Will India now also refuse the sale of iOS8?

Re: So everything is protected by a 4 digit passco

[alen]

some of us are old enough to remember when 128 bit keys were considered unbreakable

Re:So everything is protected by a 4 digit passcod

[chispito]

Or, they simply use a $5 wrench.

Don't be ridiculous, we're talking about the US government and not some thugs.

It would be a $5,000 wrench.

Re:So everything is protected by a 4 digit passcod

[Noah+Haders]

This is exactly the point. Police can serve a warrant on a person, but they can't take the legal wrench to apple.