Apple has long been either a privacy hero or headache, depending on which side of the divide you sit.
And based on the beta versions of iOS 11, which gets its grand, official introduction on Tuesday at the Apple Special Event, along with the newest iPhone, iWatch and more, it will likely now be even more of a hero to privacy advocates and more of a headache to law enforcement.
Not that Apple has ever made it easy for the cops and intelligence services. Nicholas Weaver, a security researcher at the University of California, Berkeley, noted on the Lawfare blog last week that, “unlike Google or Facebook, which use advertising to extract value from users’ personal information, Apple focuses on selling things that protect a user’s data from all unauthorized access – including by Apple”.
That led, among other things, to the famous clash last year between Apple and the FBI over the agency’s demand that the company provide a way to unlock the iPhone of the deceased San Bernardino terrorist.
While that was “resolved” when the FBI “bought a tool”, according to former FBI director James Comey, it didn’t resolve the overall conflict over whether device makers like Apple should be required to provide a backdoor into their products for law enforcement.
And that conflict is likely to get more intense, now that iOS 11 is increasing protections against “unauthorized access”.
Until now, once an iPhone was unlocked – and law enforcement could require a person to use the Touch ID feature to do so without running afoul of the Fifth Amendment – there was no further barrier to, as Weaver put it, “connect the device to a computer running forensics software, or even just iTunes, direct the device to ‘trust’ the new computer when prompted, and download a backup that contains almost all of the relevant information stored on the phone”.
All of which, relevant or not, they could then analyze for as long as they wished, back at the office.
No more. The new iOS will now require the six-digit passcode before allowing it to sync with – or “trust” – a different computer. And giving up that number does have Fifth Amendment protection. Greg Nojeim, director of the Project on Freedom, Security and Technology at the Center for Democracy & Technology, said speaking the passcode is considered “testimonial”, while providing a fingerprint is not.
So law enforcement could still manually browse through what they can find on the unlocked phone, but that amount of data will be vastly less than what they could gather from a backup and forensic software using an SQLite database engine, which would in most cases include thousands of deleted messages and call logs.
Weaver said the passcode requirement would be especially significant at border searches, where a legal “exception” allows US Customs and Border Protection to copy all the contents of electronic devices without any probable cause or even “reasonable articulable suspicion.”
Again, while agents would still be able to demand that an owner unlock an iPhone and then manually look through it, they would not be able to make a backup copy without the passcode.
Nojeim applauded the impending change.
We have long said that there has to be reasonable suspicion to access everything on a phone. These devices carry your life – they’re a treasure trove of private information.
In addition to the passcode barrier, iOS 11 also provides an “SOS” feature – press the power button five times rapidly and it will let the user make an emergency call, but also disables the fingerprint reader. To unlock the phone would then require the passcode. The feature is, of course, being sold as a way to get help quickly in an emergency, but it obviously could be used to lock the phone down to prevent law enforcement access.
And, as software forensic firm Elcomsoft noted in a blog post last week, law enforcement can’t tell if a potential suspect used that feature to disable Touch ID:
There is no way to tell that Touch ID has been disabled by using the SOS feature. Once the sequence is completed and the user cancels the menu, the iPhone prompts for a passcode in the same manner it uses after Touch ID naturally times out.
Weaver doesn’t see that as a big deal, saying:
There are already a number of ways to rapidly disable the fingerprint reader, such as powering off the phone, using the wrong finger four times, or just waiting long enough for the feature to disable itself. So this is more hype than substance.
Even a locked iPhone doesn’t lock everything out, as Naked Security’s Maria Varmazis noted when she took the beta iOS 11 for a test drive. In fact, it actually allows a bit more access than iOS 10:
iOS 11 adds viewing the Control Center (the menu that you can pull up from the bottom of the screen) and returning missed calls to options that work despite the lockscreen, in addition to features that were already available on iOS 10. All of these options are turned on by default.
Of course, a user can turn them off as well. But the bottom line is that the personal privacy vs protection-of-society debate is likely to get more intense, and make its way into the courts.
Comey, back in March when he was still FBI director, said at a conference in Boston that while “I love privacy,” there has always been a “bargain” in the US that government can invade privacy, “with probable cause and a warrant … The general principle is that there is no such thing as absolute privacy.”
Weaver would agree only in part. He wrote that the iOS 11 upgrades “will have some impact on lawful investigations”. But he added: “That isn’t necessarily a problem – the benefits here outweigh the costs.”
Nojeim agreed with that last part, saying:
We are in the golden age of surveillance. There has never been larger or richer collection of data about the private activities and thoughts of people who have committed no crime and done nothing to bring suspicion. Something like this starts to level the playing field just a bit.