As law-enforcement agencies find ever-more-sophisticated ways to hack into iPhones, Apple finds equally sophisticated ways to block them and protect its customers’ privacy. And it doesn’t appear this smartphone tug of war is likely to end soon.
The issue came under public scrutiny after a 2015 mass shooting in San Bernardino, Calif., which killed 14 people and injured 22. The two attackers destroyed their personal phones before they were killed in a shootout with police, who did recover a work-issued iPhone 5C from one of them. The phone was locked with a four-digit password and was set to eliminate all its data after ten failed password attempts, so the FBI wanted Apple to create new software that would allow it to unlock the phone. Apple refused, citing the privacy rights of its customers, but the FBI found a third party able to help agents unlock the phone and retrieve the data.
This case underscored the divide between law enforcement and Apple regarding smartphone privacy and unlocking software. The FBI and police departments naturally want to access as much information as possible on terrorists and criminal suspects, including their contacts, text messages, etc. But Apple, along with its customers and privacy advocates, counters that mobile-phone searches are a violation of privacy rights, and worries about everything from users’ sensitive information to the harassment of vulnerable populations. (For example, from 2015 to 2016, the number of cellphone searches by U.S. border agents rose approximately fivefold, from fewer than 5,000 to almost 25,000.)
The cat-and-mouse game between Apple and law enforcement continues. Many agencies currently work around Apple’s privacy protections with phone-unlocking software from two companies: Cellebrite, an Israeli forensics firm now owned by Japan’s Sun Corporation, and the recent American startup Grayshift, whose founders include a former Apple engineer. Just this March, Grayshift began selling a $15,000 device called “GrayKey,” which police can use to unlock iPhones themselves.
But to the dismay of law-enforcement officials, Apple is working on a software update that will close a loophole that lets Cellebrite and Grayshift hack into personal iPhones. The new feature will disable the phone’s charging and data port an hour after the phone is locked, preventing police (or anyone else) from accessing data by connecting to the port and running their own software through it to transfer data.
While police see this as hindering their ability to investigate and prosecute anyone from terrorists to child abusers to college students involved in illegal hazing, consumer and civil-rights advocates say Apple is correct to close security loopholes and protect its users’ privacy. For one thing, cellphones (unlike, for example, home computers) are particularly vulnerable to illegal searches, because they typically are carried around by users and can too easily be seized and/or searched by police without a warrant. Besides, if law enforcement can hack into your phone, so can criminals.
Apple uses the latter point to defend their privacy upgrades against government criticism. According to Apple spokesman Fred Sainz, “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”
The technology one-upmanship between tech companies and law enforcement has been going on for years. Both Apple and Google encrypted their mobile software in 2014, scrambling data to make it unreadable unless accessed with a password or other special key. Earlier, when police began employing software that broke into phones by trying every possible passcode, Apple blocked that by disabling iPhones after a certain number of incorrect attempts; technology that both Cellebrite and Grayshift have been able to work around. And last year, Apple introduced a feature allowing users to quickly disable Touch ID as a way to unlock the phone and prevent either police or criminals—or an abusive partner—from physically forcing you to unlock your phone.
Know your rights: Generally, law-enforcement officers must have a warrant to search your cellphone, just as they would to search your home or personal computer. There are exceptions; one of which is if you provide consent. Government agents may also search your phone at border crossings. So far, courts have held that police must still obtain a search warrant, even after an arrest.
If believe you or a family member has been subjected to an unwarranted smartphone search or any other unlawful search and seizure, Dreyer Boyajian LaMarche Safranko can help. Call us at (518) 463-7784 or contact us online.