Blog

Safe and secure

Safe and secure
Encryption, pass codes and other considerations for Missourians in the wake of Apple’s legal battle

by Greg Mitchell

A pivotal data privacy battle is underway. Apple’s decision to oppose a court order to “unlock” San Bernardino killer Syed Farook’s iPhone continues to make headlines and spur discussions. It could also have a major ripple effect on the data privacy rights of U.S. citizens.

In a nutshell, the FBI wants Apple to help it access Farook’s employer-provided iPhone. The data on an iPhone becomes encrypted once a pass code is enabled, and entering the pass code decrypts the data. In the past, if law enforcement had physical possession of an iPhone, it only had to get Apple to turn over the pass code to that device – and this is a scenario that allegedly played out on numerous occasions.

But Apple rolled out a new approach to privacy with the release of its iOS 8 operating system. Apple no longer maintains user pass codes, meaning the company has no way to access encrypted iPhone data. The FBI wants Apple to rewrite the software on Farook’s iPhone so that it can access the device’s encrypted data without the pass code. This is called a backdoor, and whether technology companies should equip their devices or services with backdoors to encrypted data has been the subject of public debate.

Supporters of backdoors argue that they are necessary for law enforcement to ensure public safety, while opponents feel that they could put personal data at risk of unfettered government access or hackers. Regardless of what side you fall on, here are several things for Missourians to keep in mind about the case:

Even if Apple prevails, it does not mean that all iPhone data is immune from government prying. Much of the information stored or created on an iPhone could still be obtained from other sources such as cellphone carriers, email providers, social media networks and app companies. Emails, text messages, call/text logs, IP addresses and location data may still be available under a smattering of federal laws, like the Electronic Communications Privacy Act and Communications Assistance for Law Enforcement Act, which all operate in the Fourth Amendment’s shadow.

In any case, the government must obtain “legal process” – such as a warrant, court order or subpoena – before it can retrieve data. But these laws vary on what the government must show a court to obtain a warrant, court order or subpoena for a particular type of data, such as an email or text log.

It’s also important to remember why Apple is the FBI’s main target: Farook is not around to provide his pass code. Forcing people using iOS 8 or later to reveal their pass codes is the easiest way for the government to access encrypted iPhone data. However, courts around the country have differed on whether doing so violates a person’s Fifth Amendment right against self-incrimination. Is providing a pass code the same as testifying against oneself? Some courts have said that it is because a pass code is “stored” in one’s mind. This abstract argument is part of what causes the judicial disagreement. Biometric protections, such as fingerprint pass codes, are likely not covered by the Fifth Amendment since their source – a person’s finger – does not exist within the mind. This is an ironic development considering biometric pass codes are generally seen as more secure than numeric pass codes.

It may seem obvious, but enabling a pass code on an iPhone is the simplest step one can take towards protecting its data. Although it might create a minor inconvenience, without a pass code, much of the data on an iPhone will not be encrypted. A forgotten pass code, however, could result in loss of all data on the iPhone if there is no backup.

Still, individuals that do back up iPhone data and wish to keep it secure should consider the places other than the device that the data may be stored. Most data stored in Apple’s iCloud service is automatically encrypted, however data backed up to iTunes is not automatically encrypted. Users can encrypt iTunes backups but should be warned: passwords used to encrypt iTunes backups currently cannot be recovered (nope, not even by your go-to Millennial).

As the use of data encryption increases, tech users should be aware of what’s recoverable and what’s not, as well as how Apple’s current situation could greatly impact that.

Greg MitchellGreg Mitchell is counsel for UnitedLex, a multinational litigation support and cyber security firm headquartered in Overland Park, KS.

 

This information is intended as general information about the law and legal system. It is not to be considered as legal advice for your specific situation.

Leave a Reply

Back to Top