Complex passwords and encryption may be enough to keep the contents of your Apple devices safe from snooping by most parties, but that kind of privacy doesn’t sit too well with authorities. Documents from a court case in Kentucky have revealed that not only did police ask Apple to unpick the security for a suspect’s iPhone in that case, but that the company has been asked to do the same thing in so many other cases that it’s had to create a waiting list for agencies who would rather make the private public in the name of the greater good.
The findings stemmed from court documents prepared by Rob Maynard, an agent of the federal bureau of Alcohol, Tobacco, Firearms and Explosive, for a case last year involving Mark Edmond Brown, a 24-year old accused of dealing crack cocaine in Kentucky. Police revealed that the suspect’s iPhone 4S became important to the investigation but, as an encrypted device, the ATF was unable to get to the information on the phone. Maynard explained that he “attempted to locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock” the phone, but was repeatedly told that they didn’t have the capability to do so.
Eventually, he went directly to Apple, where he spoke to Joann Chang, a legal specialist in Apple’s litigation group, who told him that the company could assist – but that there would be a delay of at least seven weeks until they’d have the time to help (documents later reported that the actual wait ended up being closer to four months).
According to Maynard’s affidavit, Chang explained that Apple “has the capabilities to bypass the security software [and] download the contents of the phone to an external memory device.” Apple would take possession of the phone in question, and “once the Apple analyst bypasses the passcode, the data will be downloaded onto a USB external drive” that would be handed off to authorities.
The decryption was by-the-book; a search warrant looking to find “all recoverable data” on the phone that would demonstrate a relationship between Brown and another suspect had been requested, and granted, by a judge. When Brown’s attorney tried to have the data pulled by Apple thrown out because of the amount of time the decryption had taken, the judge refused to do so. Eventually, Brown plead guilty to the charges filed against him.
It’s becoming increasingly clear how available what some would consider “private” information actually is to authorities. For most people, this isn’t really a big deal in anything other than the abstract, because – well, would anyone really care what’s in your inbox right now? Still, in that abstract, it’s a worrying thought that not only is your information available even when encrypted, but that the companies we trust to make out everyday devices are helping making that so. Maybe the lesson is to not do anything that would require companies to go through your private info for legality’s sake. That, or it seems criminals really like using iPhones.