Law enforcement agencies may be able to access data on locked iPhones more often than they’re letting on, an analysis of hundreds of search warrants shows.
Apple’s iPhone encryption is strong, but law enforcement agencies can still bypass it.
The debate surrounding encryption and the so-called “Going Dark” issue has been ongoing for years, even as law enforcement agencies inflate the number of devices they can’t unlock while successfully extracting data from modern iPhones. The ambiguity makes it hard to draw firm conclusions about the situation.
An analysis of more than 500 iPhone-related search warrants and cases carried out by Motherboard shows that the situation is much more fluid than it would appear.
Of course, many law enforcement agencies are not able to access data on locked iPhones —but that’s not always because of encryption. In many cases, small police departments don’t have the necessary technological or financial resources to crack a device, while in other cases physical damage to an iPhone prevents any type of data extraction.
Motherboard’s dataset shows that many law enforcement agencies, particularly ones at the federal level, are able to successfully extract data from even the most recent iPhones using digital forensics tools made by Grayshift and Cellebrite.
In a statement, an FBI spokesperson told the publication that “there is a wide disparity of capabilities that exists across the American law enforcement landscape.” Sometimes, that disparity has led smaller law enforcement agencies to send devices off to federal facilities with access to advanced iPhone cracking technologies.
Out of the 516 cases that Motherboard analyzed, law enforcement officials were able to extract some type of data in about 295 of them. But even among smartphone search warrants that were marked as “executed” by police and federal authorities, the amount and level of data varied.
In some, but not all, cases, investigators were able to pull text messages, call records, browsing data, cookies and location data from smartphones. Using advanced extraction techniques that take more time and aren’t always succesful, police may even be able to access encrypted messages in platforms such as Signal or Wickr.
And, of course, there’s other data on an iPhone that police can access without local access to your device. Apple currently complies with government subpoenas or warrants to provide iCloud backups, which may contain certain pieces of sensitive information.
But most of all, Motherboard describes the situation as an “ebb and flow.” Not every iPhone case that it analyzed resulted in data extraction. And going forward, there will likely factors that tip the balance one way or another, such as government legislation or Apple implementing stronger security measures.
Apple features like USB Restricted Mode have made it harder for law enforcement or forensics firms to access data, one insider confirmed to Motherboard. And Apple’s tight control over both hardware and software makes it easier for it to make major changes like that in the future.
But actual “hacking” of local iPhone data is only one part of the broader encryption debate. In February, lawmakers pressed for new legislation that could threaten Apple’s use of end-to-end encryption for systems like iMessage and FaceTime. Before that, government pressure may have caused Apple to change its mind about certain security features.