{"id":3511,"date":"2015-07-06T16:23:09","date_gmt":"2015-07-06T16:23:09","guid":{"rendered":"http:\/\/ncjolt.org\/?p=3511"},"modified":"2020-06-04T20:53:36","modified_gmt":"2020-06-04T20:53:36","slug":"apples-new-security-features-in-ios-9-certain-to-cause-problems-for-law-enforcement","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/apples-new-security-features-in-ios-9-certain-to-cause-problems-for-law-enforcement\/","title":{"rendered":"Apple\u2019s New Security Features in iOS 9 Certain to Cause Problems for Law Enforcement"},"content":{"rendered":"<p>At Apple\u2019s annual World Wide Developer Conference (WWDC) last month, the company announced their latest mobile operating system for phones and tablets, <a href=\"https:\/\/www.apple.com\/pr\/library\/2015\/06\/08Apple-Previews-iOS-9.html\">iOS 9<\/a>. As is typical with Apple, this event included much fanfare and hyperbole. In addition to the announcements about all the software you didn\u2019t know you needed, Apple quietly ratcheted up security and privacy features.<\/p>\n<blockquote><p>In some circles, these are important new features, but Apple\u2019s continued use of encryption in iOS 9 will refuel the privacy versus law-enforcement debate reinvigorated by Edward Snowden a few years ago.<\/p><\/blockquote>\n<p>A technology primer: in cryptography, <a href=\"https:\/\/en.wikipedia.org\/wiki\/Encryption\">encryption<\/a> is the process of encoding messages or information in such a way that only authorized parties can read it. Most important communications across the internet, e.g. banking, are encrypted. Encryption is your friend when you\u2019re on an open WiFi hotspot at a coffee shop, but is the enemy of law enforcement when you are doing something illegal, because law enforcement cannot easily read your data.<br \/>\nA year ago, Apple caused a stir with the security features in what is now the current version of its mobile operating system, iOS 8. Several of the new features made law enforcement difficult, notably the default <a href=\"http:\/\/arstechnica.com\/apple\/2014\/09\/apple-expands-data-encryption-under-ios-8-making-handover-to-cops-moot\/\">encryption<\/a> of the user\u2019s personal information on the iPhone. Apple\u2019s CEO, Tim Cook also went out of his way to <a href=\"http:\/\/www.wsj.com\/video\/tim-cook-at-wsjd-live\/C48FC1F0-8E23-4592-8D9A-D08CD70E438F.html?KEYWORDS=tim%20cook.\">emphasize<\/a> the strong encryption features of the popular iMessage and FaceTime services. As if to pick a fight, Cook then publicly stated that government eavesdropping has gone too far.<br \/>\nPredictably, government agencies swiftly condemned Apple\u2019s choices with as much hype as an Apple product announcement. FBI director James Comey <a href=\"http:\/\/www.dallasnews.com\/news\/local-news\/20140925-fbi-chief-rips-apple-google-over-smartphone-encryption.ece\">stated<\/a> \u201c[t]here will come a day when it will matter a great deal to the lives of people &#8230; that we will be able to gain access,\u201d implying grave consequences for smartphone encryption so secure that the police cannot easily access information. The previous United States Attorney General, Eric Holder, <a href=\"http:\/\/www.reuters.com\/article\/2014\/09\/30\/us-usa-smartphones-holder-idUSKCN0HP22P20140930\">criticized<\/a> Apple and Google\u2019s use of encryption. Federal officials and Silicon Valley executives engaged in some heated <a href=\"http:\/\/www.washingtonpost.com\/blogs\/the-switch\/wp\/2015\/02\/23\/heres-how-the-clash-between-the-nsa-director-and-a-senior-yahoo-executive-went-down\/\">debates<\/a>, with no agreement on a mutually beneficial solution.<br \/>\nAs a compromise, the Federal government <a href=\"http:\/\/www.darkreading.com\/fbi-director-urges-new-encryption-legislation\/d\/d-id\/1316711\">proposed<\/a> back doors into encrypted products and services. A senior Yahoo executive quickly dismissed this idea, <a href=\"http:\/\/www.washingtonpost.com\/blogs\/the-switch\/wp\/2015\/02\/23\/heres-how-the-clash-between-the-nsa-director-and-a-senior-yahoo-executive-went-down\/\">analogizing<\/a> building in backdoors into cryptography standards to \u201cdrilling a hole in the windshield.\u201d Efforts to resolve these differences resulted in standoffs, with Apple executives calling the FBI comments <a href=\"http:\/\/www.wsj.com\/articles\/apple-and-others-encrypt-phones-fueling-government-standoff-1416367801\">inflammatory<\/a>. By early 2015, the controversy had subsided. Shortly after the new year, President Obama <a href=\"http:\/\/news.stanford.edu\/news\/2015\/february\/summit-main-obama-021315.html\">spoke<\/a> at Stanford about cyber-security in somewhat softer tones. In the wake of the Sony Pictures hack in 2014, the benefits of encryption were clearer than ever: had Sony encrypted its records, hackers wouldn\u2019t have access to that treasure trove of damaging business and personnel information.<br \/>\nAfter only a matter of months, Apple just added fuel back on the fire with iOS 9. iOS 9 continues where iOS 8 left off, containing even broader encryption capabilities. Using the features in iOS 9 in conjunction with the existing security features, almost all data coming out of the iPhone will be encrypted. Even if developers are unwilling to build in encryption, iOS 9 will handle it somewhat automatically.<br \/>\nSpecifically, iOS 9 includes increased Virtual Private Network (VPN) functionality, which allows users to direct more network traffic from their iPhones to encrypted channels. The new operating system will also include a feature \u201cApp Transport Security,\u201d which forces application communication (e.g. YouTube content, web browsing) over <a href=\"http:\/\/www.cso.com.au\/article\/577197\/apple-tells-ios-9-developers-use-https-exclusively\/\">encrypted<\/a> channels. Apple even recommended to application developers to use secure communications \u201cexclusively.\u201d With these new features and existing features, Apple is thus enabling and encouraging the encryption of all data. No doubt, this approach is part of a trend in Silicon Valley. <a href=\"http:\/\/arstechnica.com\/security\/2015\/04\/it-wasnt-easy-but-netflix-will-soon-use-https-to-secure-video-streams\/\">Netflix<\/a> recently announced it would encrypt video streams.<br \/>\nAs frustrated as the FBI and NSA may be with Apple and other internet companies, they are out of luck, at least with conventional measures. Telecommunication carriers are typically required under Federal law to provide wiretap facilities for law enforcement, set forth in the Communications Assistance for Law Enforcement Act (<a href=\"https:\/\/www.eff.org\/issues\/calea\">CALEA<\/a>). Congress passed CALEA in 1994 to provide additional tools for surveillance of digital telephony. Despite the fact that Apple does in effect provide telecommunications services, Apple does not fit within the statutory definition of a telecommunication carrier under CALEA.<br \/>\nCongress had the foresight to give the Federal Communications Commission (FCC) rulemaking authority to amend the definition of a \u201ctelecommunications carrier,\u201d knowing that communication technology evolves quickly. The \u201csubstantial replacement provision\u201d gives the FCC some <a href=\"https:\/\/www.law.cornell.edu\/uscode\/text\/47\/1001\">rulemaking authority<\/a> to deem companies telecommunications carriers to the extent that they are a replacement for a \u201csubstantial portion of the local telephone exchange service,\u201d and that it is in the public interest to deem it so. However, to date, the FCC has not exercised its authority in this respect.<br \/>\nUnsurprisingly, the FBI has argued that CALEA should be amended. However, without a legal requirement for backdoors into its products, Apple continues to push as far as it can, making law enforcement access to the products and services it sells as hard as possible. Apple seems determined to ensure that everything worth encrypting is encrypted. Tim Cook continues to <a href=\"http:\/\/techcrunch.com\/2015\/06\/02\/apples-tim-cook-delivers-blistering-speech-on-encryption-privacy\/#.orptux:oTIV\">advocate<\/a> in favor of users\u2019 privacy. Given the strong interests of law enforcement and national security, it\u2019s only a matter of time before Congress or the FCC decide to force Apple to cooperate. <span style=\"color: #222222\">At the time of the writing of this article, the U.S. and U.K. governments are <a href=\"http:\/\/mobile.nytimes.com\/2015\/07\/08\/technology\/code-specialists-oppose-us-and-british-government-access-to-encrypted-communication.html?referrer=&amp;_r=0\">seeking<\/a> to open back doors into encryption.\u00a0<\/span>But with Apple\u2019s huge cash balance and lobbying efforts on Capitol Hill, it will likely be able to blunt the impact of any legislation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>At Apple\u2019s annual World Wide Developer Conference (WWDC) last month, the company announced their latest mobile operating system for phones and tablets, iOS 9. As is typical with Apple, this event included much fanfare and hyperbole. In addition to the announcements about all the software you didn\u2019t know you needed, Apple quietly ratcheted up security <a href=\"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/apples-new-security-features-in-ios-9-certain-to-cause-problems-for-law-enforcement\/\" class=\"more-link\">&#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":3512,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/3511"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=3511"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/3511\/revisions"}],"predecessor-version":[{"id":7326,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/3511\/revisions\/7326"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media\/3512"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=3511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=3511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=3511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}