How the Government Might Circumvent iOS 8 Security


4-Step Computer Security Upgrade

Learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.

With iOS 8, Apple has implemented a new “zero-knowledge” security policy when it comes to iOS devices. In part, that means “it’s not technically feasible for [Apple] to respond to government warrants.” At The Volokh Conspiracy, Orin Kerr points out that the government might not be willing to accept that scenario.

1) The most obvious option would be follow the example of CALEA and E911 regulations by requiring cellular phone manufacturers to have a technical means to bypass passcodes on cellular phones.

2) A second option would be to enact a new law severely punishing a target’s refusal to enter in his passcode to decrypt his phone.

3) A third option would be to impose data retention laws.

(h/t Simple Justice)

Featured image: JPL Designs /


Get Lawyerist in Your Inbox, Daily

Current Articles
Current Lab Discussions
  • Bart Torvik

    Hasn’t this issue existed for years with encrypted hard drives?

    • I suppose the difference is that encrypting your hard drive has always been a personal choice. It’s different when Apple unilaterally decides to encrypt everything so that even Apple can’t access the data.

      Companies like SpiderOak have been using this kind of zero-knowledge encryption for years and nothing has happened, but I think the scale at which Apple operates probably makes the government more likely to sit up and take notice. Given the number of people who are now on iOS 8 (or will be within days), a huge swath of devices are now out of the government’s reach.

      Good, as far as I’m concerned. But Kerr is obviously right that the government has options. Politically, I think the government will have trouble convincing everyone it needs a back door to their phones, even if it uses the terrorist card, but who knows.

      Edit: I just remembered a case from a couple of years ago where a Colorado U.S. District Court judge said people can be required to decrypt their computers. (From a quick glance at the docket in PacerPro, it looks like the appeal was ultimately dismissed.)