Opinion by Preston Gralla

Can the iPhone 6 really defeat the NSA?

There are loopholes in Apple’s claim, and law enforcement’s outrage seems disingenuous

national security agency headquarters fort meade maryland
NSA

Opinion by Preston Gralla

Show More

People who prize their privacy may be eyeing the iPhone 6, which both Apple and various law-enforcement officials say can defeat attempts by government agencies to get people’s text messages, emails, photos, contacts, and more. But if you’re thinking of buying an iPhone 6 because you want assurance that the government can’t spy on you, you should be aware that claims of nearly impregnable data have to be taken with a grain of salt.

What is true is that the iPhone 6 has better privacy protection because encryption is turned on by default. Similar encryption is available on Android phones, but it’s not turned on by default. Google is expected to change that in an upcoming Android release.

Apple also says that it won’t turn over your encryption key to the authorities — and in fact won’t be able to. Each user’s encryption-key passcode will be known only to the phone’s user, and not to Apple.

Those two things together mean that, should Apple turn over any of your data to a government agency, that data will be encrypted (unless you have taken the extra step of turning off encryption), and Apple won’t have access to the encryption key.

Will the government be able to guess the passcode for your encryption key? Not easily, Apple says. The six-character, alphanumeric encryption-key passcode that Apple is implementing uses lowercase letters and numbers. The company claims that it might take "more than 5 1/2 years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.”

All of that sounds highly secure, and public statements from officials at various government agencies have contributed to the idea that Apple’s safeguards are going to be hard to breach. FBI Director James Comey, at a press conference in late September, said, "What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law."

And Ronald T. Hosko, a former assistant director of the FBI’s Criminal Investigative Division, wrote an op-ed piece in The Washington Post criticizing Apple for the new encryption policy. He charged that Apple’s encryption for the iPhone 6 would have made it impossible for law-enforcement agencies to rescue a kidnapping victim in Wake Forest, N.C. The victim, he said, would have been murdered.

There’s only one problem with Hosko’s claim, and with Comey’s complaints: They don’t appear to be true. The Washington Post corrected Hosko’s op-ed piece to note that the FBI solved the case by getting telephone records used to make a ransom demand and used a wiretap to eavesdrop on the kidnapper’s phone conversations. Encryption of email would have made no difference in the investigation.

As for Comey’s worries, TheNew York Times reports that Apple’s five-and-a-half-years-to-crack claim is highly suspect, saying, “Computer security experts question that figure, because Apple does not fully realize how quickly the N.S.A. supercomputers can crack codes."

And even if law-enforcement officials were locked out of the phone’s data, they would still have a number of other ways to find the evidence they need. Security researcher Jonathan Zdziarski told the Times, “Eliminating the iPhone as one source I don’t think is going to wreck a lot of cases. There is such a mountain of other evidence from call logs, email logs, iCloud, Gmail logs. They’re tapping the whole Internet.”

Yes, that’s right, what’s on your phone might be completely secure (OK, probably not), but if you back that data up using iCloud, Apple’s guarantee about not having a key to hand over to law enforcement evaporates. The key used to encrypt iCloud data is in Apple’s hands. But don’t breathe a sigh of relief if you don’t use iCloud. Zdziarski discusses on his blog a variety of forensic tools that can be used to get a wealth of information off of an encrypted iPhone 6.

Both Apple and law-enforcement agencies have their reasons for wanting to make it seem as if iPhone 6 encryption is more foolproof than it really is. Apple, of course, wants you to buy its phones, and privacy is a selling point. As for law-enforcement agencies, the iPhone encryption controversy might seem like a chance to get more money for algorithm-busting technologies. Both sides hope to get a favorable ruling in the court of public opinion.

So is the iPhone 6 a good investment for people who are intent on keeping their data private? The phone’s security measures are indeed an improvement. But don’t buy the idea that your personal information will be absolutely locked down if you use the iPhone 6.

Copyright © 2014 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon