iOS 8: Too Much Privacy?

September 17, 2014

According to {a report in the Washington Post: http://www.washingtonpost.com/business/technology/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html}, Apple’s latest operating system for the iPhone and iPad, iOS 8, has encryption capabilities that prevent Apple or anyone but the device’s owner from gaining access to the data stored there. iOS 8 includes options for blocking access to the iCloud and blocking location tracking. I am guessing that Jennifer Lawrence is sold on this concept.

This development may spring from a deep-seated commitment to privacy or may be part of a perception that privacy can sell. Certainly Tim Cook’s stance suggests that he thinks that the market is keen to have privacy:
‘{i}Our business model is very straightforward: We sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t “monetize” the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple.{/i}’

One of the great ironies of recent months must be the fact that privacy and security seem to have become a greater concern in the USA following the leaks of pictures of a few celebrities without their vests on than from any number of Snowden revelations. Clearly Edward Snowden should have ignored the newsy bits and led with any nudey bits he has.

Whatever the motive for Apple’s stance, I find it very worrying. Apple is quoted as saying ‘it’s not technically feasible for us to respond to government warrants for the extraction of … data from devices in their possession running iOS 8.’ As the Washington Post points out, as iOS 8 becomes widely deployed, the number of iPhones and iPads that Apple is capable of breaking into for police will steadily dwindle.

I am a great advocate for giving the user options that enable greater privacy. But my assumption had always been that, where a court order or warrant is granted, law enforcement authorities would be able to gain access to data. The inadequacies of the current checks on the obtaining of warrants etc can be met by improving those checks. I do not want a situation where the iPhone of an abducted teenager is so effectively encrypted that no clue can be gained from it. I know that organised criminals encrypt and use untraceable phones and that it is an offence under {RIPA, s 53: http://www.legislation.gov.uk/ukpga/2000/23/section/53} not to reveal your password on receipt of s 49 notice. But neither of these help the abducted teenager and, in any case, most criminals are just like most people – they are not organised. Moreover, the s 53 offence is of limited utility in some instances – imprisoning someone may not lead to the information being revealed.

By making serious encryption this easy, even the least organised of us may well cover our tracks. And what was meant to improve our personal security through increased privacy may make {i}justified{/i} investigation much harder. Not all law enforcement into personal data is ‘snooping’ (just too much of it). Are we creating problems that we will come to regret?