Security and privacy are two things that are usually at the center of requests and suits against Apple. According to CNET, Apple gets so many requests to decrypt seized iPhones by law enforcement that it has a waiting list of sorts. In one account from last year federal agents were stomped by the encryption of the iPhone 4S when it came to getting information on a Kentucky crack cocaine dealer and asked Apple for assistance. Of the account U.S District Judge Karen Caldwell mentioned that an ATF agent got in touch with Apple about assistance in unlocking the phone and were “placed on a waiting list by the company.”
ATF agent Rob Maynard’s affidavit on the situation stated that during three months he looked to law enforcement agencies at all three levels that had the forensic tools to unlock the device. After all agencies he approach mentioned they didn’t have the capability to do so, he went to Apple. Joann Chang—one of Apple’s legal specialists—told Maynard that the list was so long that there could be a 7-week delay in assistance. It’s been said that in total the whole episode took at least four months.
In response to the situation as well as revelations about the nature of the ATF’s security busting approach, the ATF’s public affairs chief, Ginger Colbrun informed CNET that the ATF couldn’t go into the specifics of an ongoing investigation or legal proceedings.
Other incidents include the Nevada case where feds couldn’t break an iPhone and iPad due to the strength of Apple’s encryption and user passwords as well as the DEA being unable to get around Apple’s iMessage.
In ATF agent Rob Maynard’s same affidavit, he stated that Apple “has the capabilities to bypass the security software” and to “download the contents of the phone to an external memory device.” He went on to mention that Joann Chang said that Apple would download the contents of the device to a USB external drive and hand it off to the ATF once the security analyst for Apple finishes.
Beyond the legal realm, this shows that Apple—and Google who can simply reset the password and give the new password to law enforcement if needed—can access information and give it out despite the user’s password strength and encryption.
Currently Apple is dealing with cases concerning user privacy and what can be done with user information—including contacts.