A recent blog post from the ACLU contains some interesting observations on how Google and Apple provide law enforcement access to locked smartphones. Apple’s method raises some concerns.
Google does a good job restricting access. First of all it requires a special kind of search warrant. Second of all, it does a password reset before sharing a new temporary password to law enforcement. Moreover, this password is reset again after a fixed time period. This limits access to a small timeframe. With each password reset, the owner is informed of the reset.
Apple does it differently: the company
won’t release any personal information without a search warrant, and we never share anyone’s passcode. If a court orders us to retrieve data from an iPhone, we do it ourselves. We never let anyone else unlock a customer’s iPhone.
This means law enforcement has no control over how the data is extracted from the phone. It is unclear what procedures are used to extract the data, and what means are used to ensure that the data does not get tampered with. Given this fact I wonder how admissible this kind of evidence is in court. If it is admissible, this gives a company the power to incriminate people at will…