large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

What is encryption – and why does Apple keep getting in trouble for it?

From Apple’s marketing campaigns to President Trump’s Twitter rage, encryption has been making headlines this month. But what is encryption – and why are we debating it?

How does encryption work?

In its simplest form, encryption is the act of converting data into code. Companies use algorithms to generate seemingly random lines of code out of plain text with the goal of keeping snooping eyes out of your private business.

It’s a powerful tool and tech companies use it for everything from disguising your text messages when they cross servers to password protecting your phone.

In a world where consumers store their whole lives on phones – from health and location data to social media passwords – encryption does the crucial job of keeping all of that sensitive data out of malicious hands.

But locking the bad guys out means locking everyone out.

Why law enforcement has an issue with it – and Apple

Apple, in particular, has come under fire over the last month for refusing to comply with FBI requests to create a tool that would unlock two iPhones belonging to the gunman in the Pensacola Naval base shooting in Florida.

The shooting, which took place on the morning of December 6, ended in four deaths including that of the gunman.

In a speech published on the US Department of Justice website on Monday, Attorney General William P. Barr claimed that Apple had not provided enough assistance in the month following the shooting.

According to Barr, the FBI obtained authorisation to search two iPhones belonging to the shooter within a day of the event but hit a wall when it came to unlocking the handsets.

One of the phones was shot during a gunfight with first responders, while the other also came out damaged. Though the FBI crime lab was able to fix both, password protection made it impossible for the investigators to get past the lock screen.

Though Apple claims it handed over “many gigabytes” of iCloud data, the company refused to undermine the OS’ encryption services.

“We have asked Apple for their help in unlocking the shooter’s iPhones”, said Barr. “So far Apple has not given us any substantive assistance”.

This isn’t the first time Apple has clashed with law enforcement over iOS encryption.

In 2015, the company faced similar demands in the wake of the San Bernardino attack. It refused and the FBI was forced to turn to Israeli digital forensics firm Cellebrite for help.

Apple has strengthened its OS since then, making it more difficult for forensics teams to crack, but this hasn’t stopped law enforcement, intelligence agencies and military branches from turning to them (after getting upset when Apple won’t help).

Related: Best phone

According to a report by Privacy International, one such example of Apple’s continued security efforts is USB restricted mode. The feature, which was introduced in iOS 11, disables USB communications after one hour of the last unlock. This means law enforcement have to work fast if they want to extract data from a seized phone.

“Mobile phone extraction could be characterised as an arms race, where vendors are constantly seeking to overcome obstacles of increased phone security”, wrote Privacy International.

Despite increasing challenges, just this week it was announced that police in Scotland had spent more than £500,000 on 41 machines designed to override encryption on devices.

So, why can’t Apple just add a backdoor and save governments the time (and trouble) of hiring a third party firm to peak into seized devices?

It all goes back to the original issue with encryption – opening the door for one person, opens the door for everyone.

And, for a company whose entire marketing campaign revolves around user privacy, this is a big problem. While encrypted Android phones have also presented issues for law enforcement, many aren’t as tightly guarded as iPhones.

Related: Best VPN

“I have a team that works 24 hours a day, seven days a week, responding to exigent requests from law enforcement”, attested senior director for global privacy Jane Horvath at CES last week. “We have helped in solving many cases, preventing suicides. But, building a backdoor to encryption is not the way that we’re going to solve those other issues”.

Opening a backdoor would compromise iOS security worldwide by inviting hackers to exploit the vulnerability and allowing for an increase in government surveillance, neither of which bodes well for iPhone users.

However, this hasn’t stopped UK government bodies and law enforcement agencies from campaigning for it.

A spokesperson for the National Crime Agency (NCA) told Trusted Reviews:

“Encryption is critical to protecting UK citizens online, and billions of people globally use it every day for a range of services including banking, commerce and communications. However, the right balance must be struck between protecting users’ privacy and protecting people, and particularly children, from criminal harm.

“The NCA and National Police Chiefs’ Council believe that online technology providers have a duty to create the safest possible environment for children on their systems. Robust age and identity verification procedures are crucial in helping to mitigate the threat from online child abuse, particularly on encrypted or private platforms.

“Additionally, law enforcement agencies need to be able to access specific communications relevant to investigations into serious crime such as child sexual abuse and exploitation. However, by enforcing End to End Encryption, some technology companies have placed most of the information about what their users say and do out of reach of such lawful investigations.

“Technologies such as DNS over HTTPS (DoH) could potentially render ’block lists’ of URLs known to host indecent images of children ineffective. When implementing these technologies, companies must consider their duty of care to children and their responsibility to prevent criminal exploitation of their products and services.”

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.