Los Angeles County Sheriff’s Capt. Chris Cahhal doesn’t mince words when deputies bring him an iPhone 6 and ask for help gathering information from the device. The veteran officer with the sheriff’s fraud and cyber-crimes bureau simply hands it right back.
“Here’s your nice paperweight,” Cahhal tells them. “We can’t do anything.”
A long-simmering dispute between law enforcement and Silicon Valley over encrypted phones gained national prominence last week when a federal judge ordered Apple Inc. to help the FBI break into an iPhone 5c as part of the investigation into the San Bernardino terror attacks.
But police in California and other states have complained for many months that data encryption creates a major investigative hurdle in the hunt for killers, human traffickers, child pornographers and other offenders. Some fear criminals are intentionally using devices that run on newer operating systems because they know police can’t access them, despite having search warrants signed by judges.
The Los Angeles County Sheriff’s Department has as many as 150 phones in evidence lockers that investigators can’t crack, Cahhal said. The LAPD has about 300, a captain said. In Sacramento, sheriff’s officials have nearly 90.
Officials said that before the FBI court order, they thought there was no way to access the information. Several California law enforcement agencies said they were told by Apple the company didn’t have the means to unlock phones.
Law enforcement officials acknowledge the need to balance privacy concerns with the desire for police access to encrypted data, but civil liberties advocates say those seeking a middle ground are searching for a compromise that is technologically impossible.
“You cannot build a lock that only good guys can turn the key for,” said Cindy Cohn, executive director of the Electronic Frontier Foundation, a San Francisco-based civil liberties organization.
“Law enforcement doesn’t just want this for terrorist cases,” she said. “They want it for every case.”
Apple echoed Cohn’s sentiments when it filed a motion this week to vacate the court order in the San Bernardino case, arguing, “This is not a case about one isolated iPhone.”
Police and prosecutors say some criminal investigations have hit a dead end when detectives are unable to access encrypted data.
Brittney Mills was eight months pregnant when she was gunned down inside her Baton Rouge, La., home in April 2015. As detectives investigated the 29-year-old’s death, they found what they thought could be a key piece of evidence: her iPhone.
Mills’ daughter and friends told investigators that she kept a diary on her phone and used the device to text, Moore said. Hoping the phone data could help them track Mills’ killer, prosecutors obtained another search warrant, asking Apple to help them crack the encrypted device. But the company said there was nothing it could do.
“Since the device is running iOS version 8 or a later version, the iOS extraction cannot be completed,” said Moore, reading Apple’s response to the warrant.
Moore acknowledged the information stored on the encrypted phone may not lead to an arrest, but he said investigators should be able to check the device for possible clues.
“All of our avenues have dried up. It just doesn’t seem fair. If this was Tim Cook’s daughter and grandchild that was killed, I’d bet you he’d want to get into that phone,” he said, referring to Apple’s chief executive.
Cook wrote an open letter to customers last week arguing that complying with the court order to access Farook’s phone would amount to creating a “back door to the iPhone” that could be used to open any number of devices and would hurt law-abiding people. “Criminals and bad actors will still encrypt, using tools that are readily available to them,” he wrote.
Fred Sainz, a spokesman for Apple, said the company is “responsive and cooperative and helpful with law enforcement.” The company, he said, provided information in about 80% of the roughly 10,000 requests from law enforcement it received in the past 12 months. The remaining 20%, he said, often involved information that didn’t exist or requests that later were rescinded.
Apple is able to respond to requests for phone data backed up to iCloud servers, which the company can access without creating new software.
Previously, police could scour Apple devices for data by accessing a hardware port, experts say. But Apple changed its encryption practices in September 2014, creating security measures that it did not have the software to defeat. Customers also can enable an “auto-erase feature” on devices that will permanently destroy all access to encrypted data after 10 failed attempts to enter the correct pass code.
Last year, the International Assn. of Chiefs of Police, brought law enforcement, privacy experts and others together to talk about the challenges posed by encryption and other advancing technologies. The result was a 57-page report by the association that stressed the importance of personal privacy, but warned that “going dark” also meant “law enforcement’s ability to protect the public is diminishing.”
Terrence Cunningham, president of the international chiefs group, said he and other IACP members have met with elected officials, including Sen. Dianne Feinstein (D-Calif.), to explain the problem and have spoken with European police agencies about their struggles with encrypted devices well before the FBI’s battle with Apple went public.
Now, law enforcement officials have another concern, Cunningham said: that criminals will purposefully use encrypted devices to communicate, knowing they are beyond the reach of investigators.
“Think about child exploitation cases. If you’ve got somebody who’s a predator, it used to be they operated in the shadows and always feared they were going to be detected,” he said. “Now they operate with impunity. They look to their left, they look to their right and they say, ‘It’s all encrypted. I can iMessage all the other pedophiles that I want.’ ”
Just as information gleaned from encrypted phones could point police toward a suspect, officials said, the same information also could help prevent them from wrongly implicating an innocent person.
“If your phone is your only evidence and your only link to solving that homicide, the frustration is very, very high,” said LAPD Capt. John Romero, who heads the department’s commercial crimes unit.
The issue is intensely frustrating for San Bernardino County Dist. Atty. Michael Ramos, who said he has seen Apple’s objection to the court order agitate both local law enforcement and the families of those killed in the Dec. 2 attacks. Ramos said he understands the privacy concerns but also believes Silicon Valley needs to make exceptions for certain kinds of investigations.
The San Bernardino County Sheriff’s Department recently seized at least 12 devices that it can’t access, according to Ramos, including a cellphone that might prove key to a missing person investigation. The missing man was last seen in January, and his car was found crashed into a tree.
Ramos said police found two significant clues at the scene: a brick shoved on top of the vehicle’s gas pedal and what police believe to be the missing man’s phone. The data on the device, he said, was encrypted.
“You can imagine how important that is,” Ramos said. “It could be of great assistance to the family of this person.”
MORE ON APPLE VS. FBI