Since the introduction of first iPhone in 2007, there’s been a battle between Apple and law enforcement regarding the device’s encryption capabilities. Apple and other smartphone producers market security operations like encryption and limited login attempts as key features; however, these functions tend to frustrate investigators who wish to access the evidence stored within, such as phone logs, text messages and location history. The battles have often ended up in court.
However, a recent study by Upturn, a Washington nonprofit, suggests police organizations have employed various tools to tap into phones more frequently than previously perceived. In fact , researchers estimate that hundreds of thousands of smartphones have been searched within the past five years, and at least 2,000 agencies have either purchased GrayKey by Grayshift, an unlocking device; decryption services such as Cellebrite; or other workaround technology.
Upturn also requested policies on the use of encryption-breaking tools and how extracted data is handled from 110 of the largest law enforcement departments across the country. Half of the responding agencies confirmed the existence of a policy, and of those, less than 10 contained substantive restriction protocols.
In an email to The New York Times, Grayshift CEO David Miles stated that its products have helped police “solve crimes faster in many areas, including child abuse, narcotics, human trafficking, sexual assault, homicide and terrorism.”
Still, utilization of encryption-breaking technology is not universal within law enforcement. For one thing, hefty price tags can make such tools prohibitive for smaller police departments — GrayKey costs $18,000 and Cellebrite sells between approximately $9,000 and $18,000 plus licensing fees, per The New York Times. When required, smaller agencies typically elicit help from state and federal crime labs that invested in the tools.
Plus, there’s no guarantee of instant success. The newspaper reports that cracking a six-digit iPhone passcode takes an average of 11 hours, whereas figuring out a 10-digit code averages more than 12 years.
“We may unlock it in a week, we may not unlock it for two years or we may never unlock it,” Manhattan District Attorney Cyrus R. Vance Jr. told Congress last December. “I do not mean to be dramatic, but there are many, many serious cases where we can’t access the device in the time period where it is most important for us.”
For these and other reasons, law enforcement leaders, including the U.S. Department of Justice, continue to press smartphone producers to engineer a backdoor solution strictly for police investigative purposes. A bill requiring such designs currently sits in the Senate Judiciary Committee.