With the release of the iPhone 6, Apple built new security features into the iOS8 operating system, measures which law enforcement officials have complained will hinder criminal investigations.
Once a user sets a passcode for a phone using the new operating system, all of the phone’s data – including texts, e-mails, call records, and photos – is encrypted. This means that the phone’s contents are saved in coded form, and anyone accessing them would see only gibberish unless they had the encryption key that unlocks the code.
In a change from previous operating systems, the iOS8 creates a unique encryption key for each device that is partially based on the user’s self-selected passcode. Thus, Apple can no longer break the code and access the user’s data, even if ordered to turn over such information by a court. The director of the F.B.I., James B. Comey, has objected to Apple marketing a product that puts phone data outside the reach of law enforcement, citing concerns about terrorism and kidnapping cases.
The new technology also has implications for lawsuits outside the law enforcement context. A party in a civil lawsuit is typically subject to the discovery process, in which they must turn over to the opposing side all documents and materials that are relevant to the case. This disclosure increasingly includes material such as text messages, call history, and photos or e-mails stored on phones. A court can impose sanctions on a party who deletes or fails to turn over relevant information.
The new iPhone encryption ensures that a litigant who produces a password-protected iPhone to the opposing party in a lawsuit is still able to keep the contents unreadable by refusing to disclose the password. However, the absolute security of encryption may be illusory, because courts routinely order parties to disclose passcodes (in addition to electronic devices, like phones and computers) in order to produce information about cases.
In analogous cases involving data stored on Facebook, courts have often ordered parties to turn over their passwords to uncover relevant posts. For example, a Virginia court in James v. Edwards, 85 Va. Cir. 139 (2012), ordered the plaintiff to turn over his Facebook password to his attorney in order to allow the defendant’s counsel to access to the relevant information. In the context of an employment dispute, a defendant in a Massachusetts case was ordered to disclose his password for encrypted files stored on his former employer’s server. Enargy Power Co. v. Xiaolong Wang, 2013 WL 6234625 (D. Mass. 2013).
And what if a litigant refuses to disclose the password to his or her encrypted iPhone despite a court order? Courts have broad authority to enforce their orders, and sanctions can include monetary penalties and even jail. In the case of Keller v. Keller, 2014 WL 4056926 (Conn. Super. Ct. 2014), a litigant was found in contempt for failing to obey an order to provide working passwords to his iPhone that was being forensically examined as part of the proceedings.
So, despite the enhanced encryption available to users of Apple’s mobile operating system, courts retain their power to compel disclosure as needed, and a litigant who elects to ignore a court order does so at his or her own peril.
is Boston’s innovative litigation boutique. Our lawyers have years of experience at large law firms, working with clients ranging from Fortune 500 companies to start-ups and individuals. We focus on business litigation and labor and employment. We are experienced litigators and counselors, helping our clients as business partners to resolve issues and develop strategies that best meet our clients’ legal and business needs – before, during, and after litigation. We’re ready to roll up our sleeves and help you. Read more about us, the types of matters we handle, and what we can do for you here.