Apple’s Cybersecurity Lockdown – The Importance of Company Confidential Information and Usage Policies in the World of Apple Products

February 20, 2016

For a company investigating a potential leak of its confidential information, it is alarming what can be found through the forensic discovery process—that is, when the forensics are being performed on anything other than an Apple product. Customer data on Apple products is notoriously well-protected because of the security processes that come standard with almost all Apple products. Recently, the FBI and Apple have locked horns on this front. Ultimately, this dispute brings to light a forensic discovery issue that affects all forensic electronic examiners: absent authorization, Apple products are almost impenetrable.

Historically, Apple began configuring its products with additional encryption software to protect systems like Apple iPay that routinely run on their devices. Apple’s encryptions are just about uncrackable. Even when facing a court order, Apple cannot easily unlock them.

Recently, in conducting its investigation into the 2015 San Bernardino shootings, the FBI hit a wall due to Apple’s security. In response, the FBI asked US Federal Magistrate Sheri Pym to order Apple to assist in unlocking an iPhone belonging to one of the shooters. (The FBI asked Apple to disable the security feature that caps the number of attempts to guess the correct passcode to unlock an iPhone. On all iPhones, once a passcode has been enabled, the device is automatically wiped if the incorrect credentials are entered too many times.) In response, Apple informed the FBI that was impossible, and Judge Pym ordered Apple to make the impossible possible by writing software to assist the FBI. This dispute between the FBI and Apple highlights—albeit on a much larger scale—the rub many litigants experience in attempting to uncover forensic evidence in civil cases. Even the Federal Government hits a wall when attempting to harvest evidence from Apple devices.

For companies attempting to secure their confidential information, the use of Apple devices presents special challenges. By way of example, Apple products are notorious for changing their device ID (the unique number the device registers when it syncs to another device or system), encrypting data so as to make harvesting file path information challenging, and as the FBI is presently experiencing, denying access to the device altogether. In an effort to best protect confidential information, the best solution for companies is a good defense. Electronic device usage and confidential information policies are more important than ever.

At the very least, these policies should expressly state:

• any company information stored on any device remains the property of the company and is subject to the company’s document retention practices;
• any device which contains—or has ever contained—company information is subject to discovery by the company at any time;
• the employee will provide any and all credentials to access any device containing company information to the company; and
• as to any device containing company information, the employee has no expectation of privacy.

As a rule of thumb, these policies are important regardless of the type of device used, but as to Apple products, these policies are critical to help keep confidential information secret. Absent robust information protection policies, correcting leaks of confidential information may present challenges that can—especially in the world of Apple products—be insurmountable.