Apple, iOS Security Whitepaper (Sept. 2015) (full-text).
|“||On devices running iOS 8 and later versions, your personal data is placed under the protection of your passcode. For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user's passcode, which Apple does not possess.||”|
The Whitepaper explains that each device has a unique ID (UID) "fused" directly into the hardware during manufacturing. When users set up a device for the first time, they are asked to set up a passcode for unlocking the device. That passcode becomes "entangled" with the device's UID to create the encryption key, of which Apple does not retain a copy. Thus, even if the government produces a valid warrant, Apple has claimed it cannot decrypt the data. Perhaps the biggest change brought about by iOS 8 is that encryption now operates by default, rather than requiring the user to affirmatively turn on encryption.