Apple announced that data on their new iPhone operating system would be encrypted by default, and Google quickly followed suit. Privacy advocates cheered while law enforcement groaned. What’s followed has been a full-court press by government officials to try to pressure the tech giants into changing their mind.
What Difference Does Encryption Make?
Without getting technical, encryption means that data is more secure and more difficult to access by third parties. Only the person who has the password can access the information.
The data now being encrypted by default includes the content of text messages and emails as well as the content of communications in third-party applications. Photos, documents, contacts, voicemail, and notes are also protected.
The idea is that now not even Apple or Google can access this information without a password.
So what’s the problem
This presents a conundrum to law enforcement who have, in part, relied on access to this information to track down and convict criminals. The Director of the FBI James Comey recently presented his agency’s view on the new data encryption to the Brookings Institution. And according to him, well, the sky is falling and criminals can now use their phones to aid them in committing crimes with impunity.
“Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem. We call it ‘Going Dark,’ and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority,” Comey said.
He says that the FBI has a fear of missing out, “missing out on predators who exploit the most vulnerable among us, missing out on violent criminals who target our communities, missing out on a terrorist cell using social media to recruit, plan, and execute an attack.”
According to Comey, countless crimes have been solved and prosecuted using data gleaned from smartphones, “but we’re seeing more and more cases where we believe significant evidence is on that phone or a laptop, but we can’t crack the password.” It’s worth noting, though, that throughout the speech there is no real mention of any crimes being prevented by data intrusions, only prosecuted after the fact.
The FBI Wants a Backdoor
Comey’s solution is to bring the entire Internet under the Communications Assistance for Law Enforcement Act (CALEA), a 20-year-old law that required telecommunications and broadband carriers to build interception capabilities into their networks for court-ordered surveillance. (As an aside, the NSA’s PRISM program pretty much does this already, albeit covertly and without a warrant.)
The FBI realized that without cooperation from tech giants they’re effectively locked out for good. “And with sophisticated encryption, there might be no solution, leaving the government at a dead end — all in the name of privacy and network security.”
By bringing all web-based service providers into CALEA the FBI seeks to effectively bypass the encryption altogether. Services like Twitter and Facebook would be required to build a way for law enforcement to access protected data.
Comey Scolds Apple and Google
The FBI also had pointed words for the tech giants. “The notion that the marketplace could create something that would prevent that closet [data on phones] from ever being opened, even with a properly obtained court order, makes no sense to me,” he said.
“Encryption isn’t just a technical feature; it’s a marketing pitch,” he noted.
He ended his prepared remarks with a plea to Apple and Google. “We have to find a way to help these companies understand what we need, why we need it, and how they can help … We need our private sector partners to take a step back, to pause, and to consider changing course.”
The FBI Still Has Access to User Data
The FBI still has tons of access to people’s personal data.
Law enforcement can still compel Apple to turn over user data stored in their iCloud. For people who back up their data, this means most of the information the FBI is afraid of missing out on is still available to them.
Furthermore, the FBI can still compel ISP’s to hand over user data including web history and, in some cases, emails.
Metadata can also still be obtained through court order. Metadata is like a candy wrapper and the candy is user data. In the case of an iPhone, metadata would include things like who a person texted, called, or emailed, but not the content of the messages or conversations. Through the use of triangulation, metadata also includes location which is periodically determined and stored.
In the current landscape, even with data encryption, the FBI could determine:
- Who you called and the duration of the conversation
- Who you’ve texted and emailed but not the content
- Your location at a specific time or over a period of time
- Your web history such as websites visited and search engine queries
- If you back up your iPhone, the content of your emails, documents, contacts and voicemail
But this, according to James Comey, is not enough.
The FBI Is Unlikely to Get its Way
Despite its pleadings, Apple and Google are unlikely to waver.
It’s difficult to put the cat back in the bag from a marketing perspective. If the two tech giants were to step back from default encryption they’d effectively be telling users “your data is now less secure.”
Secondly, tech companies are not currently under the jurisdiction of thee CALEA meaning they are not required to build a backdoor into their systems that would grant access to user data. So even if they are served with a warrant, a company may not have to tools to comply and are not legally required to build them. The resource burden of manpower, time, and money is on the companies themselves to create access and they may be unable or unwilling to spend the resources on compliance.
Finally, and perhaps most importantly, surveillance may not jive with a company’s mission. Companies like Google, who’s motto is “don’t be evil,” or Twitter who sees themselves as a bastion of free speech may not want to comply.
In the wake of the Snowden revelations regarding programs like PRISM, tech giants, like the public, may harbor some distrust towards the idea of government intrusion into privacy.
These disclosures were likely taken into account when Apple and Google decided to add default encryption. And it’s worth noting that these systems were built so that the companies themselves could not access the information. The implications of taking such action were undoubtedly discussed by executives prior to the decision being made.
It seems that the companies have erred on the side of privacy over the concerns of law enforcement. Agencies like the FBI may have to come to accept that corporations are no longer going to play junior detective for their investigations.