Why US Feds and g-men kick up a stink about a growing smartphone encryption trend
It's the inconvenience, stupid
Analysis Over the last few weeks law enforcement officials on both sides of the Atlantic have been kicking up a fuss over Apple and Google deciding to include effective encryption on their smartphones.
On Thursday, the Europol assistant director and head of European Cybercrime Centre issued a warning about the technology, and here in the Land of the Free both the director of the FBI and the US attorney general Eric Holder said that the moves were endangering the lives of abducted children and aiding terrorists.
Others have been even more alarmist. John Escalante, chief of detectives for Chicago's boys and girls in blue actually said "The average paedophile at this point is probably thinking, I've got to get an Apple phone," while Washington's chief of police said it was the "preferred method of the paedophile and the criminal."
There's now talk of Congress getting involved and passing laws that would either outlaw such encryption, and Holder went as far as to suggest that there should be legally mandated backdoors installed in such devices so that law enforcement could take a peek if they deemed it necessary.
To justify all of this intrusion, the standard refrain is to summon up the Four Horsemen of the Infopocalypse: terrorists, child molesters, drug dealers and organised crime. These are stirred up with the traditional Jack Bauer scenario of a ticking time bomb or abducted child just seconds away from being killed.
What's unusual about this PR offensive is that the ability to make encrypted phone calls and smartphone storage is nothing new. Firms like Silent Circle have been doing this for ages and, while that company has had a visit from the FBI, it was only to inquire about volume discounts so g-men could carry them.
The difference now is that the biggest players in mobile operating systems are getting into the game and making this available to everyone. Why are they doing this? Because they recognise that their customers want this level of privacy after NSA whistleblower Edward Snowden let everyone know the extent of our current surveillance state.
FBI director James Comey acknowledged as much in his press conference last month, saying that "the post-Snowden world has started an understandable pendulum swing," adding "what I'm worried about is, this is an indication to us as a country and as a people that, boy, maybe that pendulum swung too far."
But, that's just the problem – the pendulum, from a law enforcement perspective, hasn't moved a jot. Sure, President Obama has proposed a few lacklustre restraints on the ability of the intelligence community but nothing has been enacted as yet and the status quo hasn't changed, so people are taking matters into their own hands.
Companies recognise this and are meeting that demand – that's how capitalism is supposed to work after all. And Apple and Google will fight tooth and nail to make sure that they aren't going to be forced to put backdoors for law enforcement into their products because they have seen the consequences.
One of the side effects of this post-Snowden world is that American companies have seen their sales overseas hit a serious roadblock. Two years ago, John Chambers was expounding on how Cisco was going to see future growth in Asia, not that it had such a strong position in the US. Now sales there are plummeting and the networking giant is not alone in this.
Cloud providers like Google and Microsoft have also seen their overseas sales fall off a cliff. Non-US companies aren't happy about having their data stored in a country where law enforcement has automatic access to it, which is why Microsoft has asked to be held in contempt of court to stop US investigators trawling through its Dublin datacentre.
If moves are made to get police backdoors installed in systems then the tech community is ready to go to court, and privately some are really rather keen to do so, since a trial would expose some hard truths about the government's case.
The fact of the matter is Apple and Google's decision doesn't significantly impact the ability of law enforcement to do its job. As security expert (and police forensics trainer) Jonathan Zdziarski has pointed out, the new systems still allow them to gather almost as much information as they ever could, it just requires them to get a warrant first.
And that's really what all this law enforcement chest beating is about. Conducting an investigation is still perfectly possible. It just means there has to be a judicial process and a paper trail to show responsibility.
Take, for example, the case of a missing child. If the police have a suspect they can arrest them, seize their computer and phone and then analyse them – and provided they have both Apple's iOS 8 encryption won't stand in their way for a lot of data that's needed and there are laws that allow them to do this.
Sure, it might be easier to force the device manufacturer to do it for you, but that's open to abuse and isn't open to public and judicial scrutiny. Law enforcement argues that they are the guardians of us all and need these powers but – post-Snowden – people aren't buying that line anymore and want to take matters into their own hands. ®
- Apple M1
- App stores
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Google AI
- Google Cloud Platform
- Google Nest
- G Suite
- Identity Theft
- Kenna Security
- Let's Encrypt
- NSO Group
- Palo Alto Networks
- Privacy Sandbox
- Samsung Galaxy Ace
- Tavis Ormandy
- Tim Cook
- Trusted Platform Module
- Zero trust