Last week we discussed how with iOS 8, Apple has started encrypting the contents of iPhones and iPads, and how Google plans to follow suit by implementing encryption by default in its upcoming Android L release. We also noted that the cops were not happy about this, especially as both companies are / will leave the encryption keys in the hands of users – meaning that even if served with a legally binding warrant, they will be unable to decrypt the contents of an encrypted device.
Well, it now seems that as far as law enforcement services are concerned, the human waste has hit the fan and the end of the world is nigh. U.S. Attorney General Eric Holder, no less, heavily criticized the new encryption measures, saying at a conference on child sexual abuse that,
‘It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy. When a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children. It is worrisome to see companies thwarting our ability to do so.’
Holder added (without referring to any companies specifically) that,
‘What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law.’
Holder said that he would like companies to include a backdoor so law enforcement agencies could defeat encryption, urging technology firms ‘to work with us to ensure that law enforcement retains the ability, with court-authorization, to lawfully obtain information in the course of an investigation, such as catching kidnappers and sexual predators.’
These comments from a very high ranking member of the President Barack Obama administration echo those of director of the FBI James Comey, who last week said,
‘What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law,’ adding that the bureau has reached out to Apple and Google ‘to understand what they’re thinking and why they think it makes sense.’
Ooookay… so let’s get a few things straight:
- The ‘think of the children’ argument (along with ‘beware the terrorists’) is wearing pretty thin. Whenever governments want to strengthen the powers of the state and reduce the freedoms of its citizens, these twin boogiemen are rolled out. ‘What, you oppose the right of the police to enter your house and rummage through your belongings whenever it takes their fancy? Well, you must a kiddie-fiddling terrorist with something to hide then!’ While there are horrible people out there, traditional police investigation methods and powers are sufficient to track them down, and we cannot let scare tactics over a very small minority of wrongdoers allow the government to take away our most basic human rights.
- In the US (and most other law abiding countries) the police can still go to a judge and ask for a search warrant – it just needs to be served against the owner of the device, rather than to the tech company who made it / made the OS. Failure to comply is likely to result in contempt of court charges
- Apple and Google are not committing any crimes, and neither they siding with criminals. All they are doing is providing tools for their users, whose choice to use to protect their own data. Apple and Google do not own the data, and it is not up them to decrypt it.
- Weakening encryption (for example by adding in a backdoor that the feds can access) invariably also weakens it against exploitation by criminals, and makes the entire a web a less safe place
- US tech companies have been hemorrhaging $billions since the Edward Snowden revelations destroyed public trust in them. This move is necessary to shore up public confidence, and is vital to the US economy
Other points to note include:
- Although Apple says that it does not have access to users’ private encryption keys, iOS is proprietary code so we have no means of verifying this. The Edward Snowden’s of this world should probably not, therefore, trust their lives to Apple’s encryption. Google is much more open source, but how this applies to its encryption technology we don’t know
- The Android market suffers heavily from fragmentation, so only a small number of Android users will initially benefit from Android L’s default encryption (although users of Gingerbread 2.3.4+ can opt to turn it on if they so wish)
- Even if their phones are encrypted, most users keep vast amounts of data unencrypted or where law enforcement agencies can otherwise get hold of it. e.g. most iPhone users back up their data to Apple’s iCloud service, where it can be readily decrypted by Apple and handed over to the authorities. Encrypting phones is unlikely to be a major blow to police investigations.
The long and the short of it is that by encrypting users’ phones (and leaving users with the keys), Apple and Google are putting responsibility for users’ data in the hand of the data’s owners. Although they have done this primarily for self-interested commercial reasons, the result will be a more secure world, where the government and police will need a court order served to the individual under investigation before they can access data. For ordinary people, this can only be a good thing.